summaryrefslogtreecommitdiff
path: root/src/openssl/x509vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openssl/x509vfy.c')
-rw-r--r--src/openssl/x509vfy.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index 155e1ab5..f828afb2 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -291,7 +291,14 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) {
X509_STORE_CTX xsc;
- X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2);
+ if(!X509_STORE_CTX_init(&xsc, ctx->xst, cert, certs2)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_CTX_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
if(keyInfoCtx->certsVerificationTime > 0) {
X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime);
}
@@ -741,7 +748,15 @@ xmlSecOpenSSLX509VerifyCRL(X509_STORE* xst, X509_CRL *crl ) {
xmlSecAssert2(xst != NULL, -1);
xmlSecAssert2(crl != NULL, -1);
- X509_STORE_CTX_init(&xsc, xst, NULL, NULL);
+ ret = X509_STORE_CTX_init(&xsc, xst, NULL, NULL);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_STORE_CTX_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
ret = X509_STORE_get_by_subject(&xsc, X509_LU_X509,
X509_CRL_get_issuer(crl), &xobj);
if(ret <= 0) {