projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Support for multiple CRLs with same issuer name in X509_STORE. Modify
[openssl.git] / crypto / x509 / x509_lu.c
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index cd2cfb6d855aedd3cbf5a404bb7e49fe71b0bb88..fbb1497fe211efb718bcea3cca3cca1e6462c45b 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -459,13 +459,24 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
        X509_OBJECT *obj;
        idx = sk_X509_OBJECT_find(h, x);
        if (idx == -1) return NULL;
-       if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+       if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+               return sk_X509_OBJECT_value(h, idx);
        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
                {
                obj = sk_X509_OBJECT_value(h, i);
                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
                        return NULL;
-               if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+               if (x->type == X509_LU_X509)
+                       {
+                       if (!X509_cmp(obj->data.x509, x->data.x509))
+                               return obj;
+                       }
+               else if (x->type == X509_LU_CRL)
+                       {
+                       if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                               return obj;
+                       }
+               else
                        return obj;
                }
        return NULL;
Unnamed repository; edit this file 'description' to name the repository.