Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 52076 invoked from network); 1 Jun 2005 09:15:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Jun 2005 09:15:40 -0000 Received: (qmail 4394 invoked by uid 500); 1 Jun 2005 09:15:39 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 4302 invoked by uid 500); 1 Jun 2005 09:15:38 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 4283 invoked by uid 99); 1 Jun 2005 09:15:38 -0000 X-ASF-Spam-Status: No, hits=0.4 required=10.0 tests=NO_REAL_NAME,UPPERCASE_25_50 X-Spam-Check-By: apache.org Received: from ajax-1.apache.org (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 01 Jun 2005 02:15:36 -0700 Received: by ajax.apache.org (Postfix, from userid 99) id AA51F187; Wed, 1 Jun 2005 11:15:22 +0200 (CEST) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 35083] - Certificate validation problems trapping X-Bugzilla-Reason: AssignedTo Message-Id: <20050601091522.AA51F187@ajax.apache.org> Date: Wed, 1 Jun 2005 11:15:22 +0200 (CEST) X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35083 ------- Additional Comments From mstern@csc.com 2005-06-01 11:15 ------- Sorry, I forgot something. Here is the correct version: + orig_verify_mode = filter_ctx->pssl->verify_mode; + if ( sslErrorRedirected ) + filter_ctx->pssl->verify_mode &= ~SSL_VERIFY_FAIL_IF_NO_PEER_CERT; if ((n = SSL_accept(filter_ctx->pssl)) <= 0) { ... verify_result = SSL_get_verify_result(filter_ctx->pssl); + if ( (orig_verify_mode != filter_ctx->pssl->verify_mode) && + !filter_ctx->pssl->session->peer ) { + verify_result = X509_V_ERR_CERT_REJECTED; + sslconn->verify_error = X509_verify_cert_error_string(verify_result); + } if ((verify_result != X509_V_OK) || -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org