Only use the new informational verify codes if we specifically ask for them. Fix typo in docs.

dbba890c · Dr. Stephen Henson · 3f8b90c3 · dbba890c · dbba890c · dbba890c
隐藏空白更改
内联并排

Showing with 19 addition and 11 deletion

CHANGES CHANGES +8 -0

NEWS NEWS +1 -0

crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +9 -10

doc/apps/smime.pod doc/apps/smime.pod +1 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
     a general "ANY" type, as such it should be able to decode anything
     including tagged types. However it didn't check the class so it would

--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@
      o MD4 now included.
      o Bugfix for SSL rollback padding check.
      o Support for external crypto device[1].
+      o Enhanced EVP interafce.

    [1] The support for external crypto devices is currently a separate
        distribution.  See the file README.ENGINE.

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 	ret = X509_check_issued(issuer, x);
 	if (ret == X509_V_OK)
 		return 1;
-	else
-		{
-		ctx->error = ret;
-		ctx->current_cert = x;
-		ctx->current_issuer = issuer;
-		if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
-			return ctx->verify_cb(0, ctx);
-		else
-			return 0;
-		}
+	/* If we haven't asked for issuer errors don't set ctx */
+	if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+		return 0;
+
+	ctx->error = ret;
+	ctx->current_cert = x;
+	ctx->current_issuer = issuer;
+	if (ctx->verify_cb)
+		return ctx->verify_cb(0, ctx);
 	return 0;
 }


--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -325,7 +325,7 @@ Send encrypted mail using triple DES:
 Sign and encrypt mail:

 openssl smime -sign -in ml.txt -signer my.pem -text \
-	| openssl -encrypt -out mail.msg \
+	| openssl smime -encrypt -out mail.msg \
 	-from steve@openssl.org -to someone@somewhere \
 	-subject "Signed and Encrypted message" -des3 user.pem