[
https://issues.apache.org/jira/browse/AMQCPP-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984997#action_12984997
]
Kevin Quick commented on AMQCPP-347:
------------------------------------
Looking at the region of code encountering the error:
X509V3_EXT_METHOD* method = (X509V3_EXT_METHOD*)X509V3_EXT_get(
extension );
if( method == NULL ) {
break;
}
const unsigned char* data = extension->value->data;
STACK_OF(CONF_VALUE)* confValue =
method->i2v( method, method->d2i( NULL, &data,
extension->value->length ), NULL );
>From the openssl library
>(http://openssl.sourcearchive.com/documentation/0.9.7e/v3__lib_8c-source.html):
/* Return an extension internal structure */
void *X509V3_EXT_d2i(X509_EXTENSION *ext)
{
X509V3_EXT_METHOD *method;
unsigned char *p;
if(!(method = X509V3_EXT_get(ext))) return NULL;
p = ext->value->data;
if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length,
ASN1_ITEM_ptr(method->it));
return method->d2i(NULL, &p, ext->value->length);
}
>From the debugging session:
(gdb) p method->it
$2 = (ASN1_ITEM_EXP *) 0xb71a53ec
It therefore appears that the d2i method of an X509V3_EXT_METHOD can be NULL
and that the it method is preferred if non-NULL (as it is in this case).
> SEGFAULT on ssl connections with certificates
> ---------------------------------------------
>
> Key: AMQCPP-347
> URL: https://issues.apache.org/jira/browse/AMQCPP-347
> Project: ActiveMQ C++ Client
> Issue Type: Bug
> Components: Decaf
> Affects Versions: 3.2.4
> Reporter: Kevin Quick
> Assignee: Timothy Bish
> Priority: Blocker
>
> Attempting to use an ssl:// connection with certificates via:
> decaf::lang::System::setProperty("decaf.net.ssl.trustStore",
> certfile);
> decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> results in a segfault when the connection is established. The segfault
> appears to be in decaf's attempt to perform additional verification of the
> certificate:
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000 in ?? ()
> (gdb) bt
> #0 0x00000000 in ?? ()
> #1 0xb7d119e9 in
> decaf::internal::net::ssl::openssl::OpenSSLSocket::verifyServerCert
> (this=0x81c8f40, serverName=...) at
> decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:659
> #2 0xb7d12d5d in
> decaf::internal::net::ssl::openssl::OpenSSLSocket::startHandshake
> (this=0x81c8f40) at decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:368
> #3 0xb7d12174 in decaf::internal::net::ssl::openssl::OpenSSLSocket::write
> (this=0x81c8f40, buffer=0x81cd9d0 "", size=221, offset=0, length=221)
> at decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:555
> #4 0xb7d1823b in
> decaf::internal::net::ssl::openssl::OpenSSLSocketOutputStream::doWriteArrayBounded
> (this=0x81cb808, buffer=0x81cd9d0 "", size=221, offset=0, length=221)
> at decaf/internal/net/ssl/openssl/OpenSSLSocketOutputStream.cpp:94
> #5 0xb7d76687 in decaf::io::OutputStream::doWriteArray (this=0x81cb808,
> buffer=0x81cd9d0 "", size=221) at decaf/io/OutputStream.cpp:100
> #6 0xb7d76ae0 in decaf::io::OutputStream::write (this=0x81cb808,
> buffer=0x81cd9d0 "", size=221) at decaf/io/OutputStream.cpp:70
> #7 0xb7d656e9 in decaf::io::BufferedOutputStream::emptyBuffer
> (this=0x81cd938) at decaf/io/BufferedOutputStream.cpp:87
> #8 0xb7d6610b in decaf::io::BufferedOutputStream::flush (this=0x81cd938) at
> decaf/io/BufferedOutputStream.cpp:104
> #9 0xb7d7270e in decaf::io::FilterOutputStream::flush (this=0x81cfa40) at
> decaf/io/FilterOutputStream.cpp:143
> #10 0xb7aa708f in activemq::transport::IOTransport::oneway (this=0x817ce40,
> command=...) at activemq/transport/IOTransport.cpp:131
> #11 0xb7aa854d in activemq::transport::TransportFilter::oneway
> (this=0x817ce90, command=...) at activemq/transport/TransportFilter.h:120
> #12 0xb7acffb4 in activemq::transport::inactivity::InactivityMonitor::oneway
> (this=0x81cfb30, command=...) at
> activemq/transport/inactivity/InactivityMonitor.cpp:335
> #13 0xb7b09644 in
> activemq::wireformat::openwire::OpenWireFormatNegotiator::start
> (this=0x81d0230) at
> activemq/wireformat/openwire/OpenWireFormatNegotiator.cpp:222
> #14 0xb7aac991 in activemq::transport::correlator::ResponseCorrelator::start
> (this=0x81d0350) at activemq/transport/correlator/ResponseCorrelator.cpp:240
> #15 0xb7a11528 in
> activemq::core::ActiveMQConnectionFactory::doCreateConnection
> (this=0xbfffbe04, url=..., username=..., password=..., clientId=...)
> at activemq/core/ActiveMQConnectionFactory.cpp:263
> #16 0xb7a124ac in activemq::core::ActiveMQConnectionFactory::createConnection
> (url=..., username=..., password=..., clientId=...) at
> activemq/core/ActiveMQConnectionFactory.cpp:298
> #17 0xb7a12548 in activemq::core::ActiveMQConnectionFactory::createConnection
> (this=0x817c7a0, username=..., password=..., clientId=...) at
> activemq/core/ActiveMQConnectionFactory.cpp:211
> ...
> (gdb) up
> #1 0xb7d119e9 in
> decaf::internal::net::ssl::openssl::OpenSSLSocket::verifyServerCert
> (this=0x81c8f40, serverName=...) at
> decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:659
> 659 method->i2v( method, method->d2i( NULL, &data,
> extension->value->length ), NULL );
> (gdb) p method->d2i
> $1 = (X509V3_EXT_D2I) 0
> (gdb)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
