989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
127 lines
4.1 KiB
Diff
127 lines
4.1 KiB
Diff
Index: crypto/openssl/apps/speed.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/speed.c (revision 186750)
|
|
+++ crypto/openssl/apps/speed.c (working copy)
|
|
@@ -1486,7 +1486,7 @@
|
|
{
|
|
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
|
|
rsa_num, rsa_key[j]);
|
|
- if (ret == 0)
|
|
+ if (ret <= 0)
|
|
{
|
|
BIO_printf(bio_err,
|
|
"RSA verify failure\n");
|
|
Index: crypto/openssl/apps/verify.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/verify.c (revision 186750)
|
|
+++ crypto/openssl/apps/verify.c (working copy)
|
|
@@ -275,7 +275,7 @@
|
|
|
|
ret=0;
|
|
end:
|
|
- if (i)
|
|
+ if (i > 0)
|
|
{
|
|
fprintf(stdout,"OK\n");
|
|
ret=1;
|
|
@@ -365,4 +365,3 @@
|
|
ERR_clear_error();
|
|
return(ok);
|
|
}
|
|
-
|
|
Index: crypto/openssl/apps/x509.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/x509.c (revision 186750)
|
|
+++ crypto/openssl/apps/x509.c (working copy)
|
|
@@ -1113,7 +1113,7 @@
|
|
/* NOTE: this certificate can/should be self signed, unless it was
|
|
* a certificate request in which case it is not. */
|
|
X509_STORE_CTX_set_cert(&xsc,x);
|
|
- if (!reqfile && !X509_verify_cert(&xsc))
|
|
+ if (!reqfile && X509_verify_cert(&xsc) <= 0)
|
|
goto end;
|
|
|
|
if (!X509_check_private_key(xca,pkey))
|
|
Index: crypto/openssl/apps/spkac.c
|
|
===================================================================
|
|
--- crypto/openssl/apps/spkac.c (revision 186750)
|
|
+++ crypto/openssl/apps/spkac.c (working copy)
|
|
@@ -284,7 +284,7 @@
|
|
pkey = NETSCAPE_SPKI_get_pubkey(spki);
|
|
if(verify) {
|
|
i = NETSCAPE_SPKI_verify(spki, pkey);
|
|
- if(i) BIO_printf(bio_err, "Signature OK\n");
|
|
+ if (i > 0) BIO_printf(bio_err, "Signature OK\n");
|
|
else {
|
|
BIO_printf(bio_err, "Signature Failure\n");
|
|
ERR_print_errors(bio_err);
|
|
Index: crypto/openssl/ssl/s2_srvr.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s2_srvr.c (revision 186750)
|
|
+++ crypto/openssl/ssl/s2_srvr.c (working copy)
|
|
@@ -1070,7 +1070,7 @@
|
|
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
|
|
- if (i) /* we like the packet, now check the chksum */
|
|
+ if (i > 0) /* we like the packet, now check the chksum */
|
|
{
|
|
EVP_MD_CTX ctx;
|
|
EVP_PKEY *pkey=NULL;
|
|
@@ -1099,7 +1099,7 @@
|
|
EVP_PKEY_free(pkey);
|
|
EVP_MD_CTX_cleanup(&ctx);
|
|
|
|
- if (i)
|
|
+ if (i > 0)
|
|
{
|
|
if (s->session->peer != NULL)
|
|
X509_free(s->session->peer);
|
|
Index: crypto/openssl/ssl/s3_clnt.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s3_clnt.c (revision 186750)
|
|
+++ crypto/openssl/ssl/s3_clnt.c (working copy)
|
|
@@ -833,7 +833,7 @@
|
|
}
|
|
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
|
|
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
|
|
#ifndef OPENSSL_NO_KRB5
|
|
&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
|
|
!= (SSL_aKRB5|SSL_kKRB5)
|
|
@@ -1206,7 +1206,7 @@
|
|
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
|
|
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
|
|
EVP_VerifyUpdate(&md_ctx,param,param_len);
|
|
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
|
|
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
|
|
{
|
|
/* bad signature */
|
|
al=SSL_AD_DECRYPT_ERROR;
|
|
Index: crypto/openssl/ssl/s3_srvr.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s3_srvr.c (revision 186750)
|
|
+++ crypto/openssl/ssl/s3_srvr.c (working copy)
|
|
@@ -2015,7 +2015,7 @@
|
|
else
|
|
{
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
- if (!i)
|
|
+ if (i <= 0)
|
|
{
|
|
al=ssl_verify_alarm_type(s->verify_result);
|
|
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
|
|
Index: crypto/openssl/ssl/s2_clnt.c
|
|
===================================================================
|
|
--- crypto/openssl/ssl/s2_clnt.c (revision 186750)
|
|
+++ crypto/openssl/ssl/s2_clnt.c (working copy)
|
|
@@ -1062,7 +1062,7 @@
|
|
|
|
i=ssl_verify_cert_chain(s,sk);
|
|
|
|
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
|
|
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
|
|
{
|
|
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
|
|
goto err;
|