I'll look at it in a few days. Right now, I feel unsure about all the
implications of such a change.
[EMAIL PROTECTED] - Fri Jul 11 21:14:39 2003]:
OPENSSL VERSION: 0.9.6j
PLATFORM: all
SEVERITY: minor
In x509_vfy.c:X509_verify_cert, there are some cases where an error
occurs and ctx-error is set, but the error isn't added to the error
stack (with X509err). The only cases where this happens are when the
verify callback is called (so that it can potentially handle or ignore
the error), but if the callback fails (returns 0), the error still isn't
added to the openssl error stack. It would be nice to get the error
info (file, line number, etc.) from that error, by calling
X509err(X509_F_ERR_VERIFY_CERT, ctx-error) if the callback fails.
--
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
