summaryrefslogtreecommitdiff
path: root/src/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/openssl')
-rw-r--r--src/openssl/digests.c4
-rw-r--r--src/openssl/x509vfy.c5
2 files changed, 7 insertions, 2 deletions
diff --git a/src/openssl/digests.c b/src/openssl/digests.c
index 537a7399..d27cf8d5 100644
--- a/src/openssl/digests.c
+++ b/src/openssl/digests.c
@@ -272,14 +272,14 @@ xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform,
xmlSecInvalidSizeError("Digest", dataSize, ctx->dgstSize,
xmlSecTransformGetName(transform));
transform->status = xmlSecTransformStatusFail;
- return(0);
+ return -1;
}
if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
xmlSecInvalidDataError("data and digest do not match",
xmlSecTransformGetName(transform));
transform->status = xmlSecTransformStatusFail;
- return(0);
+ return -1;
}
transform->status = xmlSecTransformStatusOk;
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index 2e54f136..a6200773 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -331,6 +331,11 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
err = X509_STORE_CTX_get_error(xsc);
X509_STORE_CTX_cleanup (xsc);
+ if(ret != 1 && keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN){
+ ret = 1;
+ keyInfoCtx->flags2 |= XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN;
+ }
+
if(ret == 1) {
res = cert;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-13 14:00:25 +0000