Hello,
I find a bug in the crypto/x509 part of the SSL library.
The documentation implies that I can use either the file /usr/local/ssl/cert.
pem for the trusted certificates or the file specified in the environment
variable SSL_CERT_FILE. But if there is no certificate stored in
the file /usr/local/ssl/cert.pem or if this file doesn't exist the
environment variable will not be used.
I took a look at the source file crypto/x509/by_file.c:
static int by_file_ctrl(X509_LOOKUP .....
...
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
ok =(X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
---> the value of ok will be 0 if there is no file or no certificate
inside the default file
if (!ok)
{
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
}
else
{
---> this part will be executed only if the value of ok is not 0 !
so it will be executed only if there is at least one certificate
in the default file
but it should be executed in any cases
file=(char *)Getenv(X509_get_default_cert_file_env());
ok = (X509_load_cert_crl_file(ctx,file,
X509_FILETYPE_PEM) != 0);
}
}
.....
I hope that will help to fix the bug (or is it a feature ;-)) ?
Ciao Ulrike
OpenSSL version: 0.9.6b
Last change: Change ssleay_rand_bytes (crypto/rand/md_rand.c)...
OS (uname): Linux dolphin 2.2.16 #1 Wed Aug 2 20:03:33 GMT
2000 i686 unknown
OS (config): i686-whatever-linux2
Target (default): linux-elf
Target: linux-elf
Compiler: gcc version 2.95.2 19991024 (release)
================================================================
Access over 250 professionally developed online training courses
Purchase a 12 months membership online. Click below for details
http://training.beginners.co.uk/moreinfo/vid/eml
================================================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
