httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
Date Tue, 11 Jun 2002 03:45:54 GMT
dougm       2002/06/10 20:45:54

  Modified:    modules/ssl ssl_engine_kernel.c
  Log:
  in case there is actually a cert chain in the cache, we should be
  using the value of SSL_get_peer_certificate(ssl) to verify as it will
  have been removed from the chain before it was put in the cache.
  
  Revision  Changes    Path
  1.75      +7 -2      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.74
  retrieving revision 1.75
  diff -u -r1.74 -r1.75
  --- ssl_engine_kernel.c	11 Jun 2002 03:19:26 -0000	1.74
  +++ ssl_engine_kernel.c	11 Jun 2002 03:45:54 -0000	1.75
  @@ -710,7 +710,9 @@
   
               cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
   
  -            if (!cert_stack && (cert = SSL_get_peer_certificate(ssl))) {
  +            cert = SSL_get_peer_certificate(ssl);
  +
  +            if (!cert_stack && cert) {
                   /* client cert is in the session cache, but there is
                    * no chain, since ssl3_get_client_certificate()
                    * sk_X509_shift-ed the peer cert out of the chain.
  @@ -736,7 +738,10 @@
                   return HTTP_FORBIDDEN;
               }
   
  -            cert = sk_X509_value(cert_stack, 0);
  +            if (!cert) {
  +                cert = sk_X509_value(cert_stack, 0);
  +            }
  +
               X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
               depth = SSL_get_verify_depth(ssl);
   
  
  
  

Mime
View raw message