On Mon Apr 14 11:52:31 2014, [email protected] wrote: > > I was not able to find the root cause why X509_get_ext_by_NID() fails to > retrieve the extension here, but the function > check_purpose_timestamp_sign() should also not return 1 if the extended > key usage extension cannot be retrieved, as the first if statement has > already checked via the flags that the extended key usage exists and the > the value is timeStamping. >
The cause was that the lastpost parameter was set to 0 instead of -1. The purpose of lastpos is to find multiple extensions of the same time so you can continue from the last found position or -1 to start from the beginning. Erroneously setting it to 0 will mean it misses the extension if it is first. I've just added a fix (and to two other cases in the same file). Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
