Pull in vdukhovni/ssl_dane 8270afba fix

Negating an int and comparing to another int was a bug which we got
lucky on.

diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index bb927383fc879bd6a8288bba1c91467b313e5609..97acccb5ab9fa1e7395b60991edd6004ecd2902a 100644 (file)
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -667,7 +667,7 @@ for (n = sk_X509_num(in); n > 0; --n, ++depth)
     {
     if (grow_chain(dane, UNTRUSTED, ca))
       {
     {
     if (grow_chain(dane, UNTRUSTED, ca))
       {

-      if (!X509_check_issued(ca, ca) == X509_V_OK)
+      if (X509_check_issued(ca, ca) != X509_V_OK)

        {
        /* Restart with issuer as subject */
        cert = ca;
        {
        /* Restart with issuer as subject */
        cert = ca;