Created attachment 317178 [details] zip file of DER cert files to reproduce this bug I have a chain of test certs. 3 certs (EE, intermediate, root CA) in 3 files. If I use the command vfychain -d empty -pvv BridgeUser1cert.der NavyBridgecert.der -t ArmyRoot.der to validate the chain, it crashes. The cause is the same as the cause of bug 428038, namely a crash in cert_pkixDestroyValOutParam when the ValOutParams block has not been initialized to zeros. We do want to fix that in the library, but the patch is not ready. In the mean time, I have a fix for vfychain.c that I will attach. It simply initializes the valOutParams.
Created attachment 317179 [details] patch v1 This patch initializes the structures we pass to CERT_PKIXVerifyCert.
In the above cited command, "empty" is the name of a directory containing an empty cert DB, the result of certutil -d empty -N
Created attachment 317185 [details] [diff] [review] patch v2 Sorry, that was the wrong patch file.
cmd/vfychain/vfychain.c; new revision: 1.23; previous revision: 1.22