summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/crypto/x509/x509_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/crypto/x509/x509_vfy.c')
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 2e4d0b8..e24e102 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -627,6 +627,15 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
X509_EXTENSION *ext;
/* Look for serial number of certificate in CRL */
rtmp.serialNumber = X509_get_serialNumber(x);
+ /* Sort revoked into serial number order if not already sorted.
+ * Do this under a lock to avoid race condition.
+ */
+ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+ sk_X509_REVOKED_sort(crl->crl->revoked);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+ }
idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
/* If found assume revoked: want something cleverer than
* this to handle entry extensions in V2 CRLs.
OpenPOWER on IntegriCloud