Kurt Roeckx wrote:
On Sat, 31 Jan 2009 02:15:21 +0100, David Schwartz <dav...@webmaster.com>
wrote:
The documentation for PKCS7_verify says:
PKCS7_verify() returns 1 for a successful verification and zero
or a
negative value if an error occurs.
This is correct.
And in apps/smime.c there is this code:
if (PKCS7_verify(p7, other, store, indata, out, flags))
BIO_printf(bio_err, "Verification
successful\n");
else
{
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
This is correct.
But looking at the code for PKCS7_verify I can't see a case where
it returns something other than 0 or 1.
This is correct.
Could either the code or the documentation be fixed?
Neither is broken.
So it's ok to change PKCS7_verify() to return a negative value and not
change apps/smime.c? Because both are "correct"?
Either the doc is right in which case the usage should be changed to if
(PKCS7_verify(p7, other, store, indata, out, flags) == 1).
Or the usage is right, in which case the doc should be changed to
"PKCS7_verify() returns 1 for a successful verification and zero if an
error occurs.".
Yes, it doesnt cause any problems right now. But if the usage does not
reflect the doc, one of them is wrong.
If a future implementation wants to return ten different error codes to
indicate different failure modes, it can currently do so without
breaking any current code that follows the specification.
Yes, but the if(PKCS7_verify(...)) does _NOT_ follow the specification. If
PKCS7_verify() returns a negative value, the code is _broken_.
Kosta
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
