The SSL_CTX's cert structure is not relevant for the SSL

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 53b77797a52b711c84ad9c2f37493c163518fc45..b33658f017b1e21862c33e08abb6a3162dfbf5f2 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -106,10 +106,12 @@
 
 #include <stdio.h>
 #include <sys/types.h>
-#ifndef WIN32
-#ifndef VMS
+#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)
 #include <dirent.h>
 #endif
+#ifdef NeXT
+#include <sys/dir.h>
+#define dirent direct
 #endif
 #include <openssl/objects.h>
 #include <openssl/bio.h>
@@ -450,19 +452,19 @@ static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME)
        *ca_list=list;
        }
 
-STACK *SSL_dup_CA_list(STACK *sk)
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
        {
        int i;
-       STACK *ret;
+       STACK_OF(X509_NAME) *ret;
        X509_NAME *name;
 
-       ret=sk_new_null();
-       for (i=0; i<sk_num(sk); i++)
+       ret=sk_X509_NAME_new_null();
+       for (i=0; i<sk_X509_NAME_num(sk); i++)
                {
-               name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
-               if ((name == NULL) || !sk_push(ret,(char *)name))
+               name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
+               if ((name == NULL) || !sk_X509_NAME_push(ret,name))
                        {
-                       sk_pop_free(ret,X509_NAME_free);
+                       sk_X509_NAME_pop_free(ret,X509_NAME_free);
                        return(NULL);
                        }
                }
@@ -569,7 +571,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 
        for (;;)
                {
-               if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+               if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
                        break;
                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
                /* check for duplicates */
@@ -630,7 +632,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 
     for (;;)
        {
-       if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+       if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
            break;
        if ((xn=X509_get_subject_name(x)) == NULL) goto err;
        xn=X509_NAME_dup(xn);
@@ -673,14 +675,20 @@ err:
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                       const char *dir)
     {
-    DIR *d=opendir(dir);
+    DIR *d;
     struct dirent *dstruct;
+    int ret = 0;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+    d = opendir(dir);
 
     /* Note that a side effect is that the CAs will be sorted by name */
     if(!d)
        {
-       SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
-       return 0;
+       SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+       ERR_add_error_data(3, "opendir('", dir, "')");
+       SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+       goto err;
        }
 
     while((dstruct=readdir(d)))
@@ -690,15 +698,18 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
        if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
            {
            SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-           return 0;
+           goto err;
            }
        
        sprintf(buf,"%s/%s",dir,dstruct->d_name);
        if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-           return 0;
+           goto err;
        }
+    ret = 1;
 
-    return 1;
+err:   
+    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+    return ret;
     }
 
 #endif