corrected some bugs in the verification functions.

1 files changed, 3 insertions, 1 deletions

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 9dbb8c3087..f102f372c3 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -247,6 +247,8 @@ int ret, issuer_version, result;
 	ret = _gnutls_x509_verify_signature(&cert_signed_data, &cert_signature, issuer);
 	if (ret < 0) {
 		gnutls_assert();
+	} else if (ret == 0) {
+		gnutls_assert();
 		/* error. ignore it */
 		if (output) *output |= GNUTLS_CERT_NOT_TRUSTED;
 		ret = 0;
@@ -765,7 +767,7 @@ int ret, result;
 
 
 	ret = _gnutls_x509_verify_signature(&crl_signed_data, &crl_signature, issuer);
-	if (ret < 0) {
+	if (ret <= 0) {
 		gnutls_assert();
 		/* error. ignore it */
 		ret = 0;