I noticed a problem - when the CA list we were loading from a file
(standard verify_locations stuff) contained a duplicate certificate all
certificates after the duplicate would be ignored. This patch alters
X509_load_cert_file() so that if an error occurs looking at one
certificate the routine will continue and look for others in the file.
Objections? Mark.
Index: by_file.c
===================================================================
RCS file: /usr/local/cvsroot-rsync-openssl/openssl/crypto/x509/by_file.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 by_file.c
--- by_file.c 1998/12/21 10:55:40 1.1.1.2
+++ by_file.c 1999/04/10 11:20:47
@@ -178,8 +178,12 @@
}
}
i=X509_STORE_add_cert(ctx->store_ctx,x);
- if (!i) goto err;
- count++;
+ /* ignore any problems with current certificate
+ and continue with the next one */
+ if (i)
+ count++;
+ else
+ ERR_clear_error();
X509_free(x);
x=NULL;
}
@@ -194,7 +198,8 @@
goto err;
}
i=X509_STORE_add_cert(ctx->store_ctx,x);
- if (!i) goto err;
+ if (!i)
+ ERR_clear_error();
ret=i;
}
else
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]