diff -up openssl-0.9.8g/apps/speed.c.verifysig openssl-0.9.8g/apps/speed.c

--- openssl-0.9.8g/apps/speed.c.verifysig	2009-01-07 16:09:11.000000000 +0100

+++ openssl-0.9.8g/apps/speed.c	2009-01-07 16:11:13.000000000 +0100

@@ -2132,7 +2132,7 @@ int MAIN(int argc, char **argv)

 				{

 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,

 					rsa_num, rsa_key[j]);

-				if (ret == 0)

+				if (ret <= 0)

 					{

 					BIO_printf(bio_err,

 						"RSA verify failure\n");

diff -up openssl-0.9.8g/apps/verify.c.verifysig openssl-0.9.8g/apps/verify.c

--- openssl-0.9.8g/apps/verify.c.verifysig	2004-11-29 12:28:07.000000000 +0100

+++ openssl-0.9.8g/apps/verify.c	2009-01-07 16:11:13.000000000 +0100

@@ -266,7 +266,7 @@ static int check(X509_STORE *ctx, char *

 	ret=0;

 end:

-	if (i)

+	if (i > 0)

 		{

 		fprintf(stdout,"OK\n");

 		ret=1;

@@ -367,4 +367,3 @@ static int MS_CALLBACK cb(int ok, X509_S

 		ERR_clear_error();

 	return(ok);

 	}

-

diff -up openssl-0.9.8g/apps/spkac.c.verifysig openssl-0.9.8g/apps/spkac.c

--- openssl-0.9.8g/apps/spkac.c.verifysig	2005-04-05 21:11:18.000000000 +0200

+++ openssl-0.9.8g/apps/spkac.c	2009-01-07 16:11:13.000000000 +0100

@@ -285,7 +285,7 @@ bad:

 	pkey = NETSCAPE_SPKI_get_pubkey(spki);

 	if(verify) {

 		i = NETSCAPE_SPKI_verify(spki, pkey);

-		if(i) BIO_printf(bio_err, "Signature OK\n");

+		if (i > 0) BIO_printf(bio_err, "Signature OK\n");

 		else {

 			BIO_printf(bio_err, "Signature Failure\n");

 			ERR_print_errors(bio_err);

diff -up openssl-0.9.8g/apps/x509.c.verifysig openssl-0.9.8g/apps/x509.c

--- openssl-0.9.8g/apps/x509.c.verifysig	2005-07-16 13:13:03.000000000 +0200

+++ openssl-0.9.8g/apps/x509.c	2009-01-07 16:11:13.000000000 +0100

@@ -1144,7 +1144,7 @@ static int x509_certify(X509_STORE *ctx,

 	/* NOTE: this certificate can/should be self signed, unless it was

 	 * a certificate request in which case it is not. */

 	X509_STORE_CTX_set_cert(&xsc,x);

-	if (!reqfile && !X509_verify_cert(&xsc))

+	if (!reqfile && X509_verify_cert(&xsc) <= 0)

 		goto end;

 	if (!X509_check_private_key(xca,pkey))

diff -up openssl-0.9.8g/ssl/s2_clnt.c.verifysig openssl-0.9.8g/ssl/s2_clnt.c

--- openssl-0.9.8g/ssl/s2_clnt.c.verifysig	2007-09-06 14:43:53.000000000 +0200

+++ openssl-0.9.8g/ssl/s2_clnt.c	2009-01-07 16:11:32.000000000 +0100

@@ -1044,7 +1044,7 @@ int ssl2_set_certificate(SSL *s, int typ

 	i=ssl_verify_cert_chain(s,sk);

-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))

+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))

 		{

 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);

 		goto err;

diff -up openssl-0.9.8g/ssl/s2_srvr.c.verifysig openssl-0.9.8g/ssl/s2_srvr.c

--- openssl-0.9.8g/ssl/s2_srvr.c.verifysig	2007-09-06 14:43:53.000000000 +0200

+++ openssl-0.9.8g/ssl/s2_srvr.c	2009-01-07 16:12:54.000000000 +0100

@@ -1054,7 +1054,7 @@ static int request_certificate(SSL *s)

 	i=ssl_verify_cert_chain(s,sk);

-	if (i)	/* we like the packet, now check the chksum */

+	if (i > 0)	/* we like the packet, now check the chksum */

 		{

 		EVP_MD_CTX ctx;

 		EVP_PKEY *pkey=NULL;

@@ -1083,7 +1083,7 @@ static int request_certificate(SSL *s)

 		EVP_PKEY_free(pkey);

 		EVP_MD_CTX_cleanup(&ctx;;

-		if (i) 

+		if (i > 0) 

 			{

 			if (s->session->peer != NULL)

 				X509_free(s->session->peer);

diff -up openssl-0.9.8g/ssl/s3_clnt.c.verifysig openssl-0.9.8g/ssl/s3_clnt.c

--- openssl-0.9.8g/ssl/s3_clnt.c.verifysig	2009-01-07 16:09:11.000000000 +0100

+++ openssl-0.9.8g/ssl/s3_clnt.c	2009-01-07 16:11:32.000000000 +0100

@@ -940,7 +940,7 @@ int ssl3_get_server_certificate(SSL *s)

 		}

 	i=ssl_verify_cert_chain(s,sk);

-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)

+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)

 #ifndef OPENSSL_NO_KRB5

 	        && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))

 	        != (SSL_aKRB5|SSL_kKRB5)

@@ -1425,7 +1425,7 @@ int ssl3_get_key_exchange(SSL *s)

 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

 			EVP_VerifyUpdate(&md_ctx,param,param_len);

-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))

+			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)

 				{

 				/* bad signature */

 				al=SSL_AD_DECRYPT_ERROR;

@@ -1443,7 +1443,7 @@ int ssl3_get_key_exchange(SSL *s)

 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

 			EVP_VerifyUpdate(&md_ctx,param,param_len);

-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))

+			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)

 				{

 				/* bad signature */

 				al=SSL_AD_DECRYPT_ERROR;

diff -up openssl-0.9.8g/ssl/ssltest.c.verifysig openssl-0.9.8g/ssl/ssltest.c

--- openssl-0.9.8g/ssl/ssltest.c.verifysig	2009-01-07 16:09:11.000000000 +0100

+++ openssl-0.9.8g/ssl/ssltest.c	2009-01-07 16:11:32.000000000 +0100

@@ -2061,7 +2061,7 @@ static int MS_CALLBACK app_verify_callba

 	if (cb_arg->proxy_auth)

 		{

-		if (ok)

+		if (ok > 0)

 			{

 			const char *cond_end = NULL;

diff -up openssl-0.9.8g/ssl/s3_srvr.c.verifysig openssl-0.9.8g/ssl/s3_srvr.c

--- openssl-0.9.8g/ssl/s3_srvr.c.verifysig	2007-09-30 20:55:59.000000000 +0200

+++ openssl-0.9.8g/ssl/s3_srvr.c	2009-01-07 16:11:32.000000000 +0100

@@ -2519,7 +2519,7 @@ int ssl3_get_client_certificate(SSL *s)

 	else

 		{

 		i=ssl_verify_cert_chain(s,sk);

-		if (!i)

+		if (i <= 0)

 			{

 			al=ssl_verify_alarm_type(s->verify_result);

 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);