Skip to content

Commit

Permalink
crypto: return CHECK_OK in VerifyCallback
Browse files Browse the repository at this point in the history
VerifyCallback returns 1 in two locations but CHECK_CERT_REVOKED in a
third return statment. This commit suggests that CHECK_OK is used
instead of 1. CHECK_OK is also used as the return value in
CheckWhitelistedServerCert so it seems to be consitent change to make.

PR-URL: #13241
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
danbev authored and MylesBorins committed Jul 17, 2017
1 parent a7b51af commit 3b44e5e
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2867,14 +2867,14 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
// Failure on verification of the cert is handled in
// Connection::VerifyError.
if (preverify_ok == 0 || X509_STORE_CTX_get_error(ctx) != X509_V_OK)
return 1;
return CHECK_OK;

// Server does not need to check the whitelist.
SSL* ssl = static_cast<SSL*>(
X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));

if (SSL_is_server(ssl))
return 1;
return CHECK_OK;

// Client needs to check if the server cert is listed in the
// whitelist when it is issued by the specific rootCAs.
Expand Down

0 comments on commit 3b44e5e

Please sign in to comment.