Hi,
I guess there is a coding error here inside the
check_purpose_ssl_server() function
that causes the excecution of the following line in case of a server
side CA-
Check:
if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
Got a problem when connecting to https://meine.db24.de with
s_client (with correct Root-CA installed).
What do you think?
Suggesting the following fix:
prompt> diff 95a_SSL/crypto/x509v3/v3_purp.c
95a_SSL_new/crypto/x509v3/v3_purp.c
360c360
< static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
---
> static int check_purpose_ssl_ca(X509_PURPOSE *xp, X509 *x, int ca)
362,363d361
< if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
< if(ca) {
374c372,378
< }
---
> }
>
> static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
> {
> if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
> if(ca) return check_purpose_ssl_ca(xp, x, 1);
>
386c390
< if(ca) return check_purpose_ssl_client(xp, x, 1);
---
> if(ca) return check_purpose_ssl_ca(xp, x, 1);
Please reply directly to my e-mail-address because I did not subsribe
to the mailing list.
RG
--
***************************************************************
Ren� Grosser phone: +49 30 533289-0
HiSolutions Software GmbH fax: +49 30 533289-99
Bouch�strasse 12 mailto:[EMAIL PROTECTED]
D-12435 Berlin www: http://www.HiSolutions.com/
***************************************************************
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
