Fix some tabs in the last patch.

[shibboleth/cpp-xmltooling.git] / xmltooling / security / impl / PKIXPathValidator.cpp

diff --git a/xmltooling/security/impl/PKIXPathValidator.cpp b/xmltooling/security/impl/PKIXPathValidator.cpp
index 9a11070..ce8d894 100644 (file)
--- a/xmltooling/security/impl/PKIXPathValidator.cpp
+++ b/xmltooling/security/impl/PKIXPathValidator.cpp
@@ -338,7 +338,7 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path
         // (subsequent calls will fail with OpenSSL 1.0.1p / 1.0.2d or later).
         X509_STORE_CTX_cleanup(&ctx);
 
-       // When we add CRLs, we have to be sure the nextUpdate hasn't passed, because OpenSSL won't accept
+        // When we add CRLs, we have to be sure the nextUpdate hasn't passed, because OpenSSL won't accept
         // the CRL in that case. If we end up not adding a CRL for a particular link in the chain, the
         // validation will fail (if the fullChain option was set).
         set<string> crlissuers;
@@ -399,24 +399,24 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path
         // Do a second pass verify with CRLs in place. Reinitialize ctx, see
         // https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=aae41f8c54257d9fa6904d3a9aa09c5db6cefd0d
 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-               if (X509_STORE_CTX_init(&ctx,store,EE,untrusted) != 1) {
-                       log_openssl();
-                       m_log.error("unable to initialize X509_STORE_CTX");
-                       ret = 0;
-               }
+        if (X509_STORE_CTX_init(&ctx,store,EE,untrusted) != 1) {
+            log_openssl();
+            m_log.error("unable to initialize X509_STORE_CTX");
+            ret = 0;
+        }
 #else
-       X509_STORE_CTX_init(&ctx,store,EE,untrusted);
+        X509_STORE_CTX_init(&ctx,store,EE,untrusted);
 #endif
-       if (ret != 0) {
-                       X509_STORE_CTX_trusted_stack(&ctx,CAstack);
-                       X509_STORE_CTX_set_depth(&ctx,100);  // already checked above
-                       X509_STORE_CTX_set_verify_cb(&ctx,error_callback);
-                       if (pkixParams->getRevocationChecking() == PKIXPathValidatorParams::REVOCATION_FULLCHAIN)
-                               X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
-                       else
-                               X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK);
-                       ret = X509_verify_cert(&ctx);
-       }
+        if (ret != 0) {
+            X509_STORE_CTX_trusted_stack(&ctx,CAstack);
+            X509_STORE_CTX_set_depth(&ctx,100);  // already checked above
+            X509_STORE_CTX_set_verify_cb(&ctx,error_callback);
+            if (pkixParams->getRevocationChecking() == PKIXPathValidatorParams::REVOCATION_FULLCHAIN)
+                X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+            else
+                X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK);
+            ret = X509_verify_cert(&ctx);
+        }
 #else
         m_log.warn("CRL checking is enabled, but OpenSSL version is too old");
         ret = 0;