diff options
Diffstat (limited to 'libopkg/opkg_pathfinder.c')
-rw-r--r-- | libopkg/opkg_pathfinder.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/libopkg/opkg_pathfinder.c b/libopkg/opkg_pathfinder.c index 793c3a4..01912eb 100644 --- a/libopkg/opkg_pathfinder.c +++ b/libopkg/opkg_pathfinder.c @@ -20,13 +20,14 @@ #include <openssl/ssl.h> #include <libpathfinder.h> -#include "includes.h" -#include "opkg_message.h" #if defined(HAVE_SSLCURL) #include <curl/curl.h> #endif +#include "includes.h" +#include "opkg_message.h" + #if defined(HAVE_SSLCURL) || defined(HAVE_OPENSSL) /* * This callback is called instead of X509_verify_cert to perform path @@ -66,12 +67,11 @@ static int pathfinder_verify_callback(X509_STORE_CTX *ctx, void *arg) } #endif - #if defined(HAVE_OPENSSL) int pkcs7_pathfinder_verify_signers(PKCS7* p7) { STACK_OF(X509) *signers; - int i; + int i, ret = 1; /* signers are verified by default */ signers = PKCS7_get0_signers(p7, NULL, 0); @@ -80,11 +80,15 @@ int pkcs7_pathfinder_verify_signers(PKCS7* p7) .cert = sk_X509_value(signers, i), }; - if(!pathfinder_verify_callback(&ctx, NULL)) - return 0; + if(!pathfinder_verify_callback(&ctx, NULL)){ + /* Signer isn't verified ! goto jail; */ + ret = 0; + break; + } } - return 1; + sk_X509_free(signers); + return ret; } #endif |