---------------------
PatchSet 6687 
Date: 2005/05/31 16:17:26
Author: hno
Branch: ssl-2_5
Tag: (none) 
Log:
Work around OpenSSL bug affecting the clientca= option

Members: 
	src/ssl_support.c:1.6.6.1.2.15->1.6.6.1.2.16 

Index: squid/src/ssl_support.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/ssl_support.c,v
retrieving revision 1.6.6.1.2.15
retrieving revision 1.6.6.1.2.16
diff -u -r1.6.6.1.2.15 -r1.6.6.1.2.16
--- squid/src/ssl_support.c	18 Mar 2005 16:45:35 -0000	1.6.6.1.2.15
+++ squid/src/ssl_support.c	31 May 2005 16:17:26 -0000	1.6.6.1.2.16
@@ -525,8 +525,15 @@
 	debug(83, 1) ("continuing anyway...\n");
     }
     if (clientCA) {
+	STACK_OF(X509_NAME) *cert_names;
 	debug(83, 9) ("Set client certifying authority list.\n");
-	SSL_CTX_set_client_CA_list(sslContext, SSL_load_client_CA_file(clientCA));
+	cert_names = SSL_load_client_CA_file(clientCA);
+	if (cert_names == NULL) {
+	    debug(83, 1) ("Error loading the client CA certificates from '%s\': %s\n", clientCA, ERR_error_string(ERR_get_error(), NULL));
+	    goto error;
+	}
+	ERR_clear_error();
+	SSL_CTX_set_client_CA_list(sslContext, cert_names);
 	if (fl & SSL_FLAG_DELAYED_AUTH) {
 	    debug(83, 9) ("Not requesting client certificates until acl processing requires one\n");
 	    SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL);