* modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors

returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect
malformed or misconfigured CRLs.  Clear error stack beforehand to
ensure reported errors are relevant.

PR: 36438

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@265702 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index ef8eb6668b543ccad2fd9cad206cd4534991ff13..9a464c2560ddfe6f8ac406b64fa4f70fedb4e75c 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -202,6 +202,9 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
 {
     X509_STORE *pStore;
     X509_LOOKUP *pLookup;
+    int rv = 1;
+
+    ERR_clear_error();
 
     if (cpFile == NULL && cpPath == NULL)
         return NULL;
@@ -213,17 +216,17 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
             X509_STORE_free(pStore);
             return NULL;
         }
-        X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
+        rv = X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
     }
-    if (cpPath != NULL) {
+    if (cpPath != NULL && rv == 1) {
         pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir());
         if (pLookup == NULL) {
             X509_STORE_free(pStore);
             return NULL;
         }
-        X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
+        rv = X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
     }
-    return pStore;
+    return rv == 1 ? pStore : NULL;
 }
 
 int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType,