989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
149 lines
4.8 KiB
Diff
149 lines
4.8 KiB
Diff
Index: crypto/openssl/apps/speed.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/speed.c (revision 186740)
|
|
+++ crypto/openssl/apps/speed.c (working copy)
|
|
@@ -2038,7 +2038,7 @@
|
|
{
|
|
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
|
|
rsa_num, rsa_key[j]);
|
|
- if (ret == 0)
|
|
+ if (ret <= 0)
|
|
{
|
|
BIO_printf(bio_err,
|
|
"RSA verify failure\n");
|
|
Index: crypto/openssl/apps/verify.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/verify.c (revision 186740)
|
|
+++ crypto/openssl/apps/verify.c (working copy)
|
|
@@ -266,7 +266,7 @@
|
|
|
|
ret=0;
|
|
end:
|
|
- if (i)
|
|
+ if (i > 0)
|
|
{
|
|
fprintf(stdout,"OK\n");
|
|
ret=1;
|
|
@@ -367,4 +367,3 @@
|
|
ERR_clear_error();
|
|
return(ok);
|
|
}
|
|
-
|
|
Index: crypto/openssl/apps/x509.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/x509.c (revision 186740)
|
|
+++ crypto/openssl/apps/x509.c (working copy)
|
|
@@ -1144,7 +1144,7 @@
|
|
/* NOTE: this certificate can/should be self signed, unless it was
|
|
* a certificate request in which case it is not. */
|
|
X509_STORE_CTX_set_cert(&xsc,x);
|
|
- if (!reqfile && !X509_verify_cert(&xsc))
|
|
+ if (!reqfile && X509_verify_cert(&xsc) <= 0)
|
|
goto end;
|
|
|
|
if (!X509_check_private_key(xca,pkey))
|
|
Index: crypto/openssl/apps/spkac.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/spkac.c (revision 186740)
|
|
+++ crypto/openssl/apps/spkac.c (working copy)
|
|
@@ -285,7 +285,7 @@
|
|
pkey = NETSCAPE_SPKI_get_pubkey(spki);
|
|
if(verify) {
|
|
i = NETSCAPE_SPKI_verify(spki, pkey);
|
|
- if(i) BIO_printf(bio_err, "Signature OK\n");
|
|
+ if (i > 0) BIO_printf(bio_err, "Signature OK\n");
|
|
else {
|
|
BIO_printf(bio_err, "Signature Failure\n");
|
|
ERR_print_errors(bio_err);
|
|
Index: crypto/openssl/ssl/s2_srvr.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s2_srvr.c (revision 186740)
|
|
+++ crypto/openssl/ssl/s2_srvr.c (working copy)
|
|
@@ -1054,7 +1054,7 @@
|
|
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
|
|
- if (i) /* we like the packet, now check the chksum */
|
|
+ if (i > 0) /* we like the packet, now check the chksum */
|
|
{
|
|
EVP_MD_CTX ctx;
|
|
EVP_PKEY *pkey=NULL;
|
|
@@ -1083,7 +1083,7 @@
|
|
EVP_PKEY_free(pkey);
|
|
EVP_MD_CTX_cleanup(&ctx);
|
|
|
|
- if (i)
|
|
+ if (i > 0)
|
|
{
|
|
if (s->session->peer != NULL)
|
|
X509_free(s->session->peer);
|
|
Index: crypto/openssl/ssl/s3_clnt.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s3_clnt.c (revision 186740)
|
|
+++ crypto/openssl/ssl/s3_clnt.c (working copy)
|
|
@@ -883,7 +883,7 @@
|
|
}
|
|
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
|
|
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
|
|
#ifndef OPENSSL_NO_KRB5
|
|
&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
|
|
!= (SSL_aKRB5|SSL_kKRB5)
|
|
@@ -1368,7 +1368,7 @@
|
|
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
|
|
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
|
|
EVP_VerifyUpdate(&md_ctx,param,param_len);
|
|
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
|
|
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
|
|
{
|
|
/* bad signature */
|
|
al=SSL_AD_DECRYPT_ERROR;
|
|
@@ -1386,7 +1386,7 @@
|
|
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
|
|
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
|
|
EVP_VerifyUpdate(&md_ctx,param,param_len);
|
|
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
|
|
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
|
|
{
|
|
/* bad signature */
|
|
al=SSL_AD_DECRYPT_ERROR;
|
|
Index: crypto/openssl/ssl/s3_srvr.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s3_srvr.c (revision 186740)
|
|
+++ crypto/openssl/ssl/s3_srvr.c (working copy)
|
|
@@ -2481,7 +2481,7 @@
|
|
else
|
|
{
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
- if (!i)
|
|
+ if (i <= 0)
|
|
{
|
|
al=ssl_verify_alarm_type(s->verify_result);
|
|
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
|
|
Index: crypto/openssl/ssl/ssltest.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/ssltest.c (revision 186740)
|
|
+++ crypto/openssl/ssl/ssltest.c (working copy)
|
|
@@ -2072,7 +2072,7 @@
|
|
|
|
if (cb_arg->proxy_auth)
|
|
{
|
|
- if (ok)
|
|
+ if (ok > 0)
|
|
{
|
|
const char *cond_end = NULL;
|
|
|
|
Index: crypto/openssl/ssl/s2_clnt.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s2_clnt.c (revision 186740)
|
|
+++ crypto/openssl/ssl/s2_clnt.c (working copy)
|
|
@@ -1044,7 +1044,7 @@
|
|
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
|
|
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
|
|
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
|
|
{
|
|
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
|
|
goto err;
|