Skip Menu | | Logout
Logged in as guest
RT for openssl.org
 
 
#1424: Re: CRL update revision for X509_add_crl
X  Ticket metadata  
X  The Basics  
Id: 1424
Status: new
Left: 0 min
Priority: 0/0
Queue: OpenSSL-Bugs

X  Custom Fields  
Milestone:
  • (no value)
Subsystem:
  • (no value)
Severity:
  • (no value)
Broken in:
  • (no value)

X  People  
Owner: Nobody
Requestors: donn@u.washington.edu
Cc:
AdminCc:

X  Dates  
Created: Wed Nov 08 20:32:18 2006
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Wed Nov 08 20:32:18 2006
Closed: Not set
Updated: Wed Nov 08 20:32:24 2006 by donn@u.washington.edu

X  Links  
Depends on:
Depended on by:
Parents:
Children:
Refers to:
Referred to by:

X  More about Donn Cave  
Comments about this user:
No comment entered about this user
This user's 10 highest priority tickets:
Groups this user belongs to:
  • Everyone
  • Unprivileged

X  History Display mode:[Brief headers] [Full headers]
#     Wed Nov 08 20:32:19 2006  donn@u.washington.edu - Ticket created    
From: Donn Cave <donn@u.washington.edu>
Subject: Re: CRL update revision for X509_add_crl
Date: Tue, 7 Nov 2006 16:58:43 -0800
To: rt@openssl.org
Download (untitled)
text/plain 2k
I sent this in a while back, but it may have fallen victim
to some rt outage. Here it is again - the original source
source file hasn't changed in the meantime, so I haven't
retested.

I modified crypto/x509/x509_lu.c similar to the following,
to support live update to the certificate revocation list.

- Enhancement request
- all platforms
- OpenSSL 0.9.8-beta5

Briefly, X509_STORE_add_crl needs to be able to accept
a CRL input when a previous revision of the same CRL is
already there. Otherwise, we have to reboot the server
(OpenLDAP slapd in my case) to update the CRL. I actually
wrote a parallel function X509_STORE_replace_crl, and
call it from a replacement for X509_load_crl_file, but for
simplicity I propose to just fix X509_STORE_add_crl.

Thanks,
Donn Cave, donn@u.washington.edu
------------------------------------------------------
*** x509_lu.c.dist Fri Jun 17 11:20:56 2005
--- x509_lu.c Fri Jun 17 11:22:35 2005
***************
*** 359,364 ****
--- 359,365 ----
{
X509_OBJECT *obj;
int ret=1;
+ int idx;

if (x == NULL) return 0;
obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
***************
*** 374,392 ****

X509_OBJECT_up_ref_count(obj);

! if (X509_OBJECT_retrieve_match(ctx->objs, obj))
! {
! X509_OBJECT_free_contents(obj);
! OPENSSL_free(obj);
! X509err
(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
! ret=0;
! }
! else sk_X509_OBJECT_push(ctx->objs, obj);

CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

! return ret;
! }

void X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
--- 375,388 ----

X509_OBJECT_up_ref_count(obj);

! idx=sk_X509_OBJECT_find(ctx->objs, obj);
! if (idx >= 0) sk_X509_OBJECT_delete(ctx->objs, idx);
! sk_X509_OBJECT_push(ctx->objs, obj);

CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

! return 1;
! }

void X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
»|« RT 3.4.5 Copyright 1996-2005 Best Practical Solutions, LLC.
Time to display: 0.298371