moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 20:15:03 -05:00
Code Issues Releases Wiki Activity

- Chris Mumford filed bug report #2861587

Browse Source 
(http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
  the OpenSSL function X509_load_crl_file() wrongly and failed if it would
  load a CRL file with more than one certificate within. This is now fixed.
This commit is contained in:
Daniel Stenberg 2009-09-25 18:09:38 +00:00
parent 15be441ad8
commit e3d623f190
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -6,6 +6,12 @@
Changelog Changelog
Daniel Stenberg (25 Sep 2009)
- Chris Mumford filed bug report #2861587
(http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
the OpenSSL function X509_load_crl_file() wrongly and failed if it would
load a CRL file with more than one certificate within. This is now fixed.
Daniel Stenberg (16 Sep 2009) Daniel Stenberg (16 Sep 2009)
- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL- - Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-
powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name

3
RELEASE-NOTES
View File

@ -29,6 +29,7 @@ This release includes the following bugfixes:
o improved NSS detection in configure o improved NSS detection in configure
o cookie expiry date at 1970-jan-1 00:00:00 o cookie expiry date at 1970-jan-1 00:00:00
o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
o libcurl-OpenSSL can load CRL files with more than one certificate inside
This release includes the following known bugs: This release includes the following known bugs:
@ -39,6 +40,6 @@ advice from friends like these:
Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet, Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson, Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
Claes Jakobsson, Sven Anders Claes Jakobsson, Sven Anders, Chris Mumford
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

4
lib/ssluse.c
View File

@ -1536,8 +1536,8 @@ ossl_connect_step1(struct connectdata *conn,
* revocation */ * revocation */
lookup=X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file()); lookup=X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file());
if ( !lookup || if ( !lookup ||
(X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE], (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
X509_FILETYPE_PEM)!=1) ) { X509_FILETYPE_PEM)) ) {
failf(data,"error loading CRL file :\n" failf(data,"error loading CRL file :\n"
" CRLfile: %s\n", " CRLfile: %s\n",
data->set.str[STRING_SSL_CRLFILE]? data->set.str[STRING_SSL_CRLFILE]?