OPENSSL VERSION: 0.9.6j PLATFORM: all SEVERITY: minor
In x509_vfy.c:X509_verify_cert, there are some cases where an error occurs and ctx->error is set, but the error isn't added to the error stack (with X509err). The only cases where this happens are when the verify callback is called (so that it can potentially handle or ignore the error), but if the callback fails (returns 0), the error still isn't added to the openssl error stack. It would be nice to get the error info (file, line number, etc.) from that error, by calling X509err(X509_F_ERR_VERIFY_CERT, ctx->error) if the callback fails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]