summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_verify_polarssl.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-05-10 17:40:25 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-05-10 17:40:25 +0200
commitfd1989a44e8b5f8a1204268c0b831e1215d345c5 (patch)
treeb7953a8e1b3bd31ab9b25ed4a87b66f43cba2007 /src/openvpn/ssl_verify_polarssl.c
parent5ed34d2384cae48c45501f30c9e69512fe54b3ec (diff)
parentffca24bed7a03d95585ad02278667abe75d8b272 (diff)
Merge tag 'upstream/2.3.11'
Upstream version 2.3.11
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
-rw-r--r--src/openvpn/ssl_verify_polarssl.c26
1 files changed, 7 insertions, 19 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index ac252a3..7ed87d6 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -131,17 +131,12 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
char *buf = NULL;
size_t buflen = 0;
mpi serial_mpi = { 0 };
- int retval = 0;
/* Transform asn1 integer serial into PolarSSL MPI */
mpi_init(&serial_mpi);
- retval = mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len);
- if (retval < 0)
+ if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len)))
{
- char errbuf[128];
- error_strerror(retval, errbuf, sizeof(errbuf));
-
- msg(M_WARN, "Failed to retrieve serial from certificate: %s.", errbuf);
+ msg(M_WARN, "Failed to retrieve serial from certificate.");
return NULL;
}
@@ -150,13 +145,9 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
buf = gc_malloc(buflen, true, gc);
/* Write MPI serial as decimal string into buffer */
- retval = mpi_write_string(&serial_mpi, 10, buf, &buflen);
- if (retval < 0)
+ if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen)))
{
- char errbuf[128];
- error_strerror(retval, errbuf, sizeof(errbuf));
-
- msg(M_WARN, "Failed to write serial to string: %s.", errbuf);
+ msg(M_WARN, "Failed to write serial to string.");
return NULL;
}
@@ -372,12 +363,9 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)
struct gc_arena gc = gc_new();
char *serial;
- int polar_retval = x509_crl_parse_file(&crl, crl_file);
- if (polar_retval != 0)
+ if (!polar_ok(x509_crl_parse_file(&crl, crl_file)))
{
- char errstr[128];
- polarssl_strerror(polar_retval, errstr, sizeof(errstr));
- msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr);
+ msg (M_WARN, "CRL: cannot read CRL from file %s", crl_file);
goto end;
}
@@ -390,7 +378,7 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)
goto end;
}
- if (0 != x509_crt_revoked(cert, &crl))
+ if (!polar_ok(x509_crt_revoked(cert, &crl)))
{
serial = backend_x509_get_serial_hex(cert, &gc);
msg (D_HANDSHAKE, "CRL CHECK FAILED: %s (serial %s) is REVOKED", subject, (serial ? serial : "NOT AVAILABLE"));