ssl_engine_init.c

Ruediger Pluem Sun, 24 Oct 2010 22:48:20 -0700


On 10/25/2010 12:14 AM, s...@apache.org wrote:
> Author: sf
> Date: Sun Oct 24 22:14:15 2010
> New Revision: 1026906
> 
> URL: http://svn.apache.org/viewvc?rev=1026906&view=rev
> Log:
> Make sure to always log an error if loading of CA certificates fails
> 
> PR: 40312
> Submitted by: Paul Tiemann <issues apache org ourdetour com>
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> 
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1026906&r1=1026905&r2=1026906&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Oct 24 22:14:15 2010
> @@ -658,7 +658,7 @@ static void ssl_init_ctx_verify(server_r
>              ca_list = ssl_init_FindCAList(s, ptemp,
>                                            mctx->auth.ca_cert_file,
>                                            mctx->auth.ca_cert_path);
> -        if (!ca_list) {
> +        if (sk_X509_NAME_num(ca_list) == 0) {


Can we be sure that ca_list != NULL or that sk_X509_NAME_num can handle NULL?

Regards

Rüdiger

Re: svn commit: r1026906 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c

Reply via email to