On Sat, Oct 02, 1999, [EMAIL PROTECTED] wrote:
> Full_Name: Tim Costello
> Version: 2.4.5
> OS: Win32
> Submission from: myponga0.connect.com.au (210.8.224.3)
>
> This may be related to bug 295.
>
> Whenever I do an https request to the server (1.3.10-dev and 2.4.5) it accesses
> a null pointer. This is happening inside ssl_hook_Fixup in ssl_engine_kernel.c.
> It seems as though if a client connects without supplying a certificate, and
> mod_ssl has been configured to export certificate data, a crash is inevitable.
>
> OpenSSL returns NULL from this call:
> sk = SSL_get_peer_cert_chain(ssl);
> and in the loop that follows, sk is referenced.
Ops, a very good catch. That's really a nasty bug and my fault. I was under
the wrong the impression that sk_X509_num(sk) in the following for-loop is
aware of sk == NULL. It's actually not, of course. This is now fixed for
2.4.6. Thanks for the feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
