Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Hi, this works on linux 2.2.16 and linux 2.4.19 Thanks Burkhard On Fri, 21 Mar 2003, Ralf S. Engelschall wrote: On Fri, Mar 21, 2003, Ralf S. Engelschall wrote: I can see the same segmentation fault : [...] Ok, can the people who are able to reproduce the segfault problem, please apply the following patch, retry it and give feedback? I think these two bugfixes should fix the problem now. If yes, I'll release mod_ssl 2.8.14 with it. Thanks for your help. Index: ssl_engine_kernel.c === RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.136 diff -u -d -r1.136 ssl_engine_kernel.c --- ssl_engine_kernel.c 19 Nov 2002 13:57:01 - 1.136 +++ ssl_engine_kernel.c 21 Mar 2003 12:39:47 - @@ -1048,13 +1048,15 @@ Re-negotiation handshake failed: Client verification failed); return FORBIDDEN; } +cert = SSL_get_peer_certificate(ssl); if ( dc-nVerifyClient == SSL_CVERIFY_REQUIRE - (cert = SSL_get_peer_certificate(ssl)) == NULL) { + cert == NULL) { ssl_log(r-server, SSL_LOG_ERROR, Re-negotiation handshake failed: Client certificate missing); -X509_free(cert); return FORBIDDEN; } +if (cert != NULL) +X509_free(cert); } } Index: ssl_engine_vars.c === RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v retrieving revision 1.53 diff -u -d -r1.53 ssl_engine_vars.c --- ssl_engine_vars.c 29 Oct 2002 13:00:46 - 1.53 +++ ssl_engine_vars.c 21 Mar 2003 12:40:12 - @@ -322,7 +322,9 @@ else if (ssl != NULL strlen(var) 7 strcEQn(var, SERVER_, 7)) { if ((xs = SSL_get_certificate(ssl)) != NULL) { result = ssl_var_lookup_ssl_cert(p, xs, var+7); -X509_free(xs); +/* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment + the reference count the same way SSL_get_peer_certificate does, + so no need to X509_free(xs) the stuff here. */ } } return result; Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
--Ralf S. Engelschall [EMAIL PROTECTED] wrote: On Fri, Mar 21, 2003, Ralf S. Engelschall wrote: I can see the same segmentation fault : [...] Ok, can the people who are able to reproduce the segfault problem, please apply the following patch, retry it and give feedback? I think these two bugfixes should fix the problem now. If yes, I'll release mod_ssl 2.8.14 with it. Thanks for your help. The patch fixed the problem for me (no php, RH 7.3.) -- Ed Kubaitis - [EMAIL PROTECTED] CITES/STS - University of Illinois at Urbana-Champaign Index: ssl_engine_kernel.c === RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.136 diff -u -d -r1.136 ssl_engine_kernel.c --- ssl_engine_kernel.c 19 Nov 2002 13:57:01 - 1.136 +++ ssl_engine_kernel.c 21 Mar 2003 12:39:47 - @@ -1048,13 +1048,15 @@ Re-negotiation handshake failed: Client verification failed); return FORBIDDEN; } +cert = SSL_get_peer_certificate(ssl); if ( dc-nVerifyClient == SSL_CVERIFY_REQUIRE - (cert = SSL_get_peer_certificate(ssl)) == NULL) { + cert == NULL) { ssl_log(r-server, SSL_LOG_ERROR, Re-negotiation handshake failed: Client certificate missing); -X509_free(cert); return FORBIDDEN; } +if (cert != NULL) +X509_free(cert); } } Index: ssl_engine_vars.c === RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v retrieving revision 1.53 diff -u -d -r1.53 ssl_engine_vars.c --- ssl_engine_vars.c 29 Oct 2002 13:00:46 - 1.53 +++ ssl_engine_vars.c 21 Mar 2003 12:40:12 - @@ -322,7 +322,9 @@ else if (ssl != NULL strlen(var) 7 strcEQn(var, SERVER_, 7)) { if ((xs = SSL_get_certificate(ssl)) != NULL) { result = ssl_var_lookup_ssl_cert(p, xs, var+7); -X509_free(xs); +/* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment + the reference count the same way SSL_get_peer_certificate does, + so no need to X509_free(xs) the stuff here. */ } } return result; Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Hi, Ralf S. Engelschall wrote: Ok, can the people who are able to reproduce the segfault problem, please apply the following patch, retry it and give feedback? I think these two bugfixes should fix the problem now. If yes, I'll release mod_ssl 2.8.14 with it. Thanks for your help. That's ok with static and DSO apache build on : FreeBSD 4.8-STABLE Apache 1.3.27 Openssl 0.9.7a Modssl 2.8.13 + provided patch PHP 4.3.1 and PHP 4.3.2RC1 Thanks ! -- Best regards, Artur Pydo. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Hi All, It is OK with: Solaris 2.6/Sparc Apache 1.3.27 (DSO) Php 4.2.3 OpenSSL 0.9.6i Mod_SSL 2.8.14 Nice weekend for everybody! JAZZ ___ Busca Yahoo! O serviço de busca mais completo da Internet. O que você pensar o Yahoo! encontra. http://br.busca.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]