diff options
author | Alon Bar-Lev <alon.barlev@gmail.com> | 2012-04-01 16:46:28 +0300 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-04-02 11:54:59 +0200 |
commit | 75b49e406430299b187964744f82e50a9035a0d3 (patch) | |
tree | 4d9dc4a170a9f414632d76a81ae90f854fd4151b /src/openvpn/ssl_verify_polarssl.c | |
parent | 12e46092bad76b88bb7439e1c1666e987669cfb1 (diff) | |
download | openvpn-75b49e406430299b187964744f82e50a9035a0d3.tar.gz openvpn-75b49e406430299b187964744f82e50a9035a0d3.tar.xz openvpn-75b49e406430299b187964744f82e50a9035a0d3.zip |
cleanup: gc usage
Cleanup of "Use the garbage collector when retrieving x509 fields"
patch series.
Discussed at [1].
There should be an effort to produce common function prologue
and epilogue, so that cleanups will be done at single point.
[1] http://comments.gmane.org/gmane.network.openvpn.devel/5401
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
-rw-r--r-- | src/openvpn/ssl_verify_polarssl.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c index d9d4fd5..a32db8d 100644 --- a/src/openvpn/ssl_verify_polarssl.c +++ b/src/openvpn/ssl_verify_polarssl.c @@ -48,6 +48,7 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth, { struct tls_session *session = (struct tls_session *) session_obj; struct gc_arena gc = gc_new(); + int ret = 1; ASSERT (cert); ASSERT (session); @@ -68,18 +69,21 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth, msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 " "subject string from certificate", cert_depth); - gc_free(&gc); - return 1; + goto cleanup; } + if (SUCCESS != verify_cert(session, cert, cert_depth)) + goto cleanup; + + ret = 0; + +cleanup: + gc_free(&gc); + /* * PolarSSL expects 1 on failure, 0 on success */ - gc_free(&gc); - - if (SUCCESS == verify_cert(session, cert, cert_depth)) - return 0; - return 1; + return ret; } #ifdef ENABLE_X509ALTUSERNAME |