httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@oss-institute.org>
Subject Re: svn commit: r1026906 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c
Date Mon, 25 Oct 2010 10:20:25 GMT
On 25/10/2010 06:48, Ruediger Pluem wrote:
> 
> 
> On 10/25/2010 12:14 AM, sf@apache.org wrote:
>> Author: sf
>> Date: Sun Oct 24 22:14:15 2010
>> New Revision: 1026906
>>
>> URL: http://svn.apache.org/viewvc?rev=1026906&view=rev
>> Log:
>> Make sure to always log an error if loading of CA certificates fails
>>
>> PR: 40312
>> Submitted by: Paul Tiemann <issues apache org ourdetour com>
>>
>> Modified:
>>     httpd/httpd/trunk/CHANGES
>>     httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>>
>>
>> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1026906&r1=1026905&r2=1026906&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Oct 24 22:14:15 2010
>> @@ -658,7 +658,7 @@ static void ssl_init_ctx_verify(server_r
>>              ca_list = ssl_init_FindCAList(s, ptemp,
>>                                            mctx->auth.ca_cert_file,
>>                                            mctx->auth.ca_cert_path);
>> -        if (!ca_list) {
>> +        if (sk_X509_NAME_num(ca_list) == 0) {
> 
> Can we be sure that ca_list != NULL or that sk_X509_NAME_num can handle NULL?
> 

sk_*_num() can always handle a NULL argument but it returns -1. So <= 0 covers
all cases.

Steve.
-- 
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org

Mime
View raw message