On Sat, Dec 04, 2004, Alex Fishman wrote:
> Here is a sample program
>
> main()
> {
> SSL_library_init();
> SSL_load_error_strings();
> SSL_METHOD* meth = SSLv23_client_method();
> SSL_CTX* ctx = SSL_CTX_new (meth);
>
> X509_STORE* store = SSL_CTX_get_cert_store(ctx);
> X509_LOOKUP* lu = X509_STORE_add_lookup(store, X509_LOOKUP_file());
>
> static char crl[] = "stress.crl";
>
> X509_load_crl_file(lu, crl, X509_FILETYPE_ASN1);
>
> if (X509_load_crl_file(lu, crl, X509_FILETYPE_PEM) != 1)
> printf("failure");
> else
> printf("success");
>
> return 0;
> }
>
> This one prints failure, but if i remove the first call to
> X509_load_crl_file() it would print success. Attached is the crl file
> used for testing. I suggest that the error is caused by some
> non-initialized data so it may or may not happen on your system.
>
Thank you for the report and test program.
The cause is a bug in the X509_load_crl_file() routine which checked the first
error rather than the last one: so it would only work if the first error and
last one were the same. Normally that would be if there was only one error.
I've committed a fix.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
