diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2000-09-05 17:53:58 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2000-09-05 17:53:58 +0000 |
commit | 2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch) | |
tree | 30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/x509/by_dir.c | |
parent | 29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff) | |
download | openssl-2f043896d14f5b1ced08bcc8bec3e38e7a18d96f.tar.gz |
*BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
Diffstat (limited to 'crypto/x509/by_dir.c')
-rw-r--r-- | crypto/x509/by_dir.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index c5920cc7dd..cac64a6f40 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -326,7 +326,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull * it out again */ CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); - tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp); + j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); + if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i); + else tmp = NULL; CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); if (tmp != NULL) |