My product got hit by this bug too. ( it uses 0.9.8y branch). I understand
the fix is in main branch, but I am curious - will 0.9.8 be patched
eventually?
--
View this message in context:
Hi Steve,
I am also facing the same issue.
If I want to to fix this bug, should the code for SSL_get_certificate() be
restored to previous state? Is there any other place to be fixed?
Thanks,
-Vimol
On Mon, Feb 11, 2013 at 10:21 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Mon, Feb 11,
On Tue, Mar 05, 2013, Vimol Kshetrimayum wrote:
Hi Steve,
I am also facing the same issue.
If I want to to fix this bug, should the code for SSL_get_certificate() be
restored to previous state? Is there any other place to be fixed?
Effectively yes. The fix is here:
I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer
dereference when I call SSL_get_certificate on a valid SSL object.
Backtrace:
ssl_set_cert_masks:1845
ssl_get_server_send_pkey:2117
ssl_get_server_send_cert:2175
SSL_get_certificate:2605
ssl_get_server_send_pkey calls
On Mon, Feb 11, 2013, Bogdan Harjoc wrote:
I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer
dereference when I call SSL_get_certificate on a valid SSL object.
Backtrace:
ssl_set_cert_masks:1845
ssl_get_server_send_pkey:2117
ssl_get_server_send_cert:2175