Steve,
The only case it would cover is where an application wrongly assumes that the
field must be non-NULL.
The reason why I thought this should be fixed in OpenSSL rather than in
the application code is the following: the application doesn't actually
do anything 'wrong'.
It neither accesses structure fields directly, nor does it pass any
invalid arguments to the functions it calls. It simply
1) loads an X509_REQ, and
2) add extensions to it using X509_REQ_add_extensions().
If the 'attributes' fields is missing from the request, the call to
X509_REQ_add_extensions() crashes. Therefore, I though fixing the
request while loading might be a proper solution.
Regards, Remo
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
