httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r424584 - in /httpd/httpd/branches/2.2.x/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_engine_init.c ssl_engine_pphrase.c ssl_private.h ssl_util.c
Date Sun, 23 Jul 2006 13:08:52 GMT


On 07/23/2006 02:10 PM, Ben Laurie wrote:
> Joe Orton wrote:

> 
> 
>>- use APR apr_file_* not ANSI C fopen,
> 
> 
> I need a FILE *.

Maybe you could use BIO_new_file / PEM_read_bio_PKCS7 as it is done in similar
situations in other places of mod_ssl.

> 
>>- the server doesn't even start up (without the new stuff configured):
>>
>>[Sun Jul 23 10:25:14 2006] [info] Loading certificate & private key of SSL-aware
server
>>[Sun Jul 23 10:25:14 2006] [error] Can't open \x80\x94|
> 
> 
> Hmmm. Can't reproduce this (on the trunk).

This is pure luck. You should init pkcs7 to NULL in modssl_ctx_init as done for the other
elements of this struct.

> 
> 
>>- fix the compiler warning (and perhaps hence the above):
>>
>>ssl_util.c: In function 'ssl_read_pkcs7':
>>ssl_util.c:271: warning: 'certs' may be used uninitialized in this function
> 
> 
> This won't fix the above. certs is actually only uninitialized if death
> is about to occur.

Then please do

    STACK_OF(X509) *certs = NULL;

instead of

    STACK_OF(X509) *certs;

Regards

RĂ¼diger

Mime
View raw message