I noticed a problem - when the CA list we were loading from a file
(standard verify_locations stuff) contained a duplicate certificate all
certificates after the duplicate would be ignored.  This patch alters
X509_load_cert_file() so that if an error occurs looking at one
certificate the routine will continue and look for others in the file.

Objections? Mark.

Index: by_file.c
===================================================================
RCS file: /usr/local/cvsroot-rsync-openssl/openssl/crypto/x509/by_file.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 by_file.c
--- by_file.c   1998/12/21 10:55:40     1.1.1.2
+++ by_file.c   1999/04/10 11:20:47
@@ -178,8 +178,12 @@
                                        }
                                }
                        i=X509_STORE_add_cert(ctx->store_ctx,x);
-                       if (!i) goto err;
-                       count++;
+                       /* ignore any problems with current certificate 
+                           and continue with the next one */
+                       if (i)
+                           count++;
+                       else
+                           ERR_clear_error();
                        X509_free(x);
                        x=NULL;
                        }
@@ -194,7 +198,8 @@
                        goto err;
                        }
                i=X509_STORE_add_cert(ctx->store_ctx,x);
-               if (!i) goto err;
+               if (!i)
+                 ERR_clear_error();
                ret=i;
                }
        else




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to