@@ -306,14 +306,14 @@ print_nsCertType (int type)

  * @param subject the peer's extracted subject name

  * @param subject the peer's extracted common name

  */

-static int

+static result_t

 verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,

     const char *subject, const char *common_name)

 {

   /* verify certificate nsCertType */

   if (opt->ns_cert_type != NS_CERT_CHECK_NONE)

     {

-      if (x509_verify_ns_cert_type (peer_cert, opt->ns_cert_type))

+      if (SUCCESS == x509_verify_ns_cert_type (peer_cert, opt->ns_cert_type))

 	{

 	  msg (D_HANDSHAKE, "VERIFY OK: nsCertType=%s",

 	       print_nsCertType (opt->ns_cert_type));

@@ -322,7 +322,7 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,

 	{

 	  msg (D_HANDSHAKE, "VERIFY nsCertType ERROR: %s, require nsCertType=%s",

 	       subject, print_nsCertType (opt->ns_cert_type));

-	  return 1;		/* Reject connection */

+	  return FAILURE;		/* Reject connection */

 	}

     }

@@ -331,28 +331,28 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,

   /* verify certificate ku */

   if (opt->remote_cert_ku[0] != 0)

     {

-      if (x509_verify_cert_ku (peer_cert, opt->remote_cert_ku, MAX_PARMS))

+      if (SUCCESS == x509_verify_cert_ku (peer_cert, opt->remote_cert_ku, MAX_PARMS))

 	{

 	  msg (D_HANDSHAKE, "VERIFY KU OK");

 	}

         else

         {

 	  msg (D_HANDSHAKE, "VERIFY KU ERROR");

-          return 1;		/* Reject connection */

+          return FAILURE;		/* Reject connection */

 	}

     }

   /* verify certificate eku */

   if (opt->remote_cert_eku != NULL)

     {

-      if (x509_verify_cert_eku (peer_cert, opt->remote_cert_eku))

+      if (SUCCESS == x509_verify_cert_eku (peer_cert, opt->remote_cert_eku))

         {

 	  msg (D_HANDSHAKE, "VERIFY EKU OK");

 	}

       else

 	{

 	  msg (D_HANDSHAKE, "VERIFY EKU ERROR");

-          return 1;		/* Reject connection */

+          return FAILURE;		/* Reject connection */

 	}

     }

@@ -368,11 +368,11 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,

 	{

 	  msg (D_HANDSHAKE, "VERIFY X509NAME ERROR: %s, must be %s",

 	       subject, opt->verify_x509name);

-	  return 1;		/* Reject connection */

+	  return FAILURE;		/* Reject connection */

 	}

     }

-  return 0;

+  return SUCCESS;

 }

 /*

@@ -434,7 +434,7 @@ verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth,

 /*

  * call --tls-verify plug-in(s)

  */

-static int

+static result_t

 verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es,

     int cert_depth, x509_cert_t *cert, char *subject)

 {

@@ -458,10 +458,10 @@ verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es,

 	{

 	  msg (D_HANDSHAKE, "VERIFY PLUGIN ERROR: depth=%d, %s",

 	      cert_depth, subject);

-	  return 1;		/* Reject connection */

+	  return FAILURE;		/* Reject connection */

 	}

     }

-  return 0;

+  return SUCCESS;

 }

 static const char *

@@ -484,7 +484,7 @@ verify_cert_export_cert(x509_cert_t *peercert, const char *tmp_dir, struct gc_ar

       return NULL;

     }

-  if (x509_write_pem(peercert_file, peercert))

+  if (SUCCESS != x509_write_pem(peercert_file, peercert))

       msg (M_ERR, "Error writing PEM file containing certificate");

   fclose(peercert_file);

@@ -495,7 +495,7 @@ verify_cert_export_cert(x509_cert_t *peercert, const char *tmp_dir, struct gc_ar

 /*

  * run --tls-verify script

  */

-static int

+static result_t

 verify_cert_call_command(const char *verify_command, struct env_set *es,

     int cert_depth, x509_cert_t *cert, char *subject, const char *verify_export_cert)

 {

@@ -532,18 +532,18 @@ verify_cert_call_command(const char *verify_command, struct env_set *es,

     {

       msg (D_HANDSHAKE, "VERIFY SCRIPT OK: depth=%d, %s",

 	   cert_depth, subject);

-      return 0;

+      return SUCCESS;

     }

   msg (D_HANDSHAKE, "VERIFY SCRIPT ERROR: depth=%d, %s",

        cert_depth, subject);

-  return 1;		/* Reject connection */

+  return FAILURE;		/* Reject connection */

 }

 /*

  * check peer cert against CRL directory

  */

-static bool

+static result_t

 verify_check_crl_dir(const char *crl_dir, x509_cert_t *cert)

 {

   char fn[256];

@@ -554,7 +554,7 @@ verify_check_crl_dir(const char *crl_dir, x509_cert_t *cert)

     {

       msg (D_HANDSHAKE, "VERIFY CRL: filename overflow");

       x509_free_serial(serial);

-      return true;

+      return FAILURE;

     }

   fd = open (fn, O_RDONLY);

   if (fd >= 0)

@@ -562,15 +562,15 @@ verify_check_crl_dir(const char *crl_dir, x509_cert_t *cert)

       msg (D_HANDSHAKE, "VERIFY CRL: certificate serial number %s is revoked", serial);

       x509_free_serial(serial);

       close(fd);

-      return true;

+      return FAILURE;

     }

   x509_free_serial(serial);

-  return false;

+  return SUCCESS;

 }

-int

+result_t

 verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)

 {

   char *subject = NULL;

@@ -596,7 +596,8 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)

   string_replace_leading (subject, '-', '_');

   /* extract the username (default is CN) */

-  if (x509_get_username (common_name, TLS_USERNAME_LEN, opt->x509_username_field, cert))

+  if (SUCCESS != x509_get_username (common_name, TLS_USERNAME_LEN,

+      opt->x509_username_field, cert))

     {

       if (!cert_depth)

 	{

@@ -650,16 +651,16 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)

   setenv_untrusted (session);

   /* If this is the peer's own certificate, verify it */

-  if (cert_depth == 0 && verify_peer_cert(opt, cert, subject, common_name))

+  if (cert_depth == 0 && SUCCESS != verify_peer_cert(opt, cert, subject, common_name))

     goto err;

   /* call --tls-verify plug-in(s), if registered */

-  if (verify_cert_call_plugin(opt->plugins, opt->es, cert_depth, cert, subject))

+  if (SUCCESS != verify_cert_call_plugin(opt->plugins, opt->es, cert_depth, cert, subject))

     goto err;

   /* run --tls-verify script */

-  if (opt->verify_command && verify_cert_call_command(opt->verify_command, opt->es,

-      cert_depth, cert, subject, opt->verify_export_cert))

+  if (opt->verify_command && SUCCESS != verify_cert_call_command(opt->verify_command,

+      opt->es, cert_depth, cert, subject, opt->verify_export_cert))

     goto err;

   /* check peer cert against CRL */

@@ -667,12 +668,12 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)

     {

       if (opt->ssl_flags & SSLF_CRL_VERIFY_DIR)

       {

-	if (verify_check_crl_dir(opt->crl_file, cert))

+	if (SUCCESS != verify_check_crl_dir(opt->crl_file, cert))

 	  goto err;

       }

       else

       {

-	if (x509_verify_crl(opt->crl_file, cert, subject))

+	if (SUCCESS != x509_verify_crl(opt->crl_file, cert, subject))

 	  goto err;

       }

     }

@@ -682,7 +683,7 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)

  done:

   x509_free_subject (subject);

-  return (session->verified == true) ? 1 : 0;

+  return (session->verified == true) ? SUCCESS : FAILURE;

  err:

   tls_clear_error();

@@ -30,6 +30,11 @@

 #ifndef SSL_VERIFY_BACKEND_H_

 #define SSL_VERIFY_BACKEND_H_

+/**

+ * Result of verification function

+ */

+typedef enum { SUCCESS=0, FAILURE=1 } result_t;

+

 /*

  * Backend support functions.

  *

@@ -48,9 +53,9 @@

  * @param cert		Certificate to process

  * @param cert_depth	Depth of the current certificate

  *

- * @return 		\c 1 if verification was successful, \c 0 on failure.

+ * @return 		\c SUCCESS if verification was successful, \c FAILURE on failure.

  */

-int verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth);

+result_t verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth);

 /*

  * Remember the given certificate hash, allowing the certificate chain to be

@@ -118,9 +123,9 @@ void x509_free_sha1_hash (unsigned char *hash);

  * @param x509_username_field	Name of the field to load from

  * @param cert			Certificate to retrieve the common name from.

  *

- * @return 		\c 1 on failure, \c 0 on success

+ * @return 		\c FAILURE, \c or SUCCESS

  */

-bool x509_get_username (char *common_name, int cn_len,

+result_t x509_get_username (char *common_name, int cn_len,

     char * x509_username_field, x509_cert_t *peer_cert);

 /*

@@ -201,11 +206,11 @@ void x509_setenv_track (const struct x509_track *xt, struct env_set *es,

  * @param usage		One of \c NS_CERT_CHECK_CLIENT, \c NS_CERT_CHECK_SERVER,

  * 			or \c NS_CERT_CHECK_NONE.

  *

- * @return		\c true if NS_CERT_CHECK_NONE or if the certificate has

- * 			the expected bit set. \c false if the certificate does

+ * @return		\c SUCCESS if NS_CERT_CHECK_NONE or if the certificate has

+ * 			the expected bit set. \c FAILURE if the certificate does

  * 			not have NS cert type verification or the wrong bit set.

  */

-bool x509_verify_ns_cert_type(const x509_cert_t *cert, const int usage);

+result_t x509_verify_ns_cert_type(const x509_cert_t *cert, const int usage);

 #if OPENSSL_VERSION_NUMBER >= 0x00907000L || USE_POLARSSL

@@ -216,10 +221,10 @@ bool x509_verify_ns_cert_type(const x509_cert_t *cert, const int usage);

  * @param expected_ku	Array of valid key usage values

  * @param expected_len	Length of the key usage array

  *

- * @return 		\c true if one of the key usage values matches, \c false

+ * @return 		\c SUCCESS if one of the key usage values matches, \c FAILURE

  * 			if key usage is not enabled, or the values do not match.

  */

-bool x509_verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,

+result_t x509_verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,

     int expected_len);

 /*

@@ -231,11 +236,11 @@ bool x509_verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,

  * 			(e.g. \c "1.2.3.4", or the descriptive string matching

  * 			the OID.

  *

- * @return 		\c true if one of the expected OID matches one of the

- * 			extended key usage fields, \c false if extended key

+ * @return 		\c SUCCESS if one of the expected OID matches one of the

+ * 			extended key usage fields, \c FAILURE if extended key

  * 			usage is not enabled, or the values do not match.

  */

-bool x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);

+result_t x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);

 #endif

@@ -245,8 +250,10 @@ bool x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);

  * @param cert		Certificate to store

  * @param tmp_dir	Temporary directory to store the directory

  * @param gc		gc_arena to store temporary objects in

+ *

+ *

  */

-bool x509_write_pem(FILE *peercert_file, x509_cert_t *peercert);

+result_t x509_write_pem(FILE *peercert_file, x509_cert_t *peercert);

 /*

  * Check the certificate against a CRL file.

@@ -255,11 +262,11 @@ bool x509_write_pem(FILE *peercert_file, x509_cert_t *peercert);

  * @param cert		Certificate to verify

  * @param subject	Subject of the given certificate

  *

- * @return 		\c 1 if the CRL was not signed by the issuer of the

+ * @return 		\c SUCCESS if the CRL was not signed by the issuer of the

  * 			certificate or does not contain an entry for it.

- * 			\c 0 otherwise.

+ * 			\c FAILURE otherwise.

  */

-bool x509_verify_crl(const char *crl_file, x509_cert_t *cert,

+result_t x509_verify_crl(const char *crl_file, x509_cert_t *cert,

     const char *subject);

 #endif /* SSL_VERIFY_BACKEND_H_ */

@@ -144,7 +144,7 @@ bool extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)

  * Return true on success, false on error (insufficient buffer size in 'out'

  * to contain result is grounds for error).

  */

-static bool

+static result_t

 extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out,

     int size)

 {

@@ -164,29 +164,29 @@ extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out,

   /* Nothing found */

   if (lastpos == -1)

-    return false;

+    return FAILURE;

   x509ne = X509_NAME_get_entry(x509, lastpos);

   if (!x509ne)

-    return false;

+    return FAILURE;

   asn1 = X509_NAME_ENTRY_get_data(x509ne);

   if (!asn1)

-    return false;

+    return FAILURE;

   tmp = ASN1_STRING_to_UTF8(&buf, asn1);

   if (tmp <= 0)

-    return false;

+    return FAILURE;

   strncpynt(out, (char *)buf, size);

   {

-    const bool ret = (strlen ((char *)buf) < size);

+    const result_t ret = (strlen ((char *)buf) < size) ? SUCCESS: FAILURE;

     OPENSSL_free (buf);

     return ret;

   }

 }

-bool

+result_t

 x509_get_username (char *common_name, int cn_len,

     char * x509_username_field, X509 *peer_cert)

 {

@@ -194,14 +194,14 @@ x509_get_username (char *common_name, int cn_len,

   if (strncmp("ext:",x509_username_field,4) == 0)

     {

       if (!extract_x509_extension (peer_cert, x509_username_field+4, common_name, cn_len))

-	return true;

+	return FAILURE;

     } else

 #endif

-  if (!extract_x509_field_ssl (X509_get_subject_name (peer_cert),

+  if (FAILURE == extract_x509_field_ssl (X509_get_subject_name (peer_cert),

       x509_username_field, common_name, cn_len))

-      return true;

+      return FAILURE;

-  return false;

+  return SUCCESS;

 }

 char *

@@ -406,29 +406,29 @@ x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *peer_cert)

     }

 }

-bool

+result_t

 x509_verify_ns_cert_type(const x509_cert_t *peer_cert, const int usage)

 {

   if (usage == NS_CERT_CHECK_NONE)

-    return true;

+    return SUCCESS;

   if (usage == NS_CERT_CHECK_CLIENT)

     return ((peer_cert->ex_flags & EXFLAG_NSCERT)

-	&& (peer_cert->ex_nscert & NS_SSL_CLIENT));

+	&& (peer_cert->ex_nscert & NS_SSL_CLIENT)) ? SUCCESS: FAILURE;

   if (usage == NS_CERT_CHECK_SERVER)

     return ((peer_cert->ex_flags & EXFLAG_NSCERT)

-	&& (peer_cert->ex_nscert & NS_SSL_SERVER));

+	&& (peer_cert->ex_nscert & NS_SSL_SERVER))  ? SUCCESS: FAILURE;

-  return false;

+  return FAILURE;

 }

 #if OPENSSL_VERSION_NUMBER >= 0x00907000L

-bool

+result_t

 x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku,

     int expected_len)

 {

   ASN1_BIT_STRING *ku = NULL;

-  bool fFound = false;

+  result_t fFound = FAILURE;

   if ((ku = (ASN1_BIT_STRING *) X509_get_ext_d2i (x509, NID_key_usage, NULL,

       NULL)) == NULL)

@@ -454,7 +454,7 @@ x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku,

 	}

       msg (D_HANDSHAKE, "Validating certificate key usage");

-      for (i = 0; !fFound && i < expected_len; i++)

+      for (i = 0; fFound != SUCCESS && i < expected_len; i++)

 	{

 	  if (expected_ku[i] != 0)

 	    {

@@ -462,7 +462,7 @@ x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku,

 		  "%04x", nku, expected_ku[i]);

 	      if (nku == expected_ku[i])

-		fFound = true;

+		fFound = SUCCESS;

 	    }

 	}

     }

@@ -473,11 +473,11 @@ x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku,

   return fFound;

 }

-bool

+result_t

 x509_verify_cert_eku (X509 *x509, const char * const expected_oid)

 {

   EXTENDED_KEY_USAGE *eku = NULL;

-  bool fFound = false;

+  result_t fFound = FAILURE;

   if ((eku = (EXTENDED_KEY_USAGE *) X509_get_ext_d2i (x509, NID_ext_key_usage,

       NULL, NULL)) == NULL)

@@ -489,24 +489,24 @@ x509_verify_cert_eku (X509 *x509, const char * const expected_oid)

       int i;

       msg (D_HANDSHAKE, "Validating certificate extended key usage");

-      for (i = 0; !fFound && i < sk_ASN1_OBJECT_num (eku); i++)

+      for (i = 0; SUCCESS != fFound && i < sk_ASN1_OBJECT_num (eku); i++)

 	{

 	  ASN1_OBJECT *oid = sk_ASN1_OBJECT_value (eku, i);

 	  char szOid[1024];

-	  if (!fFound && OBJ_obj2txt (szOid, sizeof(szOid), oid, 0) != -1)

+	  if (SUCCESS != fFound && OBJ_obj2txt (szOid, sizeof(szOid), oid, 0) != -1)

 	    {

 	      msg (D_HANDSHAKE, "++ Certificate has EKU (str) %s, expects %s",

 		  szOid, expected_oid);

 	      if (!strcmp (expected_oid, szOid))

-		fFound = true;

+		fFound = SUCCESS;

 	    }

-	  if (!fFound && OBJ_obj2txt (szOid, sizeof(szOid), oid, 1) != -1)

+	  if (SUCCESS != fFound && OBJ_obj2txt (szOid, sizeof(szOid), oid, 1) != -1)

 	    {

 	      msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",

 		  szOid, expected_oid);

 	      if (!strcmp (expected_oid, szOid))

-		fFound = true;

+		fFound = SUCCESS;

 	    }

 	}

     }

@@ -517,15 +517,15 @@ x509_verify_cert_eku (X509 *x509, const char * const expected_oid)

   return fFound;

 }

-bool

+result_t

 x509_write_pem(FILE *peercert_file, X509 *peercert)

 {

   if (PEM_write_X509(peercert_file, peercert) < 0)

     {

       msg (M_ERR, "Failed to write peer certificate in PEM format");

-      return true;

+      return FAILURE;

     }

-  return false;

+  return SUCCESS;

 }

 #endif /* OPENSSL_VERSION_NUMBER */

@@ -533,13 +533,14 @@ x509_write_pem(FILE *peercert_file, X509 *peercert)

 /*

  * check peer cert against CRL

  */

-bool

+result_t

 x509_verify_crl(const char *crl_file, X509 *peer_cert, const char *subject)

 {

   X509_CRL *crl=NULL;

   X509_REVOKED *revoked;

   BIO *in=NULL;

-  int n,i,retval = 0;

+  int n,i;

+  result_t retval = FAILURE;

   in=BIO_new(BIO_s_file());

@@ -560,7 +561,7 @@ x509_verify_crl(const char *crl_file, X509 *peer_cert, const char *subject)

   if (X509_NAME_cmp(X509_CRL_get_issuer(crl), X509_get_issuer_name(peer_cert)) != 0) {

     msg (M_WARN, "CRL: CRL %s is from a different issuer than the issuer of "

 	"certificate %s", crl_file, subject);

-    retval = 1;

+    retval = SUCCESS;

     goto end;

   }

@@ -573,7 +574,7 @@ x509_verify_crl(const char *crl_file, X509 *peer_cert, const char *subject)

     }

   }

-  retval = 1;

+  retval = SUCCESS;

   msg (D_HANDSHAKE, "CRL CHECK OK: %s",subject);

 end:

@@ -581,5 +582,5 @@ end:

   if (crl)

     X509_CRL_free (crl);

-  return !retval;

+  return retval;

 }

@@ -65,17 +65,18 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth,

     }

   /*

-   * verify_cert() returns 1 on success, 0 on failure.

-   * PolarSSL expects the opposite.

+   * PolarSSL expects 1 on failure, 0 on success

    */

-  return 0 == verify_cert(session, cert, cert_depth);

+  if (SUCCESS == verify_cert(session, cert, cert_depth))

+    return 0;

+  return 1;

 }

 #ifdef ENABLE_X509ALTUSERNAME

 # warning "X509 alt user name not yet supported for PolarSSL"

 #endif

-bool

+result_t

 x509_get_username (char *cn, int cn_len,

     char *x509_username_field, x509_cert *cert)

 {

@@ -96,7 +97,7 @@ x509_get_username (char *cn, int cn_len,

   /* Not found, return an error if this is the peer's certificate */

   if( name == NULL )

-      return 1;

+      return FAILURE;

   /* Found, extract CN */

   if (cn_len > name->val.len)

@@ -107,7 +108,7 @@ x509_get_username (char *cn, int cn_len,

       cn[cn_len-1] = '\0';

     }

-  return 0;

+  return SUCCESS;

 }

 char *

@@ -274,26 +275,26 @@ x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert)

     }

 }

-bool

+result_t

 x509_verify_ns_cert_type(const x509_cert *cert, const int usage)

 {

   if (usage == NS_CERT_CHECK_NONE)

-    return true;

+    return SUCCESS;

   if (usage == NS_CERT_CHECK_CLIENT)

     return ((cert->ext_types & EXT_NS_CERT_TYPE)

-	&& (cert->ns_cert_type & NS_CERT_TYPE_SSL_CLIENT));

+	&& (cert->ns_cert_type & NS_CERT_TYPE_SSL_CLIENT)) ? SUCCESS : FAILURE;

   if (usage == NS_CERT_CHECK_SERVER)

     return ((cert->ext_types & EXT_NS_CERT_TYPE)

-	&& (cert->ns_cert_type & NS_CERT_TYPE_SSL_SERVER));

+	&& (cert->ns_cert_type & NS_CERT_TYPE_SSL_SERVER)) ? SUCCESS : FAILURE;

-  return false;

+  return FAILURE;

 }

-bool

+result_t

 x509_verify_cert_ku (x509_cert *cert, const unsigned * const expected_ku,

     int expected_len)

 {

-  bool fFound = false;

+  result_t fFound = FAILURE;

   if(!(cert->ext_types & EXT_KEY_USAGE))

     {

@@ -305,7 +306,7 @@ x509_verify_cert_ku (x509_cert *cert, const unsigned * const expected_ku,

       unsigned nku = cert->key_usage;

       msg (D_HANDSHAKE, "Validating certificate key usage");

-      for (i=0;!fFound && i<expected_len;i++)

+      for (i=0; SUCCESS != fFound && i<expected_len; i++)

 	{

 	  if (expected_ku[i] != 0)

 	    {

@@ -314,7 +315,7 @@ x509_verify_cert_ku (x509_cert *cert, const unsigned * const expected_ku,

 	      if (nku == expected_ku[i])

 		{

-		  fFound = true;

+		  fFound = SUCCESS;

 		}

 	    }

 	}

@@ -322,10 +323,10 @@ x509_verify_cert_ku (x509_cert *cert, const unsigned * const expected_ku,

   return fFound;

 }

-bool

+result_t

 x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)

 {

-  bool fFound = false;

+  result_t fFound = FAILURE;

   if (!(cert->ext_types & EXT_EXTENDED_KEY_USAGE))

     {

@@ -349,7 +350,7 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)

 		  oid_str, expected_oid);

 	      if (!strcmp (expected_oid, oid_str))

 		{

-		  fFound = true;

+		  fFound = SUCCESS;

 		  break;

 		}

 	    }

@@ -361,7 +362,7 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)

 		  oid_num_str, expected_oid);

 	      if (!strcmp (expected_oid, oid_num_str))

 		{

-		  fFound = true;

+		  fFound = SUCCESS;

 		  break;

 		}

 	    }

@@ -372,20 +373,20 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)

     return fFound;

 }

-bool

+result_t

 x509_write_pem(FILE *peercert_file, x509_cert *peercert)

 {

     msg (M_WARN, "PolarSSL does not support writing peer certificate in PEM format");

-    return true;

+    return FAILURE;

 }

 /*

  * check peer cert against CRL

  */

-bool

+result_t

 x509_verify_crl(const char *crl_file, x509_cert *cert, const char *subject)

 {

-  int retval = 0;

+  result_t retval = FAILURE;

   x509_crl crl = {0};

   if (x509parse_crlfile(&crl, crl_file) != 0)

@@ -399,7 +400,7 @@ x509_verify_crl(const char *crl_file, x509_cert *cert, const char *subject)

     {

       msg (M_WARN, "CRL: CRL %s is from a different issuer than the issuer of "

 	  "certificate %s", crl_file, subject);

-      retval = 1;

+      retval = SUCCESS;

       goto end;

     }

@@ -409,14 +410,10 @@ x509_verify_crl(const char *crl_file, x509_cert *cert, const char *subject)

       goto end;

     }

-  retval = 1;

+  retval = SUCCESS;

   msg (D_HANDSHAKE, "CRL CHECK OK: %s",subject);

 end:

   x509_crl_free(&crl);

-

-  if (!retval)

-    return true;

-

-  return false;

+  return retval;

 }