Browse code
Make return code external tls key match docs
In tls_ctx_use_external_private_key, the return codes were inverted
compared to what is documented in ssl_backend.h (and what can
reasonably be expected). Internally the return code is never checked,
so this did not directly result in any change of behavior.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180228135240.22945-1-joost@joostrijneveld.nl>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Joost Rijneveld authored on 2018/02/28 22:52:40Showing 2 changed files
| ... | ... |
@@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
| 630 | 630 |
|
| 631 | 631 |
if (ctx->crt_chain == NULL) |
| 632 | 632 |
{
|
| 633 |
- return 0; |
|
| 633 |
+ return 1; |
|
| 634 | 634 |
} |
| 635 | 635 |
|
| 636 | 636 |
ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context); |
| ... | ... |
@@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
| 640 | 640 |
if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key, |
| 641 | 641 |
NULL, external_pkcs1_sign, external_key_len))) |
| 642 | 642 |
{
|
| 643 |
- return 0; |
|
| 643 |
+ return 1; |
|
| 644 | 644 |
} |
| 645 | 645 |
|
| 646 |
- return 1; |
|
| 646 |
+ return 0; |
|
| 647 | 647 |
} |
| 648 | 648 |
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
| 649 | 649 |
|
| ... | ... |
@@ -1327,11 +1327,11 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
| 1327 | 1327 |
goto err; |
| 1328 | 1328 |
} |
| 1329 | 1329 |
#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ |
| 1330 |
- return 1; |
|
| 1330 |
+ return 0; |
|
| 1331 | 1331 |
|
| 1332 | 1332 |
err: |
| 1333 | 1333 |
crypto_msg(M_FATAL, "Cannot enable SSL external private key capability"); |
| 1334 |
- return 0; |
|
| 1334 |
+ return 1; |
|
| 1335 | 1335 |
} |
| 1336 | 1336 |
|
| 1337 | 1337 |
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |