Here is a sample program
main()
{
SSL_library_init();
SSL_load_error_strings();
SSL_METHOD* meth = SSLv23_client_method();
SSL_CTX* ctx = SSL_CTX_new (meth);
X509_STORE* store = SSL_CTX_get_cert_store(ctx);
X509_LOOKUP* lu = X509_STORE_add_lookup(store, X509_LOOKUP_file());
static char crl[] = "stress.crl";
X509_load_crl_file(lu, crl, X509_FILETYPE_ASN1);
if (X509_load_crl_file(lu, crl, X509_FILETYPE_PEM) != 1)
printf("failure");
else
printf("success");
return 0;
}
This one prints failure, but if i remove the first call to
X509_load_crl_file() it would print success. Attached is the crl file
used for testing. I suggest that the error is caused by some
non-initialized data so it may or may not happen on your system.
Alex Fishman
On Fri, 3 Dec 2004 23:48:27 +0100, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Fri, Dec 03, 2004, Alex Fishman wrote:
>
>
>
> > Hello,
> >
> > There seems to be a problem with X509_load_crl_file() function. It
> > occasionally fails on perfectly valid PEM crl files (in my case with
> > 101 code). I traced the problem to non-reset error context. It can be
> > fixed by placing ERR_clear_error() call at the beginning of the
> > function.
> > I can post a sample code demonstrating the bug if somebody is interested.
> > I'm using a slightly outdated 0.9.7c version but I've checked the
> > latest 0.9.7e version and it seems to have the same bug.
> >
>
> Yes please post some sample code that demonstrates this.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
stress.crl
Description: application/pkix-crl
