*** pgsql/src/interfaces/libpq/fe-secure.c	2009/01/19 17:17:50	1.118
--- pgsql/src/interfaces/libpq/fe-secure.c	2009/01/28 15:06:47	1.119
***************
*** 11,17 ****
   *
   *
   * IDENTIFICATION
!  *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.117 2009/01/19 08:59:13 petere Exp $
   *
   * NOTES
   *
--- 11,17 ----
   *
   *
   * IDENTIFICATION
!  *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.118 2009/01/19 17:17:50 tgl Exp $
   *
   * NOTES
   *
*************** client_cert_cb(SSL *ssl, X509 **x509, EV
*** 757,763 ****
  	}
  
  	/* verify that the cert and key go together */
! 	if (!X509_check_private_key(*x509, *pkey))
  	{
  		char	   *err = SSLerrmessage();
  
--- 757,763 ----
  	}
  
  	/* verify that the cert and key go together */
! 	if (X509_check_private_key(*x509, *pkey) != 1)
  	{
  		char	   *err = SSLerrmessage();
  
*************** initialize_SSL(PGconn *conn)
*** 1004,1010 ****
  	{
  		X509_STORE *cvstore;
  
! 		if (!SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL))
  		{
  			char	   *err = SSLerrmessage();
  
--- 1004,1010 ----
  	{
  		X509_STORE *cvstore;
  
! 		if (SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) != 1)
  		{
  			char	   *err = SSLerrmessage();
  
*************** initialize_SSL(PGconn *conn)
*** 1023,1029 ****
  				snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CRL_FILE);
  
  			/* setting the flags to check against the complete CRL chain */
! 			if (X509_STORE_load_locations(cvstore, fnbuf, NULL) != 0)
  /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
  #ifdef X509_V_FLAG_CRL_CHECK
  				X509_STORE_set_flags(cvstore,
--- 1023,1029 ----
  				snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CRL_FILE);
  
  			/* setting the flags to check against the complete CRL chain */
! 			if (X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1)
  /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
  #ifdef X509_V_FLAG_CRL_CHECK
  				X509_STORE_set_flags(cvstore,