Hi all, i'm using openssl on top of a pgp authentication.
I've got a null pointer exception with ctx->current_cert (the other testers
of my project don't have this null pointer) and I don't understand why this
pointer is null.
I've change ctx->current_cert to ctx->cert to make it work. Is it secure ?
Thanks a lot for the dev work on openssl.
Here's my code :
int GPGAuthMgr::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) {
char buf[256];
X509 *err_cert;
int err, depth;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
/*
* Retrieve the pointer to the SSL of the connection currently treated
* and the application specific data stored into the SSL object.
*/
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
if (!preverify_ok) {
fprintf(stderr, "Verify error:num=%d:%s:depth=%d:%s\n", err,
X509_verify_cert_error_string(err), depth, buf);
}
/*
* At this point, err contains the last verification error. We can use
* it for something special
*/
if (!preverify_ok)
{
if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
{
//HERE'S THE NULL POINTER. I'VE CHANGED ctx->current_cert TO ctx->cert IN
ORDER TO MAKE IT WORK. IS IT OK ?
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
printf("issuer= %s\n", buf);
fprintf(stderr, "Doing REAL PGP Certificates\n");
/* do the REAL Authentication */
if (!AuthX509(ctx->cert))
{
return false;
}
std::string pgpid = getX509CNString(ctx->cert->cert_info->issuer);
if (!isPGPAuthenticated(pgpid))
{
return false;
}
preverify_ok = true;
