git://scientific.zcu.cz / jra1mw.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa9ec07)
vulnerability of Voms CRL processing found & fixed
authorMarcel Poul <marcel.poul@cern.ch>
Tue, 10 Apr 2012 21:37:27 +0000 (21:37 +0000)
committerMarcel Poul <marcel.poul@cern.ch>
Tue, 10 Apr 2012 21:37:27 +0000 (21:37 +0000)
emi.canl.canl-c/src/proxy/sslutils.c patch | blob | blame | history

diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index 9dd7d09..8705ab8 100644 (file)
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -2044,7 +2044,7 @@ proxy_verify_callback(
         
         if (X509_STORE_get_by_subject(ctx,
                                       X509_LU_CRL, 
-                                      X509_get_subject_name(ctx->current_cert),
+                                      X509_get_subject_name(ctx->current_issuer),
                                       &obj))
         {
             objset = 1;
@@ -2052,7 +2052,7 @@ proxy_verify_callback(
             crl_info = crl->crl;
             /* verify the signature on this CRL */
 
-            key = X509_get_pubkey(ctx->current_cert);
+            key = X509_get_pubkey(ctx->current_issuer);
             if (X509_CRL_verify(crl, key) <= 0)
             {
                 PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_SIGNATURE_FAILURE);
jra1mw project from LCG CVS.