Full_Name: Alex Tutubalin
Version: 2.4.5
OS: FreeBSD 3.3-STABLE
Submission from: (NULL) (195.133.64.212)
when SSLOption +ExportCertData turned on and no client cert present,
server coredumps (and not serve request)
Cause:
SSL_get_peer_cert_chain() at pkg.sslmod/ssl_engine_kernel.c, line 1251
returns NULL and sk_X509_num() at next line traps.
Quick'n'durty fix (not too efficient, but only 4 bytes changed :),
in general there should be an if() around for() operator:
*** pkg.sslmod/ssl_engine_kernel.c.orig Wed Oct 13 12:44:01 1999
--- pkg.sslmod/ssl_engine_kernel.c Wed Oct 13 12:44:12 1999
***************
*** 1249,1255 ****
val = ssl_var_lookup(r->pool, r->server, r->connection, r,
"SSL_CLIENT_CERT");
ap_table_set(e, "SSL_CLIENT_CERT", val);��
sk = SSL_get_peer_cert_chain(ssl);
! for (i = 0; i < sk_X509_num(sk); i++) {
var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
if (val != NULL)
--- 1249,1255 ----
val = ssl_var_lookup(r->pool, r->server, r->connection, r,
"SSL_CLIENT_CERT");
ap_table_set(e, "SSL_CLIENT_CERT", val);
sk = SSL_get_peer_cert_chain(ssl);
! for (i = 0; sk && i < sk_X509_num(sk); i++) {
var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
if (val != NULL)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
