Package: isakmpd
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in x509.c:
if (X509_verify(cert, key) == -1) {
log_print("x509_cert_validate: self-signed cert is bad");
return 0;
}
X509_verify returns the value of the ASN1_item_verify() call
which normally returns 0 if the verification failed,
but can also return -1 for some other error cases.
I have no idea what this code is used for or what the
consequences of this are.
Kurt
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]