subject:"openssl\(1\)\: fix bug loading default certificate path locations"

Re: openssl(1): fix bug loading default certificate path locations

2016-06-20 Thread Bob Beck


sure.. ok


On Mon, Jun 20, 2016 at 08:35:13AM -0500, Brent Cook wrote:
> 
> This fixes a bug where the default certificate path locations would only
> be loaded if the CAfile or CApath locations were succesfully loaded
> first. Original patch from OpenSSL:
> 
> https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190
> 
> Noted here on the LibreSSL-portable github tracker:
> 
> https://github.com/libressl-portable/openbsd/issues/62
> 
> ok?
> 
> Index: s_client.c
> ===
> RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 s_client.c
> --- s_client.c1 Dec 2015 12:01:56 -   1.27
> +++ s_client.c20 Jun 2016 13:31:43 -
> @@ -728,15 +728,13 @@ bad:
>   if (!set_cert_key_stuff(ctx, cert, key))
>   goto end;
> 
> - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
> - (!SSL_CTX_set_default_verify_paths(ctx))) {
> - /*
> -  * BIO_printf(bio_err,"error setting default verify
> -  * locations\n");
> -  */
> + if ((CAfile || CApath)
> + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
>   ERR_print_errors(bio_err);
> - /* goto end; */
> - }
> +
> + if (!SSL_CTX_set_default_verify_paths(ctx))
> + ERR_print_errors(bio_err);
> +
>   if (servername != NULL) {
>   tlsextcbp.biodebug = bio_err;
>   SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
>

openssl(1): fix bug loading default certificate path locations

2016-06-20 Thread Brent Cook


This fixes a bug where the default certificate path locations would only
be loaded if the CAfile or CApath locations were succesfully loaded
first. Original patch from OpenSSL:

https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190

Noted here on the LibreSSL-portable github tracker:

https://github.com/libressl-portable/openbsd/issues/62

ok?

Index: s_client.c
===
RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.27
diff -u -p -r1.27 s_client.c
--- s_client.c  1 Dec 2015 12:01:56 -   1.27
+++ s_client.c  20 Jun 2016 13:31:43 -
@@ -728,15 +728,13 @@ bad:
if (!set_cert_key_stuff(ctx, cert, key))
goto end;

-   if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-   (!SSL_CTX_set_default_verify_paths(ctx))) {
-   /*
-* BIO_printf(bio_err,"error setting default verify
-* locations\n");
-*/
+   if ((CAfile || CApath)
+   && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
ERR_print_errors(bio_err);
-   /* goto end; */
-   }
+
+   if (!SSL_CTX_set_default_verify_paths(ctx))
+   ERR_print_errors(bio_err);
+
if (servername != NULL) {
tlsextcbp.biodebug = bio_err;
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

Re: openssl(1): fix bug loading default certificate path locations

openssl(1): fix bug loading default certificate path locations

2 matches

Site Navigation

Mail list logo

Footer information