In tls_ctx_use_external_private_key, the return codes were inverted
compared to what is documented in ssl_backend.h (and what can
reasonably be expected). Internally the return code is never checked,
so this did not directly result in any change of behavior.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180228135240.22945-1-joost@joostrijneveld.nl>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
630 | 630 |
|
631 | 631 |
if (ctx->crt_chain == NULL) |
632 | 632 |
{ |
633 |
- return 0; |
|
633 |
+ return 1; |
|
634 | 634 |
} |
635 | 635 |
|
636 | 636 |
ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context); |
... | ... |
@@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
640 | 640 |
if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key, |
641 | 641 |
NULL, external_pkcs1_sign, external_key_len))) |
642 | 642 |
{ |
643 |
- return 0; |
|
643 |
+ return 1; |
|
644 | 644 |
} |
645 | 645 |
|
646 |
- return 1; |
|
646 |
+ return 0; |
|
647 | 647 |
} |
648 | 648 |
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
649 | 649 |
|
... | ... |
@@ -1327,11 +1327,11 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
1327 | 1327 |
goto err; |
1328 | 1328 |
} |
1329 | 1329 |
#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ |
1330 |
- return 1; |
|
1330 |
+ return 0; |
|
1331 | 1331 |
|
1332 | 1332 |
err: |
1333 | 1333 |
crypto_msg(M_FATAL, "Cannot enable SSL external private key capability"); |
1334 |
- return 0; |
|
1334 |
+ return 1; |
|
1335 | 1335 |
} |
1336 | 1336 |
|
1337 | 1337 |
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |