I have some code that I could use to verify certificate, and that's not
able to do it anymore when compiled with 0.9.6
I traced this to the following line (330) in the file by_dir.c
This line has been changed from 0.9.5 to 0.9.6.
I think the last argument in the call to sk_X509_OBJECT_value should be
j instead of I.
The check works for me again with the following change.
CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
- if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i);
+ if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
else tmp = NULL;
CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
What I don't get is why this bug does not appear when using "opensssl
-verify" or in the tests ?
I make the verification using a call to X509_verify_cert.
When the call returns, they are some errors left in the error stack from
a call to check_issued to check if the check is self-signed or not.
Is this a normal behaviour ?
Are this two problems a sign that I should update my code and use
another method for verification ?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
