On Fri, Jan 30, 2009 at 10:37 PM, Kurt Roeckx via RT <r...@openssl.org> wrote:
> The documentation for PKCS7_verify says:
>
> PKCS7_verify() returns 1 for a successful verification and zero or a
> negative value if an error occurs.
>
> And in apps/smime.c there is this code:
>
> if (PKCS7_verify(p7, other, store, indata, out, flags))
> BIO_printf(bio_err, "Verification successful\n");
> else
> {
> BIO_printf(bio_err, "Verification failure\n");
> goto end;
> }
>
> But looking at the code for PKCS7_verify I can't see a case where
> it returns something other than 0 or 1.
>
> Could either the code or the documentation be fixed?
Or both:
apps/smime.c isn't changed with the patch from
http://www.openssl.org/news/secadv_20090107.txt, and that's certainly
because PKCS7_verify() doesn't actually ever return -1. Thanks for
bringing up the inconsistency with the documentation. Using "if
(PKCS7_verify(...) > 0)" in smime.c can't hurt (that's the pattern
that you have to follow with certain functions, after all), and
updating the documentation to describe the actual PKCS7_verify()
behavior that smime.c is currently relying on can't hurt either.
Bodo
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
