Patch applied and committed on all active branches. Thanks! Ticket resolved.
[EMAIL PROTECTED] - Thu Jun 23 11:40:36 2005]: > On April 24th, I wrote to openssl-dev: > > > Also, the function "dir_ctrl" in crypto/x509/by_dir.c looks wrong to > > me. Shouldn't it be checking for the environment variable first, then > > getting the default if no environment variable is specified (the way > > by_file_ctrl does in crypto/x509/by_file.c)? Sorry if I am misreading > > what that function is doing. The code looks the same in 0.9.7 and > > 0.9.8. > > I have done some more testing, and openssl is indeed using certs from > the default directory, even if a different directory is specified > by SSL_CERT_DIR. This patch changes the logic to what we have in > by_file.c. That is, if SSL_CERT_DIR is defined in the environment, > openssl uses it exclusively for the directory of hashed certs. If > SSL_CERT_DIR is not defined, then the default directory is used. > > Since I am in the US, a copy of the patch is being forwarded to the > appropriate US government agencies. > > Doug > > --- crypto/x509/by_dir.c.ori 2004-01-22 14:36:46.000000000 -0800 > +++ crypto/x509/by_dir.c 2005-06-22 12:09:00.000000000 -0800 > @@ -122,19 +122,19 @@ > { > case X509_L_ADD_DIR: > if (argl == X509_FILETYPE_DEFAULT) > + dir=(char *)Getenv(X509_get_default_cert_dir_env()); > + if (dir) > + ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); > + else > { > ret=add_cert_dir(ld,X509_get_default_cert_dir(), > X509_FILETYPE_PEM); > + } > if (!ret) > { > X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR ); > } > - else > - { > - dir=(char *) Getenv(X509_get_default_cert_dir_env()); > - ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); > - } > - } > + > else > ret=add_cert_dir(ld,argp,(int)argl); > break; -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]