DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42972>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42972 Summary: Certificate list in mod_ssl module context are not sorted Product: Apache httpd-2 Version: 2.2.4 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] mod_ssl re-uses its module context for each request/connection. Example: static void ssl_init_ctx_cipher_suite(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modssl_ctx_t *mctx) { SSL_CTX *ctx = mctx->ssl_ctx; This context is accessed as "read only" and can therefore been shared between threads. OpenSSL uses mutexes when accessing global objects (e.g. random generation). The problem I encounter: the server certificates are stored in OpenSSL stacks. The objects in this stack need to be sorted when they get accessed the very first time (sk_find() brings the objects in the right order using qsort()). Stack trace: ssl_io_filter_input() ssl_io_filter_connect() SSL_accept() ssl23_accept() ssl23_get_client_hello() SSL_accept() ssl3_accept() ssl3_send_server_certificate() ssl3_output_cert_chain() X509_STORE_get_by_subject() X509_OBJECT_retrieve_by_subject() X509_OBJECT_idx_by_subject() sk_find() internal_find() sk_sort() qsort() x509_object_cmp() When starting multiple requests (new ssl handshakes) in parallel right after a server restart, the server might crash due multiple threads are accessing the certificate stack which has not been sorted yet (segmentation fault in x509_object_cmp() due the move of the certificate objects in the stack order). Possible workaround: Manual sort of the stacks in the ssl context at server startup, e.g. in mod_ssl ssl_init_ctx_verify() Example: if(ctx->cert_store->objs->comp) { sk_sort(ctx->cert_store->objs); } Impact of this issue is not very high due: - it can only happen after a server restart - may cause a crash of one single server child process - happens only in a multithreaded environment (MPM worker) -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
