From 8eeac2d7d208a8940bf917a4c4d8fcf27a167c9c Mon Sep 17 00:00:00 2001
From: Dirk Engling <erdgeist@erdgeist.org>
Date: Fri, 15 Apr 2016 16:34:21 +0200
Subject: Fix last patch (that was committed blindly)

---
 vchat-ssl.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'vchat-ssl.c')

diff --git a/vchat-ssl.c b/vchat-ssl.c
index b344d10..b052d84 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -168,7 +168,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
   FILE *fingerprint_file = NULL;
   char * fp = fingerprint;
 
-  long result;
+  long result, j;
 
   if( !ctx )
     return 1;
@@ -220,7 +220,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
 
   assert ( ( fingerprint_len > 1 ) && (fingerprint_len <= EVP_MAX_MD_SIZE ));
   for (j=0; j<(int)fingerprint_len; j++)
-    fp += sprintf(nf, "%02X:", fingerprint_bin[j]);
+    fp += sprintf(fp, "%02X:", fingerprint_bin[j]);
   assert ( fp > fingerprint );
   fp[-1] = 0;
   snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT  ] from server: %s", fingerprint);
@@ -229,16 +229,8 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
   /* we don't need the peercert anymore */
   X509_free(peercert);
 
-  /* If verify of x509 chain was requested, do the check here */
-  result = SSL_get_verify_result(sslp);
-  if (result != X509_V_OK && !getintoption(CF_IGNSSL) )
-    goto ssl_error;
-
-  if (result != X509_V_OK)
-    writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
-
   /* verify fingerprint */
-  if (getintoption(CF_PIN_FINGERPRINT)) {
+  if (getintoption(CF_PINFINGER)) {
 
     fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "r");
     if (fingerprint_file) {
@@ -276,6 +268,17 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
     return 0;
   }
 
+  /* If verify of x509 chain was requested, do the check here */
+  result = SSL_get_verify_result(sslp);
+
+  if (result == X509_V_OK)
+    return 0;
+
+  if (getintoption(CF_IGNSSL)) {
+    writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
+    return 0;
+  }
+
 ssl_error:
   snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", ERR_error_string (ERR_get_error (), NULL));
   writecf(FS_ERR, tmpstr);
-- 
cgit v1.2.3