I seem to run into problems sending attachments to openssl-users. I
will send my test code directly upon request.
Ciju
------------------------------------------------------------------------------
Guys,
I am a high level user of code that uses OpenSSL so am not sure if
what I am seeing is an API bug or incorrect usage on my part.
My simple test (see below) tries to load the CA certificates
from two locations (one valid and the other invalid/non-existent). On
Linux as expected SSL_CTX_load_verify_locations() returns 0 for the
invalid location and successfully loads the certificates from the
valid directory. On Windows SSL_CTX_load_verify_locations() fails to
load the certificates from the valid directory.
I have included Makefiles, VC8 solutions files and a README with the
test. I will appreciate someone looking into this issue and letting me
know if this is a valid bug. I have tested this code against several
0.9.8x releases with the same results.
thanks,
Ciju
---------------------------------------------------------------------------------------------
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/safestack.h>
void
report_error (char* file_name, int line)
{
unsigned long error_code = ::ERR_get_error ();
char error_string[256];
(void) ::ERR_error_string (error_code, error_string);
printf ("ERROR: OpenSSL error at (%s|%d) (code: %lu) (reason:
%s)\n", file_name, line
, error_code, error_string);
}
int main ()
{
char *ca_file = 0;
char *valid_dir = "opn_ssl";
char *invalid_dir = "invalid";
::SSLeay_add_ssl_algorithms ();
::SSL_load_error_strings ();
SSL_METHOD *method = 0;
method = ::SSLv23_method ();
SSL_CTX *context_ = ::SSL_CTX_new (method);
if (context_ == 0) {
report_error (__FILE__, __LINE__);
return -1;
}
int mode = 9;
::SSL_CTX_set_verify (context_, mode, 0);
if (::SSL_CTX_load_verify_locations (context_, ca_file, valid_dir) <= 0) {
report_error (__FILE__, __LINE__);
return -1;
}
STACK_OF (X509_NAME) * cert_names;
cert_names = ::SSL_CTX_get_client_CA_list (context_);
if (cert_names == 0)
{
if ((cert_names = sk_X509_NAME_new_null ()) == 0)
{
report_error (__FILE__, __LINE__);
return -1;
}
::SSL_CTX_set_client_CA_list (context_, cert_names);
}
if (0 == ::SSL_add_dir_cert_subjects_to_stack (cert_names, valid_dir))
{
printf ("ERROR: Loading certs in \"%s\" should have
succeeded.\n", valid_dir);
report_error (__FILE__, __LINE__);
return -1;
}
if (0 != ::SSL_add_dir_cert_subjects_to_stack (cert_names, invalid_dir))
{
printf ("ERROR: Loading certs in \"%s\" should'nt have
succeeded.\n", invalid_dir);
report_error (__FILE__, __LINE__);
return -1;
}
return 0;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
