x509_vfy.c: Improve comments (correcting typos etc.)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13606)
2025-01-18 13:44:20 +08:00 · 2020-12-03 11:10:19 +01:00 · 2020-12-03 11:10:19 +01:00 · e99505b4d0
commit e99505b4d0
parent f974b61077
1 changed files with 13 additions and 13 deletions
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -154,9 +154,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)

 /*-
 * Inform the verify callback of an error.
- * If B<x> is not NULL it is the error cert, otherwise use the chain cert at
- * B<depth>.
- * If B<err> is not X509_V_OK, that's the error value, otherwise leave
+ * If 'x' is not NULL it is the error cert, otherwise use the chain cert at
+ * 'depth'
+ * If 'err' is not X509_V_OK, that's the error value, otherwise leave
 * unchanged (presumably set by the caller).
 *
 * Returns 0 to abort verification with an error, non-zero to continue.
@ -501,7 +501,7 @@ static int check_chain(X509_STORE_CTX *ctx)
            CHECK_CB(ret == 0, ctx, x, i, X509_V_ERR_EC_KEY_EXPLICIT_PARAMS);
        }
        /*
-         * Do the following set of checks only if strict checking is requrested
+         * Do the following set of checks only if strict checking is requested
         * and not for self-issued (including self-signed) EE (non-CA) certs
         * because RFC 5280 does not apply to them according RFC 6818 section 2.
         */
@ -576,7 +576,7 @@ static int check_chain(X509_STORE_CTX *ctx)
        /* check_purpose() makes the callback as needed */
        if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
            return 0;
-        /* Check pathlen */
+        /* Check path length */
        CHECK_CB(i > 1 && x->ex_pathlen != -1
                     && plen > x->ex_pathlen + proxy_path_length,
                 ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED);
@ -679,7 +679,7 @@ static int check_name_constraints(X509_STORE_CTX *ctx)

            /*
             * Check that the last subject component isn't part of a
-             * multivalued RDN
+             * multi-valued RDN
             */
            if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
                                                        last_object_loc))
@ -1026,7 +1026,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
            if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD))
                return 0;
        }
-        /* Ignore expiry of base CRL is delta is valid */
+        /* Ignore expiration of base CRL is delta is valid */
        if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
            if (!notify)
                return 0;
@ -1230,7 +1230,7 @@ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
    if (!(crl->flags & EXFLAG_CRITICAL))
        crl_score |= CRL_SCORE_NOCRITICAL;

-    /* Check expiry */
+    /* Check expiration */
    if (check_crl_time(ctx, crl, 0))
        crl_score |= CRL_SCORE_TIME;

@ -1351,7 +1351,7 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
 /*
 * RFC3280 says nothing about the relationship between CRL path and
 * certificate path, which could lead to situations where a certificate could
- * be revoked or validated by a CA not authorised to do so. RFC5280 is more
+ * be revoked or validated by a CA not authorized to do so. RFC5280 is more
 * strict and states that the two paths must end in the same trust anchor,
 * though some discussions remain... until this is resolved we use the
 * RFC5280 version
@ -1804,8 +1804,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
             * step (n) we must check any given key usage extension in a CA cert
             * when preparing the verification of a certificate issued by it.
             * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3
-             * we must not verify a certifiate signature if the key usage of the
-             * CA certificate that issued the certificate prohibits signing.
+             * we must not verify a certificate signature if the key usage of
+             * the CA certificate that issued the certificate prohibits signing.
             * In case the 'issuing' certificate is the last in the chain and is
             * not a CA certificate but a 'self-issued' end-entity cert (i.e.,
             * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply
@ -2009,7 +2009,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
    return 1;
 }

-/* Make a delta CRL as the diff between two full CRLs */
+/* Make a delta CRL as the difference between two full CRLs */

 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
@ -3199,7 +3199,7 @@ static int build_chain(X509_STORE_CTX *ctx)
                }

                /*
-                 * We've added a new trusted certificate to the chain, recheck
+                 * We've added a new trusted certificate to the chain, re-check
                 * trust.  If not done, and not self-signed look deeper.
                 * Whether or not we're doing "trusted first", we no longer
                 * look for untrusted certificates from the peer's chain.