mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-07 06:42:56 +03:00
pkcs7: Use better error codes
Remove an unnecessary debug print (whoops). Use new error code for when the x509 is expired. When there are no signers return invalid certificate. Signed-off-by: Nick Child <nick.child@ibm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
@@ -630,15 +630,14 @@ static int mbedtls_pkcs7_data_or_hash_verify( mbedtls_pkcs7 *pkcs7,
|
||||
|
||||
if( pkcs7->signed_data.no_of_signers == 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
|
||||
ret = MBEDTLS_ERR_PKCS7_INVALID_CERT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if( mbedtls_x509_time_is_past( &cert->valid_to ) ||
|
||||
mbedtls_x509_time_is_future( &cert->valid_from ))
|
||||
{
|
||||
printf("EXPRED\n");
|
||||
ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
|
||||
ret = MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user