diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-09-25 18:09:38 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-09-25 18:09:38 +0000 |
| commit | e3d623f190bc582e6058be12e3568424ca206d27 (patch) | |
| tree | e3672d4c1e6fa972e92199cc8e2fcb7da35a5a00 | |
| parent | 15be441ad8b445dee58a82bebf8c2b67d5149a12 (diff) | |
- Chris Mumford filed bug report #2861587
(http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
the OpenSSL function X509_load_crl_file() wrongly and failed if it would
load a CRL file with more than one certificate within. This is now fixed.
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | RELEASE-NOTES | 3 | ||||
| -rw-r--r-- | lib/ssluse.c | 4 |
3 files changed, 10 insertions, 3 deletions
@@ -6,6 +6,12 @@ Changelog +Daniel Stenberg (25 Sep 2009) +- Chris Mumford filed bug report #2861587 + (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used + the OpenSSL function X509_load_crl_file() wrongly and failed if it would + load a CRL file with more than one certificate within. This is now fixed. + Daniel Stenberg (16 Sep 2009) - Sven Anders reported that we introduced a cert verfication flaw for OpenSSL- powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 6077ef25f..519587bc9 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -29,6 +29,7 @@ This release includes the following bugfixes: o improved NSS detection in configure o cookie expiry date at 1970-jan-1 00:00:00 o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name + o libcurl-OpenSSL can load CRL files with more than one certificate inside This release includes the following known bugs: @@ -39,6 +40,6 @@ advice from friends like these: Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet, Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson, - Claes Jakobsson, Sven Anders + Claes Jakobsson, Sven Anders, Chris Mumford Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/ssluse.c b/lib/ssluse.c index 363c27a1e..2ea3b2f55 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1536,8 +1536,8 @@ ossl_connect_step1(struct connectdata *conn, * revocation */ lookup=X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file()); if ( !lookup || - (X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE], - X509_FILETYPE_PEM)!=1) ) { + (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE], + X509_FILETYPE_PEM)) ) { failf(data,"error loading CRL file :\n" " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE]? |