Hi Michael,
Am 18.10.2018 um 09:39 schrieb Michael Kaufmann:
Hi,
there's a bug in the current 2.4.x branch of httpd which leads to
crashes for SSL renegotiations.
The variable "ctx" is always NULL in ssl_engine_kernel.c,
ssl_hook_Access_classic(), and it's used here:
if (!(cert_store ||
(cert_store = SSL_CTX_get_cert_store(ctx))))
...
In trunk, this bug has been fixed in r1828793. Please backport this for
2.4.37.
Thanks for letting us know. Indeed the backport is missing.
Unfortunately the test suite seems to not cover the case that triggers
the crash. It seems to be when OptRenegotiate is set and we do have
client certs from the original handshake, but those certs were not
verified and we want a reneg now.
I will propose for backport now.
Regards,
Rainer