[jira] [Commented] (QPID-4883) C++ Broker may crash if client provides SSL certificate without CommonName entry.

Thu, 23 May 2013 14:31:20 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-4883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13665694#comment-13665694
 ] 

Ken Giusti commented on QPID-4883:
----------------------------------

For testing purposes, I created such a certificate using the following commands:

+ certutil -R -d /home/kgiusti/work/qpid/build/trunk/TMP/server_db -s 
O=MyCo,ST=California,C=US -o client.req -f 
/home/kgiusti/work/qpid/build/trunk/TMP/cert.password -z /bin/sh
Generating key.  This may take a few moments...
+ certutil -C -d /home/kgiusti/work/qpid/build/trunk/TMP/CA_db -c Test-CA -i 
client.req -o client.crt -f 
/home/kgiusti/work/qpid/build/trunk/TMP/cert.password -m 13949
+ certutil -A -d /home/kgiusti/work/qpid/build/trunk/TMP/server_db -n 
Test-Client -i client.crt -t Pu,,
+ pk12util -o client_pk12.out -d 
/home/kgiusti/work/qpid/build/trunk/TMP/server_db -n Test-Client -v -w 
/home/kgiusti/work/qpid/build/trunk/TMP/cert.password -k 
/home/kgiusti/work/qpid/build/trunk/TMP/cert.password
pk12util: PKCS12 EXPORT SUCCESSFUL
+ openssl pkcs12 -in ./client_pk12.out -out client_cert_key.pem -passin 
file:/home/kgiusti/work/qpid/build/trunk/TMP/cert.password
MAC verified OK


Note the "-s" parameter to the first command gives a subject field that does 
not contain a CN= entry.
                
> C++ Broker may crash if client provides SSL certificate without CommonName 
> entry.
> ---------------------------------------------------------------------------------
>
>                 Key: QPID-4883
>                 URL: https://issues.apache.org/jira/browse/QPID-4883
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.23
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>            Priority: Blocker
>             Fix For: 0.23
>
>
> Broker does not check for a null pointer return value from the Certificate 
> parsing routines.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to