Go over all OpenSSL return values and make sure we compare them

to the documented API value. The previous code got it right as
it's implemented, but accepted too much/too little compared to
the API documentation.

Per comment from Zdenek Kotala.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 10bd938981d..af919a8333e 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.102 2008/01/29 02:03:39 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.102.2.1 2009/01/28 15:06:57 mha Exp $
  *
  * NOTES
  *	  [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -793,7 +793,7 @@ client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 	}
 
 	/* verify that the cert and key go together */
-	if (!X509_check_private_key(*x509, *pkey))
+	if (X509_check_private_key(*x509, *pkey) != 1)
 	{
 		char	   *err = SSLerrmessage();
 
@@ -926,7 +926,7 @@ initialize_SSL(PGconn *conn)
 		{
 			X509_STORE *cvstore;
 
-			if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL))
+			if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1)
 			{
 				char	   *err = SSLerrmessage();
 
@@ -940,7 +940,7 @@ initialize_SSL(PGconn *conn)
 			if ((cvstore = SSL_CTX_get_cert_store(SSL_context)) != NULL)
 			{
 				/* setting the flags to check against the complete CRL chain */
-				if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0)
+				if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1)
 /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
 #ifdef X509_V_FLAG_CRL_CHECK
 					X509_STORE_set_flags(cvstore,