From 9d6daf99c286d260e50278f63ddb7d164462256e Mon Sep 17 00:00:00 2001 From: Andreas Karlsson Date: Sat, 2 Jul 2016 01:19:39 +0200 Subject: [PATCH] Fix broken loading of client CAs The SSL_load_client_CA_file() failed to load any CAs due to an inccorrect assumption about the return value of lh_*_insert(). The return value when inserting into a hash is the old value of the key. The bug was introduced in 3c82e437bb3af822ea13cd5a24bab0745c556246. Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1279) --- ssl/ssl_cert.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index c6e2d09eb7..2a07ee6910 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -605,8 +605,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) X509_NAME_free(xn); xn = NULL; } else { - if (!lh_X509_NAME_insert(name_hash, xn)) - goto err; + lh_X509_NAME_insert(name_hash, xn); if (!sk_X509_NAME_push(ret, xn)) goto err; }