diff options
author | Matt Caswell <matt@openssl.org> | 2015-11-09 14:38:59 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-11-10 23:02:44 +0000 |
commit | a974e64aaaa8a6f99f55a68d28c07c04ecea2f50 (patch) | |
tree | 8813cd92bec23d1c450f4303c0ee72b743d68a95 /ssl/ssl_rsa.c | |
parent | 6329b6092b28b656be8a1e4a8363d2e3bcc32053 (diff) |
Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 9e172b579c..be552c1d36 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -644,10 +644,20 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) BIO *in; int ret = 0; X509 *x = NULL; + pem_password_cb *passwd_callback; + void *passwd_callback_userdata; ERR_clear_error(); /* clear error stack for * SSL_CTX_use_certificate() */ + if (ctx != NULL) { + passwd_callback = ctx->default_passwd_callback; + passwd_callback_userdata = ctx->default_passwd_callback_userdata; + } else { + passwd_callback = ssl->default_passwd_callback; + passwd_callback_userdata = ssl->default_passwd_callback_userdata; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); @@ -659,8 +669,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, + passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; @@ -693,10 +703,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) { + while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, + passwd_callback_userdata)) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else |