Red Hat 5.2, apache 1.3.6, mod-ssl 2.2.8-1.3.6, and openssl 0.9.2b. When
a bad pass phrase is entered using the default handler, apache seg faults.
I've added enough ssl_logs to see that the seg fault happens in
ssl_pphrase_Handle() during the call SSL_read_RSAPrivateKey() at some
point after ssl_pphrase_Handle_CB returns.
Also, a seg faults happens when checking the previously entered pass
phrase against a new key that uses a different pass phrase from the first.
This seems very much related to the other case, just a little more hidden.
Here is a debug session:
Starting program: /home/rread/src/apache_1.3.6/src/./httpd -DSSL
Apache/1.3.6 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server rrtest:443
Enter pass phrase:
Program received signal SIGSEGV, Segmentation fault.
0x400f1486 in main_arena ()
(gdb) bt
#0 0x400f1486 in main_arena ()
#1 0x68400f14 in ?? ()
#2 0x401334ac in ssl_pphrase_Handle ()
#3 0x4012e807 in ssl_init_Module ()
#4 0x806b339 in ap_init_modules ()
#5 0x807507d in main ()
thanks,
robert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
