Re: X509_STORE_get_by_subject

Dr S N Henson Tue, 20 Nov 2001 19:00:58 -0800

Ben Laurie wrote:
> 
> Ben Laurie wrote:
> >
> > francoise lacambre wrote:
> > >
> > > Don't you think, in the X509_STORE_get_by_subject function, that the following
> > > line
> > >                                 vs->current_method=j;
> > > would be replaced by :
> > >                                 vs->current_method=i;
> >
> > Yes!
> 
> Hmm ... still looks wrong to me ... I suspect it should do this, but it
> isn't my code - Steve?
> 
> Index: crypto/x509/x509_lu.c
> ===================================================================
> RCS file: /e/openssl/cvs/openssl/crypto/x509/x509_lu.c,v
> retrieving revision 1.24
> diff -u -r1.24 x509_lu.c
> --- crypto/x509/x509_lu.c       2001/09/01 20:01:58     1.24
> +++ crypto/x509/x509_lu.c       2001/11/20 13:58:10
> @@ -285,19 +285,21 @@
>         X509_STORE *ctx=vs->ctx;
>         X509_LOOKUP *lu;
>         X509_OBJECT stmp,*tmp;
> -       int i,j;
> +       int i,j,k;
> 
>         tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
> 
>         if (tmp == NULL)
>                 {
> -               for (i=vs->current_method;
> i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
> +               for (i=vs->current_method,k=0;
> k<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++,k++)
>                         {
> +                       if(k ==
> sk_X509_LOOKUP_num(ctx->get_cert_methods))
> +                               k=0;
> 
> lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
>                         j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
>                         if (j < 0)
>                                 {
> -                               vs->current_method=j;
> +                               vs->current_method=k;
>                                 return j;
>                                 }
>                         else if (j)
> @@ -306,7 +308,6 @@
>                                 break;
>                                 }
>                         }
> -               vs->current_method=0;
>                 if (tmp == NULL)
>                         return 0;
>                 }
>


Well it isn't my code either :-)

I think the original change is probably correct. The only reason this
kind of error hasn't been noticed is that no internal X509_LOOKUPs can
ever signal a retry.

I *think* the logic is that after a retry is signalled the next call
will continue where the old one left off until its tried all of them
whereupon it will signal a not found error.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: X509_STORE_get_by_subject

Reply via email to