From 407dc73f4314d655a041147b1d7291b2b06602ed Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Thu, 1 Sep 2005 11:58:58 +0000 Subject: [PATCH] * modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect malformed or misconfigured CRLs. Clear error stack beforehand to ensure reported errors are relevant. PR: 36438 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@265702 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_util_ssl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c index ef8eb6668b..9a464c2560 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c @@ -202,6 +202,9 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath) { X509_STORE *pStore; X509_LOOKUP *pLookup; + int rv = 1; + + ERR_clear_error(); if (cpFile == NULL && cpPath == NULL) return NULL; @@ -213,17 +216,17 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath) X509_STORE_free(pStore); return NULL; } - X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM); + rv = X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM); } - if (cpPath != NULL) { + if (cpPath != NULL && rv == 1) { pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir()); if (pLookup == NULL) { X509_STORE_free(pStore); return NULL; } - X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM); + rv = X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM); } - return pStore; + return rv == 1 ? pStore : NULL; } int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType, -- 2.40.0