SSL_accept seg fault when adding extra chain cert

Mon, 31 Oct 2011 01:31:45 -0700

I'm using libssl0.9.8 0.9.8o-3 on Debian Lenny 5.0.3. When I use SSL_CTX_use_certificate then SSL_CTX_add_extra_chain_cert, I get random seg faults when calling SSL_accept for subsequent connections that reuse the SSL_CTX. However, I stopped getting the errors when I replaced SSL_CTX_add_extra_chain_cert with SSL_CTX_get_cert_store and X509_STORE_add_cert.
Can anyone tell me what causes this error when using SSL_CTX_add_extra_chain_cert? 

The stack trace when using SSL_CTX_add_extra_chain_cert is:

#4  0x00007feead7a7dd2 in asn1_ex_i2c () from /usr/lib/libcrypto.so.0.9.8
#5  0x00007feead7a8003 in ?? () from /usr/lib/libcrypto.so.0.9.8

#6  0x00007feead7a82a2 in ASN1_item_ex_i2d () from 
/usr/lib/libcrypto.so.0.9.8

#7  0x00007feead7a87a6 in ?? () from /usr/lib/libcrypto.so.0.9.8

#8  0x00007feead7a8452 in ASN1_item_ex_i2d () from 
/usr/lib/libcrypto.so.0.9.8

#9  0x00007feead7a882f in ?? () from /usr/lib/libcrypto.so.0.9.8

#10 0x00007feead7a8452 in ASN1_item_ex_i2d () from 
/usr/lib/libcrypto.so.0.9.8

#11 0x00007feead7a8b1b in ASN1_item_i2d () from /usr/lib/libcrypto.so.0.9.8

#12 0x00007feeada7a0c3 in ssl3_output_cert_chain () from 
/usr/lib/libssl.so.0.9.8
#13 0x00007feeada6ccd8 in ssl3_send_server_certificate () from 
/usr/lib/libssl.so.0.9.8

#14 0x00007feeada708a0 in ssl3_accept () from /usr/lib/libssl.so.0.9.8

#15 0x00007feeada7a4b5 in ssl23_get_client_hello () from 
/usr/lib/libssl.so.0.9.8

#16 0x00007feeada7ac85 in ssl23_accept () from /usr/lib/libssl.so.0.9.8


# uname -a

Linux telvisvm 2.6.26-2-amd64 #1 SMP Wed Aug 19 22:33:18 UTC 2009 x86_64 
GNU/Linux



Thank you,
Telvis Calhoun
tcalh...@barracuda.com

'Like' us on Facebook for exclusive content and other resources on all 
Barracuda Networks solutions.
Visit http://barracudanetworks.com/facebook

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org














    











					Reply via email to