diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-07-03 08:00:08 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:58:59 -0500 |
commit | ec0035c9b8e0690f3bc21f3de089c39eae660916 (patch) | |
tree | 183dddce1bc0704f0c137df03e611d255fb68e11 /source4/heimdal/lib/hx509/revoke.c | |
parent | 74b35321dc043188386d0305508b5276a5290d0d (diff) | |
download | samba-ec0035c9b8e0690f3bc21f3de089c39eae660916.tar.gz samba-ec0035c9b8e0690f3bc21f3de089c39eae660916.tar.bz2 samba-ec0035c9b8e0690f3bc21f3de089c39eae660916.zip |
r23678: Update to current lorikeet-heimdal (-r 767), which should fix the
panics on hosts without /dev/random.
Andrew Bartlett
(This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
Diffstat (limited to 'source4/heimdal/lib/hx509/revoke.c')
-rw-r--r-- | source4/heimdal/lib/hx509/revoke.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index 0d477945c8..ddcb17ee38 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c 20871 2007-06-03 21:22:51Z lha $"); +RCSID("$Id: revoke.c 21153 2007-06-18 21:55:46Z lha $"); struct revoke_crl { char *path; @@ -572,10 +572,10 @@ hx509_revoke_verify(hx509_context context, continue; } - for (i = 0; i < ocsp->ocsp.tbsResponseData.responses.len; i++) { + for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) { heim_octet_string os; - ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[i].certID.serialNumber, + ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber, &c->tbsCertificate.serialNumber); if (ret != 0) continue; @@ -594,13 +594,13 @@ hx509_revoke_verify(hx509_context context, ret = _hx509_verify_signature(context, NULL, - &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm, + &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm, &os, - &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerKeyHash); + &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash); if (ret != 0) continue; - switch (ocsp->ocsp.tbsResponseData.responses.val[i].certStatus.element) { + switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) { case choice_OCSPCertStatus_good: break; case choice_OCSPCertStatus_revoked: @@ -609,13 +609,13 @@ hx509_revoke_verify(hx509_context context, } /* don't allow the update to be in the future */ - if (ocsp->ocsp.tbsResponseData.responses.val[i].thisUpdate > + if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate > now + context->ocsp_time_diff) continue; /* don't allow the next updte to be in the past */ - if (ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate) { - if (*ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate < now) + if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) { + if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now) continue; } else /* Should force a refetch, but can we ? */; @@ -1077,6 +1077,7 @@ hx509_crl_alloc(hx509_context context, hx509_crl *crl) if (ret) { free(*crl); *crl = NULL; + return ret; } (*crl)->expire = 0; return ret; |