inn-CURRENT-20160416/nnrpd issue
Julien ÉLIE
julien at trigofacile.com
Sun Apr 17 09:47:24 UTC 2016
The Doctor,
>> Could you please try:
>>
>> switch (X509_STORE_CTX_get_error(ctx)) {
>> case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
>>
>> X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)),
>> buf, sizeof(buf));
>>
>> and tell us whether nnrpd builds better with that change?
>
> That does the think and it works fine.
>
> Please somehow commit.
OK, thanks for the confirmation.
I've seen in the documentation of X509_STORE_CTX_get_error() that
"In versions of OpenSSL before 1.0 the current certificate returned
by X509_STORE_CTX_get_current_cert() was never NULL. Applications
should check the return value before printing out any debugging
information relating to the current certificate."
so here is a complete patch. In the switch part, err_cert is not NULL
because otherwise the error would have been different than
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT.
--- tls.c (révision 9987)
+++ tls.c (copie de travail)
@@ -244,9 +244,13 @@
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
- if ((tls_serveractive) && (tls_loglevel >= 1))
- Printf("Peer cert verify depth=%d %s", depth, buf);
+ if (err_cert != NULL) {
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+ if ((tls_serveractive) && (tls_loglevel >= 1)) {
+ Printf("Peer cert verify depth=%d %s", depth, buf);
+ }
+ }
+
if (ok==0)
{
syslog(L_NOTICE, "verify error:num=%d:%s", err,
@@ -260,9 +264,10 @@
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
- switch (ctx->error) {
+
+ switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
syslog(L_NOTICE, "issuer= %s", buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
I'll commit it soon.
--
Julien ÉLIE
« Je sens que ma dernière hure est proche ! » (Astérix)
More information about the inn-workers
mailing list