In 0.9.7-b1, an invalid value for the CAfile parameter in a call to openssl ocsp generates a core dump when verifying OCSP requests.
When the setup_verify function fails because it can not open the CAfile parameters, it returns NULL. The function OCSP_basic_verify that is called just after that does not support a value of NULL for it's store parameters and core dumps. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
