From c6975fef89a56277dbc36658d685c5336cab2830 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Tue, 10 Apr 2012 21:37:27 +0000 Subject: [PATCH] vulnerability of Voms CRL processing found & fixed --- emi.canl.canl-c/src/proxy/sslutils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c index 9dd7d09..8705ab8 100644 --- a/emi.canl.canl-c/src/proxy/sslutils.c +++ b/emi.canl.canl-c/src/proxy/sslutils.c @@ -2044,7 +2044,7 @@ proxy_verify_callback( if (X509_STORE_get_by_subject(ctx, X509_LU_CRL, - X509_get_subject_name(ctx->current_cert), + X509_get_subject_name(ctx->current_issuer), &obj)) { objset = 1; @@ -2052,7 +2052,7 @@ proxy_verify_callback( crl_info = crl->crl; /* verify the signature on this CRL */ - key = X509_get_pubkey(ctx->current_cert); + key = X509_get_pubkey(ctx->current_issuer); if (X509_CRL_verify(crl, key) <= 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_SIGNATURE_FAILURE); -- 1.8.2.3