From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 3 Jun 2008 11:37:52 +0000 (+0000)
Subject: Match empty CA list to anything for ssl client auth in CryptoAPI engine.
X-Git-Tag: OpenSSL_0_9_8k^2~345
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ca89fc1fb4457de749f65996ca130be0d1807887;p=oweals%2Fopenssl.git

Match empty CA list to anything for ssl client auth in CryptoAPI engine.
---

diff --git a/engines/e_capi.c b/engines/e_capi.c
index a9768832ef..4245a37d5f 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -774,7 +774,6 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
 		*siglen = slen;
 		}
 
-
 	/* Now cleanup */
 
 err:
@@ -1475,6 +1474,9 @@ static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
 	{
 	int i;
 	X509_NAME *nm;
+	/* Special case: empty list: match anything */
+	if (sk_X509_NAME_num(ca_dn) <= 0)
+		return 1;
 	for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
 		{
 		nm = sk_X509_NAME_value(ca_dn, i);