On 25/10/2010 06:48, Ruediger Pluem wrote: > > > On 10/25/2010 12:14 AM, [email protected] wrote: >> Author: sf >> Date: Sun Oct 24 22:14:15 2010 >> New Revision: 1026906 >> >> URL: http://svn.apache.org/viewvc?rev=1026906&view=rev >> Log: >> Make sure to always log an error if loading of CA certificates fails >> >> PR: 40312 >> Submitted by: Paul Tiemann <issues apache org ourdetour com> >> >> Modified: >> httpd/httpd/trunk/CHANGES >> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c >> >> >> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1026906&r1=1026905&r2=1026906&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) >> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Oct 24 22:14:15 2010 >> @@ -658,7 +658,7 @@ static void ssl_init_ctx_verify(server_r >> ca_list = ssl_init_FindCAList(s, ptemp, >> mctx->auth.ca_cert_file, >> mctx->auth.ca_cert_path); >> - if (!ca_list) { >> + if (sk_X509_NAME_num(ca_list) == 0) { > > Can we be sure that ca_list != NULL or that sk_X509_NAME_num can handle NULL? >
sk_*_num() can always handle a NULL argument but it returns -1. So <= 0 covers all cases. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
