Support for multiple CRLs with same issuer name in X509_STORE. Modify
[openssl.git] / crypto / x509 / x509_lu.c
index cd2cfb6..fbb1497 100644 (file)
@@ -459,13 +459,24 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
        X509_OBJECT *obj;
        idx = sk_X509_OBJECT_find(h, x);
        if (idx == -1) return NULL;
-       if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+       if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+               return sk_X509_OBJECT_value(h, idx);
        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
                {
                obj = sk_X509_OBJECT_value(h, i);
                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
                        return NULL;
-               if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+               if (x->type == X509_LU_X509)
+                       {
+                       if (!X509_cmp(obj->data.x509, x->data.x509))
+                               return obj;
+                       }
+               else if (x->type == X509_LU_CRL)
+                       {
+                       if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                               return obj;
+                       }
+               else
                        return obj;
                }
        return NULL;