Hello,
I getting crazy !
In one application I insert CA certificates and CRLs in the X509_STORE.
This store is included in the SSL_CTX. No problem. The certificate
verification process during handshake runs like a charm.
In a second application, I create an X509_STORE and try to insert my CA
certificates and CRL lists and right at the FIRST insertion of a CA I get :
error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert
already in hash table
It is not possible : the store is empty !
I tried even to create a dummy SSL_CTX and use its store like I do in
the other application (I imagined that the SSL_CTX creation may be made
some initialisation in the store...) : same result.
i.e. : the same code runs smoothly in one application and not in the
second one !
I compared the compilation environment (command parameters, includes)
and didn't find any significant difference, except that the second
application is compiled with the option "-D_FILE_OFFSET_BITS=64". Could
it be the cause of my misery ???
Hereafter is the code :
#include <openssl/ssl.h>
if ( (G_store = X509_STORE_new()) == NULL){
trace_s(O_UTL, 0, LV_ERR, "Erreur à l'allocation du X509_STORE
pour CAs et CRLs.");
return(-1);
}
CA = Gl_listeCA;
while (CA != NULL){
if (!(err = X509_STORE_add_cert(G_store, CA->x509))) {
trace_si(O_UTL, 0, LV_ERR, "Erreur à l'insertion d'un
certificat dans le STORE.CA N° :", CA->num);
X509_NAME_oneline(X509_get_subject_name(CA->x509), bid,
sizeof(bid)-1);
trace_ss(O_UTL, 0, LV_ERR, " Sujet :", bid);
X509_NAME_oneline(X509_get_issuer_name(CA->x509), bid,
sizeof(bid)-1);
trace_ss(O_UTL, 0, LV_ERR, " Sujet :", bid);
trace_si(O_UTL, 0, LV_ERR, "Erreur :", err);
err = ERR_get_error();
trace_ss(O_UTL, 0, LV_ERR, " ", ERR_error_string(err, NULL));
flush_trace();
}
}
The "CA" is a structure containing the certificate in 2 formats : DER
and the internal X509 structure and some other informations. Gl_listeCA
is a global chained list of these structures. It's the same architecture
in the running application.
The X509 looks correct : the subject and the issuer are extracted
without any problem in order to print details on the error.
Compilation parameters :
gcc -c -g -ggdb -D_FILE_OFFSET_BITS=64 -Wno-comment -Wno-unused -ansi
-D_BSD_SOURCE -D_XOPEN_SOURCE -Dunix
Both applications are linked with libcrypto and libssl 0.9.8
Thanks in advance for any clue !
--
Francis GASCHET / NUMLOG
http://www.numlog.fr
Tel.: +33 (0) 130 791 616
Fax.: +33 (0) 130 819 286
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]