Skip Menu |
 
Ticket metadata
The Basics
Id: 1424
Status: new
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Nobody in particular
Requestors: Donn Cave
Cc:
AdminCc:

More about the requestors

Donn Cave

Comments about this user: No comment entered about this user
Groups this user belongs to
  • Unprivileged
  • Everyone

New reminder:
Subject:
Owner:
Due:

Dates
Created: Wed Nov 08 20:32:18 2006
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Wed Nov 08 20:32:18 2006
Closed: Not set
Updated: Wed Nov 08 20:32:24 2006 by Donn Cave



From: Donn Cave <donn@u.washington.edu>
Subject: Re: CRL update revision for X509_add_crl
Date: Tue, 7 Nov 2006 16:58:43 -0800
To: rt@openssl.org
I sent this in a while back, but it may have fallen victim
to some rt outage. Here it is again - the original source
source file hasn't changed in the meantime, so I haven't
retested.

I modified crypto/x509/x509_lu.c similar to the following,
to support live update to the certificate revocation list.

- Enhancement request
- all platforms
- OpenSSL 0.9.8-beta5

Briefly, X509_STORE_add_crl needs to be able to accept
a CRL input when a previous revision of the same CRL is
already there. Otherwise, we have to reboot the server
(OpenLDAP slapd in my case) to update the CRL. I actually
wrote a parallel function X509_STORE_replace_crl, and
call it from a replacement for X509_load_crl_file, but for
simplicity I propose to just fix X509_STORE_add_crl.

Thanks,
Donn Cave, donn@u.washington.edu
------------------------------------------------------
*** x509_lu.c.dist Fri Jun 17 11:20:56 2005
--- x509_lu.c Fri Jun 17 11:22:35 2005
***************
*** 359,364 ****
--- 359,365 ----
{
X509_OBJECT *obj;
int ret=1;
+ int idx;

if (x == NULL) return 0;
obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
***************
*** 374,392 ****

X509_OBJECT_up_ref_count(obj);

Show quoted text
! if (X509_OBJECT_retrieve_match(ctx->objs, obj))
! {
! X509_OBJECT_free_contents(obj);
! OPENSSL_free(obj);
! X509err
(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
Show quoted text
! ret=0;
! }
! else sk_X509_OBJECT_push(ctx->objs, obj);

CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

Show quoted text
! return ret;
! }

void X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
--- 375,388 ----

X509_OBJECT_up_ref_count(obj);

Show quoted text
! idx=sk_X509_OBJECT_find(ctx->objs, obj);
! if (idx >= 0) sk_X509_OBJECT_delete(ctx->objs, idx);
! sk_X509_OBJECT_push(ctx->objs, obj);

CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

Show quoted text
! return 1;
! }

void X509_OBJECT_up_ref_count(X509_OBJECT *a)
{