On Thu, Oct 09, 2008 at 10:19:58PM +0200, Andrej Podzimek wrote:
> if (i < 0)
> {
> + FILE * f;
> + f = fopen( "/tmp/CERTDUMP_EXPIRED", "w" );
> + PEM_write_X509( f, x );
> + fclose( f );
> ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
> ctx->current_cert=x;
> if (!ctx->verify_cb(0, ctx))
> return 0;
> }
Don't open the file with mode "w", open it for append. Multiple
certs are checked (root and server or client) and you don't want
results from later checks to clobber the contents of the file.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
