From 60d97e1cb7d5f9630b4055ea626955e1f2857c4d Mon Sep 17 00:00:00 2001 From: Andrew McNab Date: Wed, 21 Oct 2009 13:59:23 +0000 Subject: [PATCH] Invalid Purpose change for OpenSSL 0.9.8e --- org.gridsite.core/CHANGES | 6 ++++++ org.gridsite.core/VERSION | 4 ++-- org.gridsite.core/src/mod_gridsite.c | 15 +++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES index d652fd5..c65aa4f 100644 --- a/org.gridsite.core/CHANGES +++ b/org.gridsite.core/CHANGES @@ -1,3 +1,9 @@ +* Mon Oct 19 2009 Andrew McNab +- Discard X509_V_ERR_INVALID_PURPOSE errors in + GRST_callback_SSLVerify_wrapper(), needed by + OpenSSL 0.9.8e (Imported from 1.7.6) +* Mon Oct 19 2009 Andrew McNab +- ==== GridSite version 1.5.16 ==== * Thu Sep 17 2009 Andrew McNab - GRSThttpUrlEncode rather than GRSThttpUrlMildencode in mod_gridsite directory listings. diff --git a/org.gridsite.core/VERSION b/org.gridsite.core/VERSION index b0d83cf..30db20a 100644 --- a/org.gridsite.core/VERSION +++ b/org.gridsite.core/VERSION @@ -1,5 +1,5 @@ MAJOR_VERSION=1 MINOR_VERSION=1.5 -PATCH_VERSION=1.5.15 -DEFVERSION=010515 +PATCH_VERSION=1.5.16 +DEFVERSION=010516 VERSION=$(PATCH_VERSION) diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c index a2c3302..1cd6b1d 100644 --- a/org.gridsite.core/src/mod_gridsite.c +++ b/org.gridsite.core/src/mod_gridsite.c @@ -3783,6 +3783,21 @@ int GRST_callback_SSLVerify_wrapper(int ok, X509_STORE_CTX *ctx) } /* + * Skip X509_V_ERR_INVALID_PURPOSE at this stage, since we will check + * the full chain using GRSTx509ChainLoadCheck at errdepth=0 + */ + if (errnum == X509_V_ERR_INVALID_PURPOSE) + { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "Skip Invalid Purpose error"); + + sslconn->verify_error = NULL; + ok = TRUE; + errnum = X509_V_OK; + X509_STORE_CTX_set_error(ctx, errnum); + } + + /* * New style GSI Proxy handling, with critical ProxyCertInfo * extension: we use GRSTx509KnownCriticalExts() to check this */ -- 1.8.2.3