Ben Laurie wrote: > > Ben Laurie wrote: > > > > francoise lacambre wrote: > > > > > > Don't you think, in the X509_STORE_get_by_subject function, that the following > > > line > > > vs->current_method=j; > > > would be replaced by : > > > vs->current_method=i; > > > > Yes! > > Hmm ... still looks wrong to me ... I suspect it should do this, but it > isn't my code - Steve? > > Index: crypto/x509/x509_lu.c > =================================================================== > RCS file: /e/openssl/cvs/openssl/crypto/x509/x509_lu.c,v > retrieving revision 1.24 > diff -u -r1.24 x509_lu.c > --- crypto/x509/x509_lu.c 2001/09/01 20:01:58 1.24 > +++ crypto/x509/x509_lu.c 2001/11/20 13:58:10 > @@ -285,19 +285,21 @@ > X509_STORE *ctx=vs->ctx; > X509_LOOKUP *lu; > X509_OBJECT stmp,*tmp; > - int i,j; > + int i,j,k; > > tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); > > if (tmp == NULL) > { > - for (i=vs->current_method; > i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) > + for (i=vs->current_method,k=0; > k<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++,k++) > { > + if(k == > sk_X509_LOOKUP_num(ctx->get_cert_methods)) > + k=0; > > lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); > j=X509_LOOKUP_by_subject(lu,type,name,&stmp); > if (j < 0) > { > - vs->current_method=j; > + vs->current_method=k; > return j; > } > else if (j) > @@ -306,7 +308,6 @@ > break; > } > } > - vs->current_method=0; > if (tmp == NULL) > return 0; > } >
Well it isn't my code either :-) I think the original change is probably correct. The only reason this kind of error hasn't been noticed is that no internal X509_LOOKUPs can ever signal a retry. I *think* the logic is that after a retry is signalled the next call will continue where the old one left off until its tried all of them whereupon it will signal a not found error. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]