*BIG* verify code reorganisation.

The old code was painfully primitive and couldn't handle distinct certificates using the same subject name. The new code performs several tests on a candidate issuer certificate based on certificate extensions. It also adds several callbacks to X509_VERIFY_CTX so its behaviour can be customised. Unfortunately some hackery was needed to persuade X509_STORE to tolerate this. This should go away when X509_STORE is replaced, sometime... This must have broken something though :-(
author: Dr. Stephen Henson <steve@openssl.org> 2000-09-05 17:53:58 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-09-05 17:53:58 +0000
commit: 2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch)
tree: 30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/x509/by_dir.c
parent: 29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff)
download: openssl-2f043896d14f5b1ced08bcc8bec3e38e7a18d96f.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index c5920cc7dd..cac64a6f40 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -326,7 +326,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 		/* we have added it to the cache so now pull
 		 * it out again */
 		CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-		tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp);
+		j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
+		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i);
+		else tmp = NULL;
 		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
 
 		if (tmp != NULL)
author	Dr. Stephen Henson <steve@openssl.org>	2000-09-05 17:53:58 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-09-05 17:53:58 +0000
commit	2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch)
tree	30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/x509/by_dir.c
parent	29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff)
download	openssl-2f043896d14f5b1ced08bcc8bec3e38e7a18d96f.tar.gz