Patch applied and committed on all active branches. Thanks!

Ticket resolved.

[dkaufman@rahul.net - Thu Jun 23 11:40:36 2005]:

> On April 24th, I wrote to openssl-dev:
>
> > Also, the function "dir_ctrl" in crypto/x509/by_dir.c looks wrong to
> > me. Shouldn't it be checking for the environment variable first,

then
> > getting the default if no environment variable is specified (the way
> > by_file_ctrl does in crypto/x509/by_file.c)? Sorry if I am

misreading
> > what that function is doing. The code looks the same in 0.9.7 and
> > 0.9.8.

>
> I have done some more testing, and openssl is indeed using certs from
> the default directory, even if a different directory is specified
> by SSL_CERT_DIR. This patch changes the logic to what we have in
> by_file.c. That is, if SSL_CERT_DIR is defined in the environment,
> openssl uses it exclusively for the directory of hashed certs. If
> SSL_CERT_DIR is not defined, then the default directory is used.
>
> Since I am in the US, a copy of the patch is being forwarded to the
> appropriate US government agencies.
>
> Doug
>
> --- crypto/x509/by_dir.c.ori 2004-01-22 14:36:46.000000000 -0800
> +++ crypto/x509/by_dir.c 2005-06-22 12:09:00.000000000 -0800
> @@ -122,19 +122,19 @@
> {
> case X509_L_ADD_DIR:
> if (argl == X509_FILETYPE_DEFAULT)
> + dir=(char *)Getenv(X509_get_default_cert_dir_env());
> + if (dir)
> + ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
> + else
> {
> ret=add_cert_dir(ld,X509_get_default_cert_dir(),
> X509_FILETYPE_PEM);
> + }
> if (!ret)
> {
> X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR

);
> }
> - else
> - {
> - dir=(char *)

Getenv(X509_get_default_cert_dir_env());
> - ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
> - }
> - }
> +
> else
> ret=add_cert_dir(ld,argp,(int)argl);
> break;


--
Richard Levitte
levitte@openssl.org
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org