Always check return from tls_export_cert()

Invert the meaning of the return.
author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2019-08-30 13:44:01 +0200
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2019-08-30 13:44:01 +0200
commit: 2944124ccb62cbf64e44bc8e0894fb30307514da (patch)
tree: 0c711014e4fff62bf258b4d169f75d5566011a50 /src
parent: fc55624df0c1956b7b6b4ae35605a6b95704d022 (diff)
5 files changed, 14 insertions, 14 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c
index a82a04f42..59fbeeaf9 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -4826,7 +4826,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
       if (addr->peercert)
 	{
         ptr = big_buffer;
-	if (!tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
+	if (tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
 	  while(*ptr++);
 	else
 	  *ptr++ = 0;
@@ -4835,7 +4835,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
       if (addr->ourcert)
 	{
         ptr = big_buffer;
-	if (!tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
+	if (tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
 	  while(*ptr++);
 	else
 	  *ptr++ = 0;
diff --git a/src/src/functions.h b/src/src/functions.h
index ee0ad139e..b9af77dde 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -52,7 +52,7 @@ extern BOOL    tls_client_start(client_conn_ctx *, smtp_connect_args *,
 extern void    tls_close(void *, int);
 extern BOOL    tls_could_read(void);
 extern void    tls_daemon_init(void);
-extern int     tls_export_cert(uschar *, size_t, void *);
+extern BOOL    tls_export_cert(uschar *, size_t, void *);
 extern int     tls_feof(void);
 extern int     tls_ferror(void);
 extern void    tls_free_cert(void **);
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 0dfa4de52..acc6c7b5f 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -249,15 +249,15 @@ if (tls_in.certificate_verified) fprintf(fp, "-tls_certificate_verified\n");
 if (tls_in.cipher) spool_var_write(fp, US"tls_cipher", tls_in.cipher);
 if (tls_in.peercert)
   {
-  (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert);
-  fprintf(fp, "--tls_peercert %s\n", CS big_buffer);
+  if (tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert))
+    fprintf(fp, "--tls_peercert %s\n", CS big_buffer);
   }
 if (tls_in.peerdn)       spool_var_write(fp, US"tls_peerdn", string_printing(tls_in.peerdn));
 if (tls_in.sni)		 spool_var_write(fp, US"tls_sni",    string_printing(tls_in.sni));
 if (tls_in.ourcert)
   {
-  (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert);
-  fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
+  if (tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert))
+    fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
   }
 if (tls_in.ocsp)	 fprintf(fp, "-tls_ocsp %d\n",   tls_in.ocsp);
 # ifdef EXPERIMENTAL_TLS_RESUME
diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c
index 45135814c..f4d53601f 100644
--- a/src/src/tlscert-gnu.c
+++ b/src/src/tlscert-gnu.c
@@ -21,12 +21,12 @@ tls.c when USE_GNUTLS has been set.
 /*****************************************************
 *  Export/import a certificate, binary/printable
 *****************************************************/
-int
+BOOL
 tls_export_cert(uschar * buf, size_t buflen, void * cert)
 {
 size_t sz = buflen;
 rmark reset_point = store_mark();
-int fail;
+BOOL fail;
 const uschar * cp;
 
 if ((fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
@@ -34,7 +34,7 @@ if ((fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
   {
   log_write(0, LOG_MAIN, "TLS error in certificate export: %s",
     gnutls_strerror(fail));
-  return 1;
+  return 0;
   }
 if ((cp = string_printing(buf)) != buf)
   {
@@ -43,7 +43,7 @@ if ((cp = string_printing(buf)) != buf)
     fail = 1;
   }
 store_reset(reset_point);
-return fail;
+return !fail;
 }
 
 int
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 0aa65c886..845c3014f 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -34,11 +34,11 @@ library. It is #included into the tls.c file when that library is used.
 /*****************************************************
 *  Export/import a certificate, binary/printable
 *****************************************************/
-int
+BOOL
 tls_export_cert(uschar * buf, size_t buflen, void * cert)
 {
 BIO * bp = BIO_new(BIO_s_mem());
-int fail;
+BOOL fail;
 
 if ((fail = PEM_write_bio_X509(bp, (X509 *)cert) ? 0 : 1))
   log_write(0, LOG_MAIN, "TLS error in certificate export: %s",
@@ -59,7 +59,7 @@ else
   }
 
 BIO_free(bp);
-return fail;
+return !fail;
 }
 
 int
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2019-08-30 13:44:01 +0200
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2019-08-30 13:44:01 +0200
commit	2944124ccb62cbf64e44bc8e0894fb30307514da (patch)
tree	0c711014e4fff62bf258b4d169f75d5566011a50 /src
parent	fc55624df0c1956b7b6b4ae35605a6b95704d022 (diff)