diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2006-07-25 17:39:38 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2006-07-25 17:39:38 +0000 |
commit | f6e7d014508b020818707d4b1544379e8b742e32 (patch) | |
tree | d974f0b497d3d31a71e4e872ed3a847eb7ceab7c /crypto/x509/x509_lu.c | |
parent | edc540211c4852c57c01743a068aecc0e0a97b5c (diff) | |
download | openssl-f6e7d014508b020818707d4b1544379e8b742e32.tar.gz |
Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
Diffstat (limited to 'crypto/x509/x509_lu.c')
-rw-r--r-- | crypto/x509/x509_lu.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index cd2cfb6d85..fbb1497fe2 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -459,13 +459,24 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x X509_OBJECT *obj; idx = sk_X509_OBJECT_find(h, x); if (idx == -1) return NULL; - if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); + if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) + return sk_X509_OBJECT_value(h, idx); for (i = idx; i < sk_X509_OBJECT_num(h); i++) { obj = sk_X509_OBJECT_value(h, i); if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) return NULL; - if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) + if (x->type == X509_LU_X509) + { + if (!X509_cmp(obj->data.x509, x->data.x509)) + return obj; + } + else if (x->type == X509_LU_CRL) + { + if (!X509_CRL_match(obj->data.crl, x->data.crl)) + return obj; + } + else return obj; } return NULL; |