Hi,
> I suggest we dump the whole logic and instead use
> PEM_X509_INFO_read_bio() to read in the whole lot. This is designed to
Hadn't even noticed this function - looks a lot simpler. I'll try it out
and probably move to that for now. Unless someone feels strongly one way
or another about the the by_file_ctrl (as used by
SSL_CTX_load_verify_locations --> X509_STORE_load_locations) issue I'm
going to ignore it.
> read in combinations of CRLs, certificates and private keys. The private
> keys can be discarded (for now).
>
> [and I've just noticed that it will need changing to handle my new trust
> code: erk!]
:-)
> There's an example of its use in apps/crl2p7.c but I'd suggest a better
> way to handle things would be to up the reference counts of the used
> CRLs and certificates then sk_pop_free the whole thing.
Thanks for the pointer - I'll take a look. BTW: Had anyone else noticed
SSL_CTX_load_verify_locations failing when only loading a CA file?? I'd
traced back through the snapshots and the change has (or appears to have)
been there since Oct-27.
Cheers,
ME
----------------------------------------------------------------------
Geoff Thorpe Email: [EMAIL PROTECTED]
Cryptographic Software Engineer, C2Net Europe http://www.int.c2.net
----------------------------------------------------------------------
May I just take this opportunity to say that of all the people I have
EVER emailed, you are definitely one of them.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
