In tls_ctx_use_external_private_key, the return codes were inverted
compared to what is documented in ssl_backend.h (and what can
reasonably be expected). Internally the return code is never checked,
so this did not directly result in any change of behavior.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180228135240.22945-1-joost@joostrijneveld.nl>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 6bee1a1fc01f3d3ddf114b48e52e5b10d57033cb)
... | ... |
@@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
630 | 630 |
|
631 | 631 |
if (ctx->crt_chain == NULL) |
632 | 632 |
{ |
633 |
- return 0; |
|
633 |
+ return 1; |
|
634 | 634 |
} |
635 | 635 |
|
636 | 636 |
ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context); |
... | ... |
@@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
640 | 640 |
if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key, |
641 | 641 |
NULL, external_pkcs1_sign, external_key_len))) |
642 | 642 |
{ |
643 |
- return 0; |
|
643 |
+ return 1; |
|
644 | 644 |
} |
645 | 645 |
|
646 |
- return 1; |
|
646 |
+ return 0; |
|
647 | 647 |
} |
648 | 648 |
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
649 | 649 |
|
... | ... |
@@ -1168,7 +1168,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
1168 | 1168 |
|
1169 | 1169 |
X509_free(cert); |
1170 | 1170 |
RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */ |
1171 |
- return 1; |
|
1171 |
+ return 0; |
|
1172 | 1172 |
|
1173 | 1173 |
err: |
1174 | 1174 |
if (cert) |
... | ... |
@@ -1187,7 +1187,7 @@ err: |
1187 | 1187 |
} |
1188 | 1188 |
} |
1189 | 1189 |
crypto_msg(M_FATAL, "Cannot enable SSL external private key capability"); |
1190 |
- return 0; |
|
1190 |
+ return 1; |
|
1191 | 1191 |
} |
1192 | 1192 |
|
1193 | 1193 |
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |