[PATCH] - OS390-Unix (EBCDIC) 0.9.8e
When an OpenSSL server built on z/OS is using client verification, the
following error is incurred:
0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
From tracing, we found the correct certificate was being returned. We found
the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as
the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior
to the validation process.
John B. Young
Here's the patch, in diff -u form:
--- old/x509_vfy.c 2007-12-11 10:43:14.0 -0800
+++ new/x509_vfy.c 2007-12-11 10:38:18.0 -0800
@@ -1045,6 +1045,9 @@
int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
{
char *str;
+#ifdef CHARSET_EBCDIC
+ char strx[40];
+#endif
ASN1_TIME atm;
long offset;
char buff1[24],buff2[24],*p;
@@ -1052,7 +1055,12 @@
p=buff1;
i=ctm-length;
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic( strx, ctm-data, ctm-length );
+ str=strx;
+#else
str=(char *)ctm-data;
+#endif
if (ctm-type == V_ASN1_UTCTIME)
{
if ((i 11) || (i 17)) return 0;
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
