STACK_OF(X509_NAME) *ca_list;
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
STACK_OF(X509_INFO) *ca_certs;
+ STACK_OF(X509_INFO) **ca_cert_chains;
int i, j, k;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
return TRUE;
}
+ ca_cert_chains = sc->proxy->pkp->ca_certs;
for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
ca_name = sk_X509_NAME_value(ca_list, i);
return TRUE;
}
- /* Failed to find direct issuer - search intermediaries (by issuer name) */
- ca_certs = sc->proxy->pkp->ca_certs[j];
- for (k = 0; k < sk_X509_INFO_num(ca_certs); k++) {
- ca_info = sk_X509_INFO_value(ca_certs, k);
- ca_issuer = X509_get_issuer_name(ca_info->x509);
-
- if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
- modssl_proxy_info_log(s, info, "found acceptable cert by intermediary");
+ if (ca_cert_chains) {
+ /*
+ * Failed to find direct issuer - search intermediaries
+ * (by issuer name), if provided.
+ */
+ ca_certs = ca_cert_chains[j];
+ for (k = 0; k < sk_X509_INFO_num(ca_certs); k++) {
+ ca_info = sk_X509_INFO_value(ca_certs, k);
+ ca_issuer = X509_get_issuer_name(ca_info->x509);
- modssl_set_cert_info(info, x509, pkey);
+ if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
+ modssl_proxy_info_log(s, info, "found acceptable cert by intermediary");
- return TRUE;
- }
- } /* end loop through chained certs */
+ modssl_set_cert_info(info, x509, pkey);
+
+ return TRUE;
+ }
+ } /* end loop through chained certs */
+ }
} /* end loop through available certs */
}
projects / apache / commitdiff