aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/x509/mod.rs
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/src/x509/mod.rs')
-rw-r--r--openssl/src/x509/mod.rs13
1 files changed, 8 insertions, 5 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 0cfa8ada..6bb58dbd 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -117,18 +117,21 @@ impl X509StoreContextRef {
/// # Result
///
/// The Result must be `Some(None)` to be a valid certificate, otherwise the cert is not valid.
- pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<Option<X509VerifyError>, ErrorStack> {
+ pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<(), ErrorStack> {
unsafe {
ffi::init();
let context = try!(cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p)));
try!(cvt(ffi::X509_STORE_CTX_init(context.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr()))
.map(|_| ()));
+
+ mem::forget(trust);
+ mem::forget(cert);
+ mem::forget(cert_chain);
+
+ // verify_cert returns an error `<= 0` if there was a validation error
try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ()));
- let result = Ok(context.error());
- ffi::X509_STORE_CTX_cleanup(context.as_ptr());
-
- result
+ Ok(())
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-24 01:14:00 +0000