(http://curl.haxx.se/bug/view.cgi?id=
2861587) identifying that libcurl used
the OpenSSL function X509_load_crl_file() wrongly and failed if it would
load a CRL file with more than one certificate within. This is now fixed.
Changelog
+Daniel Stenberg (25 Sep 2009)
+- Chris Mumford filed bug report #2861587
+ (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
+ the OpenSSL function X509_load_crl_file() wrongly and failed if it would
+ load a CRL file with more than one certificate within. This is now fixed.
+
Daniel Stenberg (16 Sep 2009)
- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-
powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name
o improved NSS detection in configure
o cookie expiry date at 1970-jan-1 00:00:00
o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
+ o libcurl-OpenSSL can load CRL files with more than one certificate inside
This release includes the following known bugs:
Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
- Claes Jakobsson, Sven Anders
+ Claes Jakobsson, Sven Anders, Chris Mumford
Thanks! (and sorry if I forgot to mention someone)
* revocation */
lookup=X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file());
if ( !lookup ||
- (X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
- X509_FILETYPE_PEM)!=1) ) {
+ (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
+ X509_FILETYPE_PEM)) ) {
failf(data,"error loading CRL file :\n"
" CRLfile: %s\n",
data->set.str[STRING_SSL_CRLFILE]?
projects / thirdparty / curl.git / commitdiff
