[Dillo-dev] Re: Segfault while running SSL Labs CurveBall test

Fri, 16 Jan 2026 02:50:37 -0800 

Hi Rodrigo,

Rodrigo Arias <[email protected]> wrote:

> This patch should get rid of the segfault, but I need to take a closer 
> look and see if we are handling it well for LibreSSL, as they expose 
> headers from version 2 from OpenSSL.
> 
> ---8<---
> diff --git a/src/IO/tls_openssl.c b/src/IO/tls_openssl.c
> index 3345a0dc..d1df2315 100644
> --- a/src/IO/tls_openssl.c
> +++ b/src/IO/tls_openssl.c
> @@ -471,14 +471,12 @@ static bool_t Tls_check_cert_strength(SSL *ssl, 
> Server_t *srv, int *choice)
>         char buf[buflen];
>         int rc, i, n = sk_X509_num(sk);
>         X509 *cert = NULL;
> -      EVP_PKEY *public_key;
>         int key_type, key_bits;
>         const char *type_str;
>         BIO *b;
> 
>         for (i = 0; i < n; i++) {
>            cert = sk_X509_value(sk, i);
> -         public_key = X509_get_pubkey(cert);
> 
>            /* We are trying to find a way to get the hash function used
>             * with a certificate. This way, which is not very pleasant, puts
> @@ -521,6 +519,10 @@ static bool_t Tls_check_cert_strength(SSL *ssl, Server_t 
> *srv, int *choice)
>            if (print_chain)
>               MSG("%s ", buf);
> 
> +         EVP_PKEY *public_key = X509_get_pubkey(cert);
> +         if (public_key == NULL)
> +            continue;
> +
>   #if OPENSSL_VERSION_NUMBER < 0x30000000L
>            key_type = EVP_PKEY_type(EVP_PKEY_id(public_key));
>   #else
> ---8<---

Thanks! Now the segfault is gone:

Nav_open_url: new url='https://www.ssllabs.com:10446/'
Dns_server [0]: www.ssllabs.com is 69.67.183.100
Connecting to 69.67.183.100:10446
www.ssllabs.com:10446: TLSv1.2, cipher ECDHE-ECDSA-AES256-GCM-SHA384
ecdsa-with-SHA256 384-bit EC: /C=US/ST=California/L=Foster City/O=Qualys, 
Inc./OU=SSLLabs CurveBall Leaf/CN=www.ssllabs.com
ecdsa-with-SHA256 root: /C=US/ST=California/L=Foster City/O=Qualys, 
Inc./OU=SSLLabs/CN=SSLLabs CurveBall CA
SSL_read() failed: error:10FFF010:elliptic curve routines:CRYPTO_internal:EC lib
SSL_read() failed: error:10FFF07F:elliptic curve 
routines:CRYPTO_internal:pkparameters2group failure
SSL_read() failed: error:10FFF010:elliptic curve routines:CRYPTO_internal:EC lib
SSL_read() failed: error:10FFF08E:elliptic curve 
routines:CRYPTO_internal:decode error
SSL_read() failed: error:0BFFF07D:x509 certificate 
routines:CRYPTO_internal:public key decode error
Tls_close_by_key: Avoiding SSL shutdown for: https://www.ssllabs.com:10446/
Premature close for https://www.ssllabs.com:10446/

Regards,
Alex
_______________________________________________
Dillo-dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to