[openssl.org #1131] Patch for 0.9.8beta6 by_dir.c

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #1131] Patch for 0.9.8beta6 by_dir.c

Rich Salz via RT

Patch applied and committed on all active branches.  Thanks!

Ticket resolved.

[[hidden email] - Thu Jun 23 11:40:36 2005]:

> On April 24th, I wrote to openssl-dev:
>
> > Also, the function "dir_ctrl" in crypto/x509/by_dir.c looks wrong to
> > me. Shouldn't it be checking for the environment variable first,
then
> > getting the default if no environment variable is specified (the way
> > by_file_ctrl does in crypto/x509/by_file.c)? Sorry if I am
misreading

> > what that function is doing. The code looks the same in 0.9.7 and
> > 0.9.8.
>
> I have done some more testing, and openssl is indeed using certs from
> the default directory, even if a different directory is specified
> by SSL_CERT_DIR. This patch changes the logic to what we have in
> by_file.c. That is, if SSL_CERT_DIR is defined in the environment,
> openssl uses it exclusively for the directory of hashed certs. If
> SSL_CERT_DIR is not defined, then the default directory is used.
>
> Since I am in the US, a copy of the patch is being forwarded to the
> appropriate US government agencies.
>
>                           Doug
>
> --- crypto/x509/by_dir.c.ori 2004-01-22 14:36:46.000000000 -0800
> +++ crypto/x509/by_dir.c 2005-06-22 12:09:00.000000000 -0800
> @@ -122,19 +122,19 @@
>   {
>   case X509_L_ADD_DIR:
>   if (argl == X509_FILETYPE_DEFAULT)
> + dir=(char *)Getenv(X509_get_default_cert_dir_env());
> + if (dir)
> + ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
> + else
>   {
>   ret=add_cert_dir(ld,X509_get_default_cert_dir(),
>   X509_FILETYPE_PEM);
> + }
>   if (!ret)
>   {
>   X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR
);
>   }
> - else
> - {
> - dir=(char *)
Getenv(X509_get_default_cert_dir_env());
> - ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
> - }
> - }
> +
>   else
>   ret=add_cert_dir(ld,argp,(int)argl);
>   break;

--
Richard Levitte
[hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]