Created attachment 317178 [details]
zip file of DER cert files to reproduce this bug
I have a chain of test certs. 3 certs (EE, intermediate, root CA) in 3 files.
If I use the command
vfychain -d empty -pvv BridgeUser1cert.der NavyBridgecert.der -t ArmyRoot.der
to validate the chain, it crashes.
The cause is the same as the cause of bug 428038, namely a crash in
cert_pkixDestroyValOutParam when the ValOutParams block has not been
initialized to zeros. We do want to fix that in the library, but the
patch is not ready. In the mean time, I have a fix for vfychain.c that
I will attach. It simply initializes the valOutParams.
Created attachment 317179 [details]
This patch initializes the structures we pass to CERT_PKIXVerifyCert.
In the above cited command, "empty" is the name of a directory containing
an empty cert DB, the result of
certutil -d empty -N
Created attachment 317185 [details] [diff] [review]
Sorry, that was the wrong patch file.
cmd/vfychain/vfychain.c; new revision: 1.23; previous revision: 1.22