diff options
author | Andreas Karlsson <andreas@proxel.se> | 2016-07-02 01:19:39 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-07-02 15:30:13 -0400 |
commit | 9d6daf99c286d260e50278f63ddb7d164462256e (patch) | |
tree | 6e1f87e2da166a1cce848c4421f6f75053317a9e | |
parent | 3426de2262caee3283b88c40308b99009182fcd1 (diff) | |
download | openssl-9d6daf99c286d260e50278f63ddb7d164462256e.tar.gz |
Fix broken loading of client CAs
The SSL_load_client_CA_file() failed to load any CAs due to an
inccorrect assumption about the return value of lh_*_insert(). The
return value when inserting into a hash is the old value of the key.
The bug was introduced in 3c82e437bb3af822ea13cd5a24bab0745c556246.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1279)
-rw-r--r-- | ssl/ssl_cert.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index c6e2d09eb7..2a07ee6910 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -605,8 +605,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) X509_NAME_free(xn); xn = NULL; } else { - if (!lh_X509_NAME_insert(name_hash, xn)) - goto err; + lh_X509_NAME_insert(name_hash, xn); if (!sk_X509_NAME_push(ret, xn)) goto err; } |