On Sat, Dec 04, 2004, Alex Fishman wrote: > Here is a sample program > > main() > { > SSL_library_init(); > SSL_load_error_strings(); > SSL_METHOD* meth = SSLv23_client_method(); > SSL_CTX* ctx = SSL_CTX_new (meth); > > X509_STORE* store = SSL_CTX_get_cert_store(ctx); > X509_LOOKUP* lu = X509_STORE_add_lookup(store, X509_LOOKUP_file()); > > static char crl[] = "stress.crl"; > > X509_load_crl_file(lu, crl, X509_FILETYPE_ASN1); > > if (X509_load_crl_file(lu, crl, X509_FILETYPE_PEM) != 1) > printf("failure"); > else > printf("success"); > > return 0; > } > > This one prints failure, but if i remove the first call to > X509_load_crl_file() it would print success. Attached is the crl file > used for testing. I suggest that the error is caused by some > non-initialized data so it may or may not happen on your system. >
Thank you for the report and test program. The cause is a bug in the X509_load_crl_file() routine which checked the first error rather than the last one: so it would only work if the first error and last one were the same. Normally that would be if there was only one error. I've committed a fix. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]