Invalid Purpose change for OpenSSL 0.9.8e

diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES
index d652fd5..c65aa4f 100644 (file)
--- a/org.gridsite.core/CHANGES
+++ b/org.gridsite.core/CHANGES
@@ -1,3 +1,9 @@
+* Mon Oct 19 2009 Andrew McNab <Andrew.McNab@cern.ch>
+- Discard X509_V_ERR_INVALID_PURPOSE errors in 
+  GRST_callback_SSLVerify_wrapper(), needed by 
+  OpenSSL 0.9.8e (Imported from 1.7.6)
+* Mon Oct 19 2009 Andrew McNab <Andrew.McNab@cern.ch>
+- ==== GridSite version 1.5.16 ====
 * Thu Sep 17 2009 Andrew McNab <Andrew.McNab@cern.ch>
 - GRSThttpUrlEncode rather than GRSThttpUrlMildencode
   in mod_gridsite directory listings.

diff --git a/org.gridsite.core/VERSION b/org.gridsite.core/VERSION
index b0d83cf..30db20a 100644 (file)
--- a/org.gridsite.core/VERSION
+++ b/org.gridsite.core/VERSION
@@ -1,5 +1,5 @@
 MAJOR_VERSION=1
 MINOR_VERSION=1.5
-PATCH_VERSION=1.5.15
-DEFVERSION=010515
+PATCH_VERSION=1.5.16
+DEFVERSION=010516
 VERSION=$(PATCH_VERSION)

diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c
index a2c3302..1cd6b1d 100644 (file)
--- a/org.gridsite.core/src/mod_gridsite.c
+++ b/org.gridsite.core/src/mod_gridsite.c
@@ -3783,6 +3783,21 @@ int GRST_callback_SSLVerify_wrapper(int ok, X509_STORE_CTX *ctx)
      }
 
    /*
+    * Skip X509_V_ERR_INVALID_PURPOSE at this stage, since we will check 
+    * the full chain using GRSTx509ChainLoadCheck at errdepth=0
+    */
+   if (errnum == X509_V_ERR_INVALID_PURPOSE)
+     {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+                    "Skip Invalid Purpose error");
+
+        sslconn->verify_error = NULL;
+        ok = TRUE;
+        errnum = X509_V_OK;
+        X509_STORE_CTX_set_error(ctx, errnum);
+     }
+
+   /*
     * New style GSI Proxy handling, with critical ProxyCertInfo
     * extension: we use GRSTx509KnownCriticalExts() to check this
     */