1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: return CHECK_OK in VerifyCallback

Browse Source 
VerifyCallback returns 1 in two locations but CHECK_CERT_REVOKED in a
third return statment. This commit suggests that CHECK_OK is used
instead of 1. CHECK_OK is also used as the return value in
CheckWhitelistedServerCert so it seems to be consitent change to make.

PR-URL: https://github.com/nodejs/node/pull/13241
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit is contained in:
Daniel Bevenius 2017-05-26 15:03:37 +02:00
parent f00475d9d6
commit b3fa3fc12e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/node_crypto.cc
View File

@ -2881,14 +2881,14 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
// Failure on verification of the cert is handled in // Failure on verification of the cert is handled in
// Connection::VerifyError. // Connection::VerifyError.
if (preverify_ok == 0 || X509_STORE_CTX_get_error(ctx) != X509_V_OK) if (preverify_ok == 0 || X509_STORE_CTX_get_error(ctx) != X509_V_OK)
return 1; return CHECK_OK;
// Server does not need to check the whitelist. // Server does not need to check the whitelist.
SSL* ssl = static_cast<SSL*>( SSL* ssl = static_cast<SSL*>(
X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
if (SSL_is_server(ssl)) if (SSL_is_server(ssl))
return 1; return CHECK_OK;
// Client needs to check if the server cert is listed in the // Client needs to check if the server cert is listed in the
// whitelist when it is issued by the specific rootCAs. // whitelist when it is issued by the specific rootCAs.