diff options
| author | schwarze <> | 2021-11-10 13:57:42 +0000 |
|---|---|---|
| committer | schwarze <> | 2021-11-10 13:57:42 +0000 |
| commit | f4a5a07e50a5a0f27254d03bdf06838d718fed07 (patch) | |
| tree | ac9b43ba8da53df491ad7a1a945cc9e04e5380b5 | |
| parent | 9b0d17c7e0c52e06c77513dcea41c96ddc84e6c5 (diff) | |
| download | openbsd-f4a5a07e50a5a0f27254d03bdf06838d718fed07.tar.gz openbsd-f4a5a07e50a5a0f27254d03bdf06838d718fed07.tar.bz2 openbsd-f4a5a07e50a5a0f27254d03bdf06838d718fed07.zip | |
If X509_load_cert_crl_file(3) does not find any certificates
and/or CRLs in the PEM input file (for example, if the file
is empty), provide an error message in addition to returning 0.
This merges another part of this OpenSSL commit,
which is still under a free license:
commit c0452248ea1a59a41023a4765ef7d9825e80a62b
Author: Rich Salz <rsalz@openssl.org>
Date: Thu Apr 20 15:33:42 2017 -0400
I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND
and X509_R_NO_CRL_FOUND because both code inspection and testing
have shown that the code generating them is unreachable.
OK tb@
| -rw-r--r-- | src/lib/libcrypto/x509/by_file.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_err.c | 3 |
3 files changed, 7 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c index a5a4342e88..3116b7cf1e 100644 --- a/src/lib/libcrypto/x509/by_file.c +++ b/src/lib/libcrypto/x509/by_file.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: by_file.c,v 1.24 2021/11/10 09:19:25 schwarze Exp $ */ | 1 | /* $OpenBSD: by_file.c,v 1.25 2021/11/10 13:57:42 schwarze Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -262,6 +262,8 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) | |||
| 262 | count++; | 262 | count++; |
| 263 | } | 263 | } |
| 264 | } | 264 | } |
| 265 | if (count == 0) | ||
| 266 | X509error(X509_R_NO_CERTIFICATE_OR_CRL_FOUND); | ||
| 265 | sk_X509_INFO_pop_free(inf, X509_INFO_free); | 267 | sk_X509_INFO_pop_free(inf, X509_INFO_free); |
| 266 | return count; | 268 | return count; |
| 267 | } | 269 | } |
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 4624628bf8..4b4bab8be8 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.h,v 1.87 2021/11/01 20:53:08 tb Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.88 2021/11/10 13:57:42 schwarze Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1197,6 +1197,7 @@ void ERR_load_X509_strings(void); | |||
| 1197 | #define X509_R_LOADING_CERT_DIR 103 | 1197 | #define X509_R_LOADING_CERT_DIR 103 |
| 1198 | #define X509_R_LOADING_DEFAULTS 104 | 1198 | #define X509_R_LOADING_DEFAULTS 104 |
| 1199 | #define X509_R_METHOD_NOT_SUPPORTED 124 | 1199 | #define X509_R_METHOD_NOT_SUPPORTED 124 |
| 1200 | #define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 | ||
| 1200 | #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 | 1201 | #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 |
| 1201 | #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 | 1202 | #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 |
| 1202 | #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 | 1203 | #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 |
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c index cac734ddf9..a8e9155718 100644 --- a/src/lib/libcrypto/x509/x509_err.c +++ b/src/lib/libcrypto/x509/x509_err.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_err.c,v 1.15 2020/06/05 16:51:12 jsing Exp $ */ | 1 | /* $OpenBSD: x509_err.c,v 1.16 2021/11/10 13:57:42 schwarze Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -96,6 +96,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { | |||
| 96 | {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, | 96 | {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, |
| 97 | {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, | 97 | {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, |
| 98 | {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, | 98 | {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, |
| 99 | {ERR_REASON(X509_R_NO_CERTIFICATE_OR_CRL_FOUND), "no certificate or crl found"}, | ||
| 99 | {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, | 100 | {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, |
| 100 | {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, | 101 | {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, |
| 101 | {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, | 102 | {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, |