From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 4 Aug 2015 14:03:23 +0000 (-0400)
Subject: Fix some tabs in the last patch.
X-Git-Tag: 1.5.6~1
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-xmltooling.git;a=commitdiff_plain;h=30a436426f6fe4dd9f9657d131d09853fbd7b217

Fix some tabs in the last patch.
---

diff --git a/xmltooling/security/impl/PKIXPathValidator.cpp b/xmltooling/security/impl/PKIXPathValidator.cpp
index 9a11070..ce8d894 100644
--- a/xmltooling/security/impl/PKIXPathValidator.cpp
+++ b/xmltooling/security/impl/PKIXPathValidator.cpp
@@ -338,7 +338,7 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path
         // (subsequent calls will fail with OpenSSL 1.0.1p / 1.0.2d or later).
         X509_STORE_CTX_cleanup(&ctx);
 
-    	// When we add CRLs, we have to be sure the nextUpdate hasn't passed, because OpenSSL won't accept
+        // When we add CRLs, we have to be sure the nextUpdate hasn't passed, because OpenSSL won't accept
         // the CRL in that case. If we end up not adding a CRL for a particular link in the chain, the
         // validation will fail (if the fullChain option was set).
         set<string> crlissuers;
@@ -399,24 +399,24 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path
         // Do a second pass verify with CRLs in place. Reinitialize ctx, see
         // https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=aae41f8c54257d9fa6904d3a9aa09c5db6cefd0d
 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-		if (X509_STORE_CTX_init(&ctx,store,EE,untrusted) != 1) {
-			log_openssl();
-			m_log.error("unable to initialize X509_STORE_CTX");
-			ret = 0;
-		}
+        if (X509_STORE_CTX_init(&ctx,store,EE,untrusted) != 1) {
+            log_openssl();
+            m_log.error("unable to initialize X509_STORE_CTX");
+            ret = 0;
+        }
 #else
-    	X509_STORE_CTX_init(&ctx,store,EE,untrusted);
+        X509_STORE_CTX_init(&ctx,store,EE,untrusted);
 #endif
-    	if (ret != 0) {
-			X509_STORE_CTX_trusted_stack(&ctx,CAstack);
-			X509_STORE_CTX_set_depth(&ctx,100);  // already checked above
-			X509_STORE_CTX_set_verify_cb(&ctx,error_callback);
-			if (pkixParams->getRevocationChecking() == PKIXPathValidatorParams::REVOCATION_FULLCHAIN)
-				X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
-			else
-				X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK);
-			ret = X509_verify_cert(&ctx);
-    	}
+        if (ret != 0) {
+            X509_STORE_CTX_trusted_stack(&ctx,CAstack);
+            X509_STORE_CTX_set_depth(&ctx,100);  // already checked above
+            X509_STORE_CTX_set_verify_cb(&ctx,error_callback);
+            if (pkixParams->getRevocationChecking() == PKIXPathValidatorParams::REVOCATION_FULLCHAIN)
+                X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+            else
+                X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK);
+            ret = X509_verify_cert(&ctx);
+        }
 #else
         m_log.warn("CRL checking is enabled, but OpenSSL version is too old");
         ret = 0;