Return-Path: 
 <dev-return-69842-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 76298 invoked from network); 25 Oct 2010 05:48:19 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 25 Oct 2010 05:48:19 -0000
Received: (qmail 64142 invoked by uid 500); 25 Oct 2010 05:48:19 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 63836 invoked by uid 500); 25 Oct 2010 05:48:16 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 63826 invoked by uid 99); 25 Oct 2010 05:48:15 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Oct 2010 05:48:15 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 25 Oct 2010 05:48:15 +0000
Received: (qmail 76229 invoked by uid 2161); 25 Oct 2010 05:47:54 -0000
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by euler.heimnetz.de (Postfix) with ESMTP id 7BEB424072
	for <dev@httpd.apache.org>; Mon, 25 Oct 2010 07:48:19 +0200 (CEST)
Message-ID: <4CC51A23.4090507@apache.org>
Date: Mon, 25 Oct 2010 07:48:19 +0200
From: Ruediger Pluem <rpluem@apache.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
 rv:1.8.1.24) Gecko/20100301 SeaMonkey/1.1.19
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: svn commit: r1026906 - in /httpd/httpd/trunk: CHANGES
 modules/ssl/ssl_engine_init.c
References: <20101024221416.3E631238890A@eris.apache.org>
In-Reply-To: <20101024221416.3E631238890A@eris.apache.org>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit



On 10/25/2010 12:14 AM, sf@apache.org wrote:
> Author: sf
> Date: Sun Oct 24 22:14:15 2010
> New Revision: 1026906
> 
> URL: http://svn.apache.org/viewvc?rev=1026906&view=rev
> Log:
> Make sure to always log an error if loading of CA certificates fails
> 
> PR: 40312
> Submitted by: Paul Tiemann <issues apache org ourdetour com>
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> 
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1026906&r1=1026905&r2=1026906&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Oct 24 22:14:15 2010
> @@ -658,7 +658,7 @@ static void ssl_init_ctx_verify(server_r
>              ca_list = ssl_init_FindCAList(s, ptemp,
>                                            mctx->auth.ca_cert_file,
>                                            mctx->auth.ca_cert_path);
> -        if (!ca_list) {
> +        if (sk_X509_NAME_num(ca_list) == 0) {

Can we be sure that ca_list != NULL or that sk_X509_NAME_num can handle NULL?

Regards

Rüdiger