[xmlsec] Trusted certs directory

Tue Aug 15 08:32:28 PDT 2006

You are right! This is a better way to do it! Please, see attached
patch that combines this change and my change for error handling
for X509_LOOKUP_add_dir() function. I hope it will work for you!

Thanks again for bug report and investigation!

Aleksey
-------------- next part --------------
Index: src/openssl/x509vfy.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/openssl/x509vfy.c,v
retrieving revision 1.28
diff -u -r1.28 x509vfy.c

--- src/openssl/x509vfy.c	23 May 2006 01:39:39 -0000	1.28
+++ src/openssl/x509vfy.c	15 Aug 2006 15:28:12 -0000
@@ -540,13 +540,21 @@
 		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);
     }    
-    X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_DEFAULT);
+    if(!X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM)) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+		    "X509_LOOKUP_add_dir",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
     return(0);
 }
 
 static int
 xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
     const xmlChar* path;
+    X509_LOOKUP *lookup = NULL;
     
     xmlSecOpenSSLX509StoreCtxPtr ctx;
     xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
@@ -575,20 +583,36 @@
 	return(-1);
     }
     
+	
+    lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
+    if(lookup == NULL) {
+         xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+		    "X509_STORE_add_lookup",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+         return(-1);
+    }    
+
     path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
     if(path != NULL) {
-	X509_LOOKUP *lookup = NULL;
-	
-	lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
-        if(lookup == NULL) {
+	if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
-		    "X509_STORE_add_lookup",
+		    "X509_LOOKUP_add_dir",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}    
+    } else {
+	if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+		    "X509_LOOKUP_add_dir",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
 		    XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}    
-	X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_DEFAULT);
     }
 
     ctx->untrusted = sk_X509_new_null();
