diff options
| author | Mark Phalan <Mark.Phalan@Sun.COM> | 2010-01-06 16:06:39 +0100 |
|---|---|---|
| committer | Mark Phalan <Mark.Phalan@Sun.COM> | 2010-01-06 16:06:39 +0100 |
| commit | 7801e5e8b5bc4af34929c54a02cfb78398da08dd (patch) | |
| tree | ef54c6678c4f17b804403259b6709a0f86362cd3 /usr/src/lib/krb5/plugins | |
| parent | dc25fd745d311a1cf9d98d7b7897caa0877adff0 (diff) | |
| download | illumos-joyent-7801e5e8b5bc4af34929c54a02cfb78398da08dd.tar.gz | |
6791543 incorrect use of X509_verify_cert() in pkinit
Diffstat (limited to 'usr/src/lib/krb5/plugins')
| -rw-r--r-- | usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 25bd44acc3..04df6d3c5a 100644 --- a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -29,7 +29,7 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -888,7 +888,8 @@ cms_signeddata_create(krb5_context context, X509_STORE_CTX_init(&certctx, certstore, cert, id_cryptoctx->intermediateCAs); X509_STORE_CTX_trusted_stack(&certctx, id_cryptoctx->trustedCAs); - if (!X509_verify_cert(&certctx)) { + /* Solaris Kerberos */ + if (X509_verify_cert(&certctx) <= 0) { pkiDebug("failed to create a certificate chain: %s\n", X509_verify_cert_error_string(X509_STORE_CTX_get_error(&certctx))); if (!sk_X509_num(id_cryptoctx->trustedCAs)) |