summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Orton <jorton@apache.org>2005-09-01 11:58:58 +0000
committerJoe Orton <jorton@apache.org>2005-09-01 11:58:58 +0000
commit407dc73f4314d655a041147b1d7291b2b06602ed (patch)
treebf4a3ba6ac0720e02add809c6f7e916edffc2405
parent38454d45fea2f3a01678f22dbb998e7bcb345a4f (diff)
downloadhttpd-407dc73f4314d655a041147b1d7291b2b06602ed.tar.gz
* modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors
returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect malformed or misconfigured CRLs. Clear error stack beforehand to ensure reported errors are relevant. PR: 36438 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@265702 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--modules/ssl/ssl_util_ssl.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index ef8eb6668b..9a464c2560 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -202,6 +202,9 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
{
X509_STORE *pStore;
X509_LOOKUP *pLookup;
+ int rv = 1;
+
+ ERR_clear_error();
if (cpFile == NULL && cpPath == NULL)
return NULL;
@@ -213,17 +216,17 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
X509_STORE_free(pStore);
return NULL;
}
- X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
+ rv = X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
}
- if (cpPath != NULL) {
+ if (cpPath != NULL && rv == 1) {
pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir());
if (pLookup == NULL) {
X509_STORE_free(pStore);
return NULL;
}
- X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
+ rv = X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
}
- return pStore;
+ return rv == 1 ? pStore : NULL;
}
int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType,
View Lorry Controller Status