git.openssl.org Git - openssl.git/commit

author	Rich Salz <rsalz@openssl.org>
	Thu, 20 Apr 2017 19:33:42 +0000 (15:33 -0400)
committer	Rich Salz <rsalz@openssl.org>
	Thu, 20 Apr 2017 19:33:42 +0000 (15:33 -0400)
commit	c0452248ea1a59a41023a4765ef7d9825e80a62b
tree	acf05d2312af49b5cc0b60f9ba38a720458fac3c	tree \| snapshot
parent	0444c52a5ff3c2c09f8d7f0f5b464e10231de032	commit \| diff

Ignore dups in X509_STORE_add_*

X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.

Raise errors if empty or malformed files are read when loading certificates
and CRLs.

Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}

Refactor these two routines into one.

Bring the unit test for duplicate certificates up to date using the test
framework.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)

CHANGES		diff \| blob \| history
crypto/x509/by_dir.c		diff \| blob \| history
crypto/x509/by_file.c		diff \| blob \| history
crypto/x509/x509_err.c		diff \| blob \| history
crypto/x509/x509_lu.c		diff \| blob \| history
include/openssl/x509.h		diff \| blob \| history
ssl/ssl_cert.c		diff \| blob \| history
test/build.info		diff \| blob \| history
test/recipes/60-test_x509_dup_cert.t	[new file with mode: 0644]	blob
test/x509_dup_cert_test.c	[new file with mode: 0644]	blob