Bug 3337

Summary:	Loading CA certs from directory fails
Product:	ACE	Reporter:	ciju john <john_c>
Component:	SSL Wrappers	Assignee:	ciju john <john_c>
Status:	ASSIGNED ---
Severity:	major
Priority:	P3
Version:	5.6.5
Hardware:	All
OS:	Windows XP
Attachments:	bug test

Description ciju john 2008-06-04 15:56:52 CDT

Created attachment 984 [details]
bug test

The API ACE_SSL_Context::load_trusted_ca () fails on Windows due to what seems an OpenSSL bug in ::SSL_add_dir_cert_subjects_to_stack. I have verified against OpenSSL 0.9.8g. Some time ago I ran into this same issue with an older OpenSSL release, so I suspect this issue is present in recent releases. Attached is a simple test for this. It would be great if someone can test against openssl-0.9.8h to see if this has been fixed.

I am disabling ::SSL_add_dir_cert_subjects_to_stack for at least the openssl-0.9.8g release. See diff below.

thanks,
Ciju

Index: ace/SSL/SSL_Context.cpp
===================================================================
--- ace/SSL/SSL_Context.cpp     (revision 81835)
+++ ace/SSL/SSL_Context.cpp     (working copy)
@@ -378,6 +378,7 @@
       // this comparison if so.
 #if defined (OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090801fL)
 #  if !defined (OPENSSL_SYS_VMS) && !defined (OPENSSL_SYS_MACINTOSH_CLASSIC)
+#    if !defined (OPENSSL_SYS_WIN32) || (OPENSSL_VERSION_NUMBER > 0x0090807fL)

       if (ca_dir != 0)
         {
@@ -398,6 +399,7 @@
               return -1;
             }
         }
+#    endif /* !OPENSSL_SYS_WIN32 || OPENSSL_VERSION_NUMBER >= 0x0090807fL */
 #  endif /* !OPENSSL_SYS_VMS && !OPENSSL_SYS_MACINTOSH_CLASSIC */
 #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8a release */