commit 9498e74a92ce6289af2a9dddb14b75445de87d9c
author Adam Langley <agl@google.com> Mon Jul 18 10:17:16 2016 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Aug 01 18:11:39 2016 +0000
tree f2ce855627ae6c12bd79c2f7c05e90367d60134a
parent 0d1b0961f9b8ef720cd96ae0a7ac3edcbbf538e5

Don't have the default value of |verify_result| be X509_V_OK.

It seems much safer for the default value of |verify_result| to be an
error value.

Change-Id: I372ec19c41d77516ed12d0169969994f7d23ed70
Reviewed-on: https://boringssl-review.googlesource.com/9063
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/handshake_client.c

diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index d78bc27..d434487 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1041,8 +1041,6 @@
   X509_free(ssl->s3->new_session->peer);
   ssl->s3->new_session->peer = X509_up_ref(leaf);
 
-  ssl->s3->new_session->verify_result = ssl->verify_result;
-
   return 1;
 
 err:
@@ -1097,12 +1095,13 @@
     int al = ssl_verify_alarm_type(ssl->verify_result);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
     OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
-  } else {
-    ret = 1;
-    ERR_clear_error(); /* but we keep ssl->verify_result */
+    return ret;
   }
 
-  return ret;
+  /* Otherwise the error is non-fatal, but we keep verify_result. */
+  ERR_clear_error();
+  ssl->s3->new_session->verify_result = ssl->verify_result;
+  return 1;
 }
 
 static int ssl3_get_server_key_exchange(SSL *ssl) {