Comment and indentation

78f3a2aa · Bodo Möller · b8470240 · 78f3a2aa · 78f3a2aa
隐藏空白更改
内联并排

Showing with 11 addition and 4 deletion

crypto/x509/x509_trs.c crypto/x509/x509_trs.c +4 -4

crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +7 -0

未找到文件。
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -99,10 +99,10 @@ static int tr_cmp(const X509_TRUST * const *a,
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
 {
-int (*oldtrust)(int , X509 *, int);
+	int (*oldtrust)(int , X509 *, int);
-oldtrust = default_trust;
+	oldtrust = default_trust;
-default_trust = trust;
+	default_trust = trust;
-return oldtrust;
+	return oldtrust;
 }

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx)
 				if (!ok) goto end;
 				}
 			if (X509_verify(xs,pkey) <= 0)
+				/* XXX  For the final trusted self-signed cert,
+				 * this is a waste of time.  That check should
+				 * optional so that e.g. 'openssl x509' can be
+				 * used to detect invalid self-signatures, but
+				 * we don't verify again and again in SSL
+				 * handshakes and the like once the cert has
+				 * been declared trusted. */
 				{
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;