From: Stefan Fritsch <sf@apache.org>
Date: Mon, 25 Oct 2010 19:13:20 +0000 (+0000)
Subject: handle the ca_list == NULL case correctly (which can only happen with out
X-Git-Tag: 2.3.9~218
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7b9471c76fcc59a4650f79888bfd6df198ef03b6;p=apache

handle the ca_list == NULL case correctly (which can only happen with out
of memory, anyway)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1027239 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 4cfa1d3b7d..cebef32408 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -658,7 +658,7 @@ static void ssl_init_ctx_verify(server_rec *s,
             ca_list = ssl_init_FindCAList(s, ptemp,
                                           mctx->auth.ca_cert_file,
                                           mctx->auth.ca_cert_path);
-        if (sk_X509_NAME_num(ca_list) == 0) {
+        if (sk_X509_NAME_num(ca_list) <= 0) {
             ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
                     "Unable to determine list of acceptable "
                     "CA certificates for client authentication");