Reported bug fixed. No further responses assuming resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project
[nick.le...@usa.g4s.com - Mon Sep 12 10:31:50 2011]:
Thank you for looking at the patch and reporting the problem
with it. I apologise that I did not test it properly. The path loop
test in the patch should of course be first whether the issuer is
in the chain and only if it is
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD version.
I still have problem with HEAD regarding check if is for self signed.
This case is not in openssl regression tests ans cannot be reproduced
with openssl command line. Case is when callback
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num (issuer_num x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num (issuer_num x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD
Roumen
Thank you for looking at the patch and reporting the problem with it. I
apologise that I did not test it properly. The path loop test in the patch
should of course be first whether the issuer is in the chain and only if it is
then whether it is lower than the cert x i.e.
+
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work
correctly for some combinations of ctx-chain, x and issuer. For example when
the cert x is in the chain at a location other than the top, a path loop is
incorrectly declared. Also if the
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not
work correctly for some combinations of ctx-chain, x and issuer. For example
when the cert x is in the chain at a location other than the top, a path loop
is incorrectly declared. Also if the