diff options
Diffstat (limited to 'src/openssl')
-rw-r--r-- | src/openssl/digests.c | 4 | ||||
-rw-r--r-- | src/openssl/x509vfy.c | 5 |
2 files changed, 7 insertions, 2 deletions
diff --git a/src/openssl/digests.c b/src/openssl/digests.c index 537a7399..d27cf8d5 100644 --- a/src/openssl/digests.c +++ b/src/openssl/digests.c @@ -272,14 +272,14 @@ xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform, xmlSecInvalidSizeError("Digest", dataSize, ctx->dgstSize, xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; - return(0); + return -1; } if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) { xmlSecInvalidDataError("data and digest do not match", xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; - return(0); + return -1; } transform->status = xmlSecTransformStatusOk; diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c index 2e54f136..a6200773 100644 --- a/src/openssl/x509vfy.c +++ b/src/openssl/x509vfy.c @@ -331,6 +331,11 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* err = X509_STORE_CTX_get_error(xsc); X509_STORE_CTX_cleanup (xsc); + if(ret != 1 && keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN){ + ret = 1; + keyInfoCtx->flags2 |= XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN; + } + if(ret == 1) { res = cert; |