From: Joe Orton <jorton@apache.org>
Date: Thu, 1 Sep 2005 11:58:58 +0000 (+0000)
Subject: * modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors
X-Git-Tag: 2.3.0~3026
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=407dc73f4314d655a041147b1d7291b2b06602ed;p=thirdparty%2Fapache%2Fhttpd.git

* modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors
returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect
malformed or misconfigured CRLs.  Clear error stack beforehand to
ensure reported errors are relevant.

PR: 36438


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@265702 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index ef8eb6668b5..9a464c2560d 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -202,6 +202,9 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
 {
     X509_STORE *pStore;
     X509_LOOKUP *pLookup;
+    int rv = 1;
+
+    ERR_clear_error();
 
     if (cpFile == NULL && cpPath == NULL)
         return NULL;
@@ -213,17 +216,17 @@ X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
             X509_STORE_free(pStore);
             return NULL;
         }
-        X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
+        rv = X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
     }
-    if (cpPath != NULL) {
+    if (cpPath != NULL && rv == 1) {
         pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir());
         if (pLookup == NULL) {
             X509_STORE_free(pStore);
             return NULL;
         }
-        X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
+        rv = X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
     }
-    return pStore;
+    return rv == 1 ? pStore : NULL;
 }
 
 int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType,