Full_Name: Tim Costello
Version: 2.4.5
OS: Win32
Submission from: myponga0.connect.com.au (210.8.224.3)
This may be related to bug 295.
Whenever I do an https request to the server (1.3.10-dev and 2.4.5) it accesses
a null pointer. This is happening inside ssl_hook_Fixup in ssl_engine_kernel.c.
It seems as though if a client connects without supplying a certificate, and
mod_ssl has been configured to export certificate data, a crash is inevitable.
OpenSSL returns NULL from this call:
sk = SSL_get_peer_cert_chain(ssl);
and in the loop that follows, sk is referenced.
I'm on Win32 which makes getting a UNIX style backtrace difficult. The function
trace, if you're interested is:
ssl_hook_Fixup
run_method
ap_run_fixups
process_request_internal
ap_process_request
child_sub_main
child_main
Hope this helps.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
