Browse files

crypto: return CHECK_OK in VerifyCallback

VerifyCallback returns 1 in two locations but CHECK_CERT_REVOKED in a
third return statment. This commit suggests that CHECK_OK is used
instead of 1. CHECK_OK is also used as the return value in
CheckWhitelistedServerCert so it seems to be consitent change to make.

PR-URL: #13241
Reviewed-By: Ben Noordhuis <>
Reviewed-By: Refael Ackermann <>
Reviewed-By: Colin Ihrig <>
  • Loading branch information...
danbev authored and jasnell committed May 26, 2017
1 parent ea6941f commit 945916195c1e3ed33053ad9b184c5fb37ee6cf2d
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/
@@ -2881,14 +2881,14 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
// Failure on verification of the cert is handled in
// Connection::VerifyError.
if (preverify_ok == 0 || X509_STORE_CTX_get_error(ctx) != X509_V_OK)
return 1;
return CHECK_OK;
// Server does not need to check the whitelist.
SSL* ssl = static_cast<SSL*>(
X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
if (SSL_is_server(ssl))
return 1;
return CHECK_OK;
// Client needs to check if the server cert is listed in the
// whitelist when it is issued by the specific rootCAs.

0 comments on commit 9459161

Please sign in to comment.