Package: libssl1.0.0
Version: 1.0.1e-1
Severity: important
Tags: patch upstream
SSL_get_certificate results in a segfault when called before SSL_accept.
Attached you find sample code that triggres the problem.
In in the upstream openssl git repository this problem is already fixed
with commit 147dbb2fe3bead7a10e2f280261b661ce7af7adc in the
OpenSSL_1_0_1-stable branch (patch also attached).
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.8.0 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
ii multiarch-support 2.13-38
ii zlib1g 1:1.2.7.dfsg-13
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information:
libssl1.0.0/restart-failed:
libssl1.0.0/restart-services:
commit 147dbb2fe3bead7a10e2f280261b661ce7af7adc
Author: Dr. Stephen Henson <[email protected]>
Date: Mon Feb 11 18:24:03 2013 +0000
Fix for SSL_get_certificate
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 14d143d..ff5a85a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
- if (s->server)
- return(ssl_get_server_send_cert(s));
- else if (s->cert != NULL)
+ if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);
/* compile: gcc -o ssl_test -lssl -g ssl_test.c -Wall */
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define SERVER_KEY "server.key"
#define SERVER_CRT "server.crt"
#define RETURN_IF_ERROR(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); }
int main(void){
X509* server_cert = NULL;
SSL *ssl = NULL;
SSL_CTX * ctx = NULL;
SSL_library_init();
ctx = SSL_CTX_new(SSLv23_server_method());
if (ctx == NULL) {
printf("SSL_CTX_new failed\n");
return 1;
}
SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|SSL_OP_TLS_BLOCK_PADDING_BUG|SSL_OP_NO_SSLv2);
RETURN_IF_ERROR(SSL_CTX_use_RSAPrivateKey_file(ctx, SERVER_KEY, SSL_FILETYPE_PEM))
RETURN_IF_ERROR(SSL_CTX_use_certificate_file(ctx, SERVER_CRT, SSL_FILETYPE_PEM))
ssl = SSL_new(ctx);
if (ssl == NULL) {
printf("SSL_new failed\n");
return 1;
}
//-> SEGFAULT
server_cert = SSL_get_certificate(ssl);
if (server_cert == NULL) {
printf("tls_connect: tls_get_certificate failed to return the server certificate.\n");
return 1;
}
SSL_free(ssl);
SSL_CTX_free(ctx);
return 0;
}
