diff options
| author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2021-11-10 13:57:43 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2021-11-10 13:57:43 +0000 |
| commit | 255f3be05f024be40bf8495d1bf68db4da794397 (patch) | |
| tree | e88d0807d6d2d062d01cc6170b9f2d66c2f9a69b /lib | |
| parent | ba05e7fdb3c41b290c7f04a11e80e78479efdf74 (diff) | |
If X509_load_cert_crl_file(3) does not find any certificates
and/or CRLs in the PEM input file (for example, if the file
is empty), provide an error message in addition to returning 0.
This merges another part of this OpenSSL commit,
which is still under a free license:
commit c0452248ea1a59a41023a4765ef7d9825e80a62b
Author: Rich Salz <rsalz@openssl.org>
Date: Thu Apr 20 15:33:42 2017 -0400
I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND
and X509_R_NO_CRL_FOUND because both code inspection and testing
have shown that the code generating them is unreachable.
OK tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/x509/by_file.c | 4 | ||||
| -rw-r--r-- | lib/libcrypto/x509/x509.h | 3 | ||||
| -rw-r--r-- | lib/libcrypto/x509/x509_err.c | 3 |
3 files changed, 7 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/by_file.c b/lib/libcrypto/x509/by_file.c index a5a4342e884..3116b7cf1e6 100644 --- a/lib/libcrypto/x509/by_file.c +++ b/lib/libcrypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.24 2021/11/10 09:19:25 schwarze Exp $ */ +/* $OpenBSD: by_file.c,v 1.25 2021/11/10 13:57:42 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -262,6 +262,8 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) count++; } } + if (count == 0) + X509error(X509_R_NO_CERTIFICATE_OR_CRL_FOUND); sk_X509_INFO_pop_free(inf, X509_INFO_free); return count; } diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 4624628bf83..4b4bab8be88 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.87 2021/11/01 20:53:08 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.88 2021/11/10 13:57:42 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1197,6 +1197,7 @@ void ERR_load_X509_strings(void); #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_METHOD_NOT_SUPPORTED 124 +#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 diff --git a/lib/libcrypto/x509/x509_err.c b/lib/libcrypto/x509/x509_err.c index cac734ddf9e..a8e91557186 100644 --- a/lib/libcrypto/x509/x509_err.c +++ b/lib/libcrypto/x509/x509_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_err.c,v 1.15 2020/06/05 16:51:12 jsing Exp $ */ +/* $OpenBSD: x509_err.c,v 1.16 2021/11/10 13:57:42 schwarze Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -96,6 +96,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(X509_R_NO_CERTIFICATE_OR_CRL_FOUND), "no certificate or crl found"}, {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, |