mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 16:03:42 +08:00
Comment and indentation
This commit is contained in:
parent
b847024026
commit
78f3a2aad7
@ -99,10 +99,10 @@ static int tr_cmp(const X509_TRUST * const *a,
|
||||
|
||||
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
|
||||
{
|
||||
int (*oldtrust)(int , X509 *, int);
|
||||
oldtrust = default_trust;
|
||||
default_trust = trust;
|
||||
return oldtrust;
|
||||
int (*oldtrust)(int , X509 *, int);
|
||||
oldtrust = default_trust;
|
||||
default_trust = trust;
|
||||
return oldtrust;
|
||||
}
|
||||
|
||||
|
||||
|
@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx)
|
||||
if (!ok) goto end;
|
||||
}
|
||||
if (X509_verify(xs,pkey) <= 0)
|
||||
/* XXX For the final trusted self-signed cert,
|
||||
* this is a waste of time. That check should
|
||||
* optional so that e.g. 'openssl x509' can be
|
||||
* used to detect invalid self-signatures, but
|
||||
* we don't verify again and again in SSL
|
||||
* handshakes and the like once the cert has
|
||||
* been declared trusted. */
|
||||
{
|
||||
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
|
||||
ctx->current_cert=xs;
|
||||
|
Loading…
Reference in New Issue
Block a user