Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. inn-CURRENT-20160416/nnrpd issue (The Doctor)
2. Re: inn-CURRENT-20160416/nnrpd issue (Julien ?LIE)
3. Re: inn-CURRENT-20160416/nnrpd issue (The Doctor)
4. Re: inn-CURRENT-20160416/nnrpd issue (Julien ?LIE)
5. Re: inn-CURRENT-20160416/nnrpd issue (Julien ?LIE)
----------------------------------------------------------------------
Message: 1
Date: Sat, 16 Apr 2016 06:11:30 -0600
From: The Doctor <[email protected]>
To: [email protected]
Subject: inn-CURRENT-20160416/nnrpd issue
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Getting the following error
tls.c:263: dereferencing pointer to incomplete type
tls.c:265: dereferencing pointer to incomplete type
Line in question
switch (ctx->error) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(
buf));
recall I am using openssl 1.1
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Manitoba ! Save your province in April! Vote Liberal!!
------------------------------
Message: 2
Date: Sat, 16 Apr 2016 14:36:15 +0200
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: inn-CURRENT-20160416/nnrpd issue
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252; format=flowed
The Doctor,
> Getting the following error
>
> tls.c:263: dereferencing pointer to incomplete type
> tls.c:265: dereferencing pointer to incomplete type
>
> Line in question
>
> switch (ctx->error) {
> case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
> X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf,
> sizeof(
> buf));
>
> recall I am using openssl 1.1
Did this error appear only yesterday?
Did you change something? (I see that OpenSSL 1.1.0-pre4 has been
available since March, 16th 2016 so unless you installed it yesterday,
there shouldn't be any changes.)
--
Julien ?LIE
? ?tre ?u ne p?s ?tre, telle est l? questi?n? ? (Ker?zen)
------------------------------
Message: 3
Date: Sat, 16 Apr 2016 07:07:42 -0600
From: The Doctor <[email protected]>
To: Julien ?LIE <[email protected]>
Cc: [email protected]
Subject: Re: inn-CURRENT-20160416/nnrpd issue
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1
On Sat, Apr 16, 2016 at 02:36:15PM +0200, Julien ?LIE wrote:
> The Doctor,
>
> >Getting the following error
> >
> >tls.c:263: dereferencing pointer to incomplete type
> >tls.c:265: dereferencing pointer to incomplete type
> >
> >Line in question
> >
> > switch (ctx->error) {
> > case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
> > X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf,
> > sizeof(
> >buf));
> >
> >recall I am using openssl 1.1
>
> Did this error appear only yesterday?
> Did you change something? (I see that OpenSSL 1.1.0-pre4 has been available
> since March, 16th 2016 so unless you installed it yesterday, there shouldn't
> be any changes.)
>
I use the openssl-SNAP similar to me using the Inn-CUURENT daily snaps.
Possible change in openssl
> --
> Julien ?LIE
>
> ? ?tre ?u ne p?s ?tre, telle est l? questi?n? ? (Ker?zen)
> _______________________________________________
> inn-workers mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/inn-workers
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Manitoba ! Save your province in April! Vote Liberal!!
------------------------------
Message: 4
Date: Sat, 16 Apr 2016 15:36:50 +0200
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: inn-CURRENT-20160416/nnrpd issue
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252; format=flowed
The Doctor,
> I use the openssl-SNAP similar to me using the Inn-CUURENT daily
> snaps.
>
> Possible change in openssl
Ah, OK. I've just found the related commit in OpenSSL.
Our friend Rich Salz made a few X509_xxx types opaque yesterday.
>>> switch (ctx->error) {
>>> case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
>>> X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf,
>>> sizeof(
>>> buf));
Could you please try:
switch (X509_STORE_CTX_get_error(ctx)) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)),
buf, sizeof(buf));
and tell us whether nnrpd builds better with that change?
--
Julien ?LIE
? ?tre ?u ne p?s ?tre, telle est l? questi?n? ? (Ker?zen)
------------------------------
Message: 5
Date: Sun, 17 Apr 2016 11:47:24 +0200
From: Julien ?LIE <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Re: inn-CURRENT-20160416/nnrpd issue
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
The Doctor,
>> Could you please try:
>>
>> switch (X509_STORE_CTX_get_error(ctx)) {
>> case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
>>
>> X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)),
>> buf, sizeof(buf));
>>
>> and tell us whether nnrpd builds better with that change?
>
> That does the think and it works fine.
>
> Please somehow commit.
OK, thanks for the confirmation.
I've seen in the documentation of X509_STORE_CTX_get_error() that
"In versions of OpenSSL before 1.0 the current certificate returned
by X509_STORE_CTX_get_current_cert() was never NULL. Applications
should check the return value before printing out any debugging
information relating to the current certificate."
so here is a complete patch. In the switch part, err_cert is not NULL
because otherwise the error would have been different than
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT.
--- tls.c (r?vision 9987)
+++ tls.c (copie de travail)
@@ -244,9 +244,13 @@
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
- if ((tls_serveractive) && (tls_loglevel >= 1))
- Printf("Peer cert verify depth=%d %s", depth, buf);
+ if (err_cert != NULL) {
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+ if ((tls_serveractive) && (tls_loglevel >= 1)) {
+ Printf("Peer cert verify depth=%d %s", depth, buf);
+ }
+ }
+
if (ok==0)
{
syslog(L_NOTICE, "verify error:num=%d:%s", err,
@@ -260,9 +264,10 @@
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
- switch (ctx->error) {
+
+ switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf,
sizeof(buf));
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
syslog(L_NOTICE, "issuer= %s", buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
I'll commit it soon.
--
Julien ?LIE
? Je sens que ma derni?re hure est proche ! ? (Ast?rix)
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 83, Issue 8
******************************************
