tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed return code check in CRL loading 

The code for loading CRLs was incorrectly assuming that OpenSSL's
X509_LOOKUP_load_file function returns zero on success, but actually it
returns one on success. This commit fixes this return code check so
that a CRL can be loaded.

fixes #5040

Signed-off-by: Gunnar Beutner <gunnar.beutner@icinga.com>
This commit is contained in:
Sebastian Marsching 2017-02-27 19:26:34 +01:00 committed by Gunnar Beutner
parent 9dfe423c11
commit 118d36f384
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/base/tlsutility.cpp
View File

@ -231,7 +231,7 @@ void AddCRLToSSLContext(const boost::shared_ptr<SSL_CTX>& context, const String&
<< errinfo_openssl_error(ERR_peek_error()));
}
if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 0) {
if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 1) {
Log(LogCritical, "SSL")
<< "Error loading crl file '" << crlPath << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
BOOST_THROW_EXCEPTION(openssl_error()