gnutls_x509_crl_verify: always return zero on success

Also document that in previous versions a positive number could be returned on success. Reported by Adrien Beraud.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-12-01 08:40:13 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-12-01 16:43:42 +0100
commit: 93486c97a9ba588e1b6eaec9918b7f4bf425d442 (patch)
tree: 7ad7392947abaeec4d02a16d105d4a8f589c855a
parent: 78a03dd782c07e8d9ee35ffc584097f75f246e88 (diff)
download: gnutls-93486c97a9ba588e1b6eaec9918b7f4bf425d442.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index ecd2369b1c..e645c58bb1 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1377,7 +1377,10 @@ find_crl_issuer(gnutls_x509_crl_t crl,
  * function is success (i.e, failure to trust a CRL a certificate does not imply 
  * a negative return value).
  *
- * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * Before GnuTLS 3.5.7 this function would return zero or a positive
+ * number on success.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0), otherwise a
  *   negative error value.
  **/
 int
@@ -1483,6 +1486,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
 			if (verify)
 				*verify |= GNUTLS_CERT_INVALID;
 			goto cleanup;
+		} else if (result >= 0) {
+			result = 0; /* everything ok */
 		}
 	}
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-12-01 08:40:13 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-12-01 16:43:42 +0100
commit	93486c97a9ba588e1b6eaec9918b7f4bf425d442 (patch)
tree	7ad7392947abaeec4d02a16d105d4a8f589c855a
parent	78a03dd782c07e8d9ee35ffc584097f75f246e88 (diff)
download	gnutls-93486c97a9ba588e1b6eaec9918b7f4bf425d442.tar.gz