diff options
author | Rich Salz <rsalz@openssl.org> | 2017-04-20 15:33:42 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-04-20 15:33:42 -0400 |
commit | c0452248ea1a59a41023a4765ef7d9825e80a62b (patch) | |
tree | acf05d2312af49b5cc0b60f9ba38a720458fac3c /include | |
parent | 0444c52a5ff3c2c09f8d7f0f5b464e10231de032 (diff) |
Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.
Raise errors if empty or malformed files are read when loading certificates
and CRLs.
Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}
Refactor these two routines into one.
Bring the unit test for duplicate certificates up to date using the test
framework.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d23fad8e35..49ad143bd2 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1102,7 +1102,10 @@ int ERR_load_X509_strings(void); # define X509_R_METHOD_NOT_SUPPORTED 124 # define X509_R_NAME_TOO_LONG 134 # define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 # define X509_R_NO_CRL_NUMBER 130 # define X509_R_PUBLIC_KEY_DECODE_ERROR 125 # define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 |