Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 54700 invoked from network); 25 Oct 2010 10:21:01 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 25 Oct 2010 10:21:01 -0000 Received: (qmail 81911 invoked by uid 500); 25 Oct 2010 10:21:01 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 81713 invoked by uid 500); 25 Oct 2010 10:20:59 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 81697 invoked by uid 99); 25 Oct 2010 10:20:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Oct 2010 10:20:58 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS,T_HK_NAME_DR X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of shenson@oss-institute.org designates 67.18.157.234 as permitted sender) Received: from [67.18.157.234] (HELO ns1.oss-institute.org) (67.18.157.234) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Oct 2010 10:20:53 +0000 Received: from customer33473.106.wv.cust.t-mobile.co.uk ([178.106.130.200] helo=[192.168.0.102]) by ns1.oss-institute.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1PAKAJ-0002zp-Le for dev@httpd.apache.org; Mon, 25 Oct 2010 05:20:32 -0500 Message-ID: <4CC559E9.2010202@oss-institute.org> Date: Mon, 25 Oct 2010 11:20:25 +0100 From: Dr Stephen Henson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: svn commit: r1026906 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c References: <20101024221416.3E631238890A@eris.apache.org> <4CC51A23.4090507@apache.org> In-Reply-To: <4CC51A23.4090507@apache.org> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ns1.oss-institute.org X-AntiAbuse: Original Domain - httpd.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - oss-institute.org X-Source: X-Source-Args: X-Source-Dir: On 25/10/2010 06:48, Ruediger Pluem wrote: > > > On 10/25/2010 12:14 AM, sf@apache.org wrote: >> Author: sf >> Date: Sun Oct 24 22:14:15 2010 >> New Revision: 1026906 >> >> URL: http://svn.apache.org/viewvc?rev=1026906&view=rev >> Log: >> Make sure to always log an error if loading of CA certificates fails >> >> PR: 40312 >> Submitted by: Paul Tiemann >> >> Modified: >> httpd/httpd/trunk/CHANGES >> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c >> >> >> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c >> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1026906&r1=1026905&r2=1026906&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) >> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Oct 24 22:14:15 2010 >> @@ -658,7 +658,7 @@ static void ssl_init_ctx_verify(server_r >> ca_list = ssl_init_FindCAList(s, ptemp, >> mctx->auth.ca_cert_file, >> mctx->auth.ca_cert_path); >> - if (!ca_list) { >> + if (sk_X509_NAME_num(ca_list) == 0) { > > Can we be sure that ca_list != NULL or that sk_X509_NAME_num can handle NULL? > sk_*_num() can always handle a NULL argument but it returns -1. So <= 0 covers all cases. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org