diff options
author | Joe Orton <jorton@apache.org> | 2005-09-01 11:58:58 +0000 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2005-09-01 11:58:58 +0000 |
commit | 407dc73f4314d655a041147b1d7291b2b06602ed (patch) | |
tree | bf4a3ba6ac0720e02add809c6f7e916edffc2405 | |
parent | 38454d45fea2f3a01678f22dbb998e7bcb345a4f (diff) | |
download | httpd-407dc73f4314d655a041147b1d7291b2b06602ed.tar.gz |
* modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors
returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect
malformed or misconfigured CRLs. Clear error stack beforehand to
ensure reported errors are relevant.
PR: 36438
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@265702 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | modules/ssl/ssl_util_ssl.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c index ef8eb6668b..9a464c2560 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c @@ -202,6 +202,9 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath) { X509_STORE *pStore; X509_LOOKUP *pLookup; + int rv = 1; + + ERR_clear_error(); if (cpFile == NULL && cpPath == NULL) return NULL; @@ -213,17 +216,17 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath) X509_STORE_free(pStore); return NULL; } - X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM); + rv = X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM); } - if (cpPath != NULL) { + if (cpPath != NULL && rv == 1) { pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir()); if (pLookup == NULL) { X509_STORE_free(pStore); return NULL; } - X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM); + rv = X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM); } - return pStore; + return rv == 1 ? pStore : NULL; } int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType, |