diff options
Diffstat (limited to 'src/openssl/x509vfy.c')
-rw-r--r-- | src/openssl/x509vfy.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c index 155e1ab5..f828afb2 100644 --- a/src/openssl/x509vfy.c +++ b/src/openssl/x509vfy.c @@ -291,7 +291,14 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) { X509_STORE_CTX xsc; - X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2); + if(!X509_STORE_CTX_init(&xsc, ctx->xst, cert, certs2)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "X509_STORE_CTX_init", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } if(keyInfoCtx->certsVerificationTime > 0) { X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime); } @@ -741,7 +748,15 @@ xmlSecOpenSSLX509VerifyCRL(X509_STORE* xst, X509_CRL *crl ) { xmlSecAssert2(xst != NULL, -1); xmlSecAssert2(crl != NULL, -1); - X509_STORE_CTX_init(&xsc, xst, NULL, NULL); + ret = X509_STORE_CTX_init(&xsc, xst, NULL, NULL); + if(ret <= 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "X509_STORE_CTX_init", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ret = X509_STORE_get_by_subject(&xsc, X509_LU_X509, X509_CRL_get_issuer(crl), &xobj); if(ret <= 0) { |