The bug is in the file x509v3/v3_lib.c in the function X509V3_get_d2i() in the 0.9.7b source code.
This bug affects all operating systems. The problem: If the idx parameter points to an integer index, then the function always returns NULL. Here's the fixed code, with my addition marked with a comment: void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) { int lastpos, i; X509_EXTENSION *ex, *found_ex = NULL; if(!x) { if(idx) *idx = -1; if(crit) *crit = -1; return NULL; } if(idx) lastpos = *idx + 1; else lastpos = 0; if(lastpos < 0) lastpos = 0; for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { ex = sk_X509_EXTENSION_value(x, i); if(OBJ_obj2nid(ex->object) == nid) { if(idx) { *idx = i; found_ex = ex; /******* this fixes the bug */ break; } else if(found_ex) { /* Found more than one */ if(crit) *crit = -2; return NULL; } found_ex = ex; } } if(found_ex) { /* Found it */ if(crit) *crit = X509_EXTENSION_get_critical(found_ex); return X509V3_EXT_d2i(found_ex); } /* Extension not found */ if(idx) *idx = -1; if(crit) *crit = -1; return NULL; } -- Doug Sauder Hunny Software, Inc Email: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]