One of our QA guys here tried to feed a binary DER file to the routines in
by_file() by way of mod_ssl. Unfortunately, X509_STORE_load_locations()
ignores the return values of X509_LOOKUP_load_file and X509_LOOKUP_add_dir,
so if they fail (for whatever reason), the function still returns success,
and mod_ssl thinks all is well with the world.
This patch makes load_locations() return an error immediately if the file
or directory could not be processed.
-Bill P.
Index: x509_d2.c
===================================================================
RCS file: /usr/aventail/src/cvsroot/sdk/openssl/crypto/x509/x509_d2.c,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -c -w -r1.1.1.1 -r1.1.1.1.2.1
*** x509_d2.c 1999/05/04 18:30:43 1.1.1.1
--- x509_d2.c 1999/10/11 18:03:49 1.1.1.1.2.1
***************
*** 94,106 ****
{
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
if (lookup == NULL) return(0);
! X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
}
if (path != NULL)
{
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
if (lookup == NULL) return(0);
! X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
}
if ((path == NULL) && (file == NULL))
return(0);
--- 94,112 ----
{
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
if (lookup == NULL) return(0);
! if (!X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM))
! {
! return(0);
! }
}
if (path != NULL)
{
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
if (lookup == NULL) return(0);
! if (!X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM))
! {
! return(0);
! }
}
if ((path == NULL) && (file == NULL))
return(0);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
