opnsense/src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-03 18:14:35 -06:00
Code Issues Packages Projects Releases Wiki Activity

libfetch: restructure this code like it was originally intended #261

Browse Source 
Some back and forth but this makes the initial submission a little better.
This commit is contained in:
Franco Fichtner 2025-08-26 12:42:26 +02:00
parent e28c4bd4a2
commit 0de9878297
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/libfetch/common.c
View File

@ -1172,19 +1172,21 @@ fetch_ssl_cb_verify_crt(int verified, X509_STORE_CTX *ctx)
* we do make the utmost effort to supply a proper list of CRLs that
* are required to verify the certificate(s) in question.
*/
if (!verified && X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL) {
if ((crt = X509_STORE_CTX_get_current_cert(ctx)) != NULL &&
(name = X509_get_subject_name(crt)) != NULL) {
if (X509_STORE_CTX_get_error_depth(ctx) != 0) {
if (!verified && X509_STORE_CTX_get_error(ctx) ==X509_V_ERR_UNABLE_TO_GET_CRL) {
if (X509_STORE_CTX_get_error_depth(ctx) != 0) {
if ((crt = X509_STORE_CTX_get_current_cert(ctx)) != NULL &&
(name = X509_get_subject_name(crt)) != NULL)
str = X509_NAME_oneline(name, 0, 0);
fetch_info("No CRL was provided for CA %s", str);
OPENSSL_free(str);
}
fetch_info("No CRL was provided for CA %s",
str != NULL ? str : "no relevant certificate");
OPENSSL_free(str);
}
verified = 1;
}
str = NULL;
if (!verified) {
if ((crt = X509_STORE_CTX_get_current_cert(ctx)) != NULL &&
(name = X509_get_subject_name(crt)) != NULL)