return buf;
}
-static int compare_certificates (X509 *cert, X509 *peercert,
+static bool compare_certificates (X509 *cert, X509 *peercert,
unsigned char *peermd, unsigned int peermdlen)
{
unsigned char md[EVP_MAX_MD_SIZE];
*/
if (X509_subject_name_cmp (cert, peercert) != 0 ||
X509_issuer_name_cmp (cert, peercert) != 0)
- return -1;
+ return false;
if (!X509_digest (cert, EVP_sha256(), md, &mdlen) || peermdlen != mdlen)
- return -1;
+ return false;
if (memcmp(peermd, md, mdlen) != 0)
- return -1;
+ return false;
- return 0;
+ return true;
}
static bool check_certificate_expiration (X509 *peercert, bool silent)
for (i = sk_X509_num (SslSessionCerts); i-- > 0;)
{
cert = sk_X509_value (SslSessionCerts, i);
- if (!compare_certificates (cert, peercert, peermd, peermdlen))
+ if (compare_certificates (cert, peercert, peermd, peermdlen))
{
return true;
}
while (PEM_read_X509 (fp, &cert, NULL, NULL) != NULL)
{
- if ((compare_certificates (cert, peercert, peermd, peermdlen) == 0) &&
+ if (compare_certificates (cert, peercert, peermd, peermdlen) &&
check_certificate_expiration (cert, true))
{
pass = 1;
if (skip_mode && preverify_ok && (pos == last_pos) && last_cert)
{
if (X509_digest (last_cert, EVP_sha256(), last_cert_md, &last_cert_mdlen) &&
- !compare_certificates (cert, last_cert, last_cert_md, last_cert_mdlen))
+ compare_certificates (cert, last_cert, last_cert_md, last_cert_mdlen))
{
mutt_debug (2, "ssl_verify_callback: ignoring duplicate skipped certificate.\n");
return 1;
projects / neomutt / commitdiff