Package: newpki-lib
Severity: serious
Tags: security
Hi,
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in src/PKI_CSR.cpp:
if(X509_REQ_verify(m_csr, m_pubKeyCsr) < 0)
{
NEWPKIerr(CRYPTO_ERROR_TXT, ERROR_ABORT);
return false;
}
else
{
return true;
}
X509_REQ_verify() returns the value of ASN1_item_verify()
which returns 0 if the verification is 0, and -1 in some
error cases.
You probably want to use this instead:
if(X509_REQ_verify(m_csr, m_pubKeyCsr) <= 0)
Kurt
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
