Sorry, things are busy here ;-)
Let's see... I made changes to d2i_dsap.c, d2i_r_pr.c, and d2i_dhp.c.
To look for the problems I greped for the string "_free". Any file
that had more than one call to the same "*_free" routine was a
candidate. Since I was primarily interested in DER conversions I
limited my search to file names starting with "d". In the files above
the double free code is almost correct with a check for a NULL value,
except the pointer wasn't set to NULL on the first free, so a search
for NULL preceding the second free of the same pointer would be a
candidate to check.
This all came about because I'm trying to create a CA certificate
which my Outlook users could load onto their Win2k PCs so when they
connection to my UofW IMAP/POP3 server they won't get a dialog about
an un-authenticated server. The certificates I generate work, but
Outlook gives a complaint about a bad Common Name. I don't know the
cause, but a bad DER conversion could be a candidate since testing the
connection to the IMAP/POP3 servers using OpenSSL with the PEM
certificate seems to indicate everything is Ok.
Here is the script I used:
#!/bin/ksh
PATH=/usr/bin:/usr/sbin:/usr/local/ssl/bin:/usr/local/ssl/misc; export PATH
LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/home/harvey/lib:/usr/local/lib:/usr/local/ssl/lib;
export LD_LIBRARY_PATH
echo create a new Certificate Authority certificate for Popper
CA.pl -newca
mv demoCA/cacert.pem demoCA/cacert.pem.old
openssl x509 -in demoCA/cacert.pem.old -signkey
demoCA/private/cakey.pem \
-days 1825 -out demoCA/cacert.pem
rm demoCA/cacert.pem.old
openssl x509 -inform pem -in demoCA/cacert.pem -outform der \
-out demoCA/cacert.der
echo now create and sign the new mail certificate
openssl req -new -nodes -keyout mail.key.pem -out mail.req.pem
openssl ca -policy policy_anything -out mail.cert.pem -infiles
mail.req.pem
openssl gendh 512 > mail.dh.pem
echo now paste everything together that you need
echo the private key, the signed certificate and the dh parameters
cat mail.key.pem mail.cert.pem mail.dh.pem > ipop3d.pem
echo you can find the new certificate in ipop3d.pem
I tested the certificates created using:
openssl s_client -CAfile cacert.pem -showcerts -host 127.1 -port 995
and it worked fine.
I'd appreciate any clue as to why I'm getting a bad Common Name.
Best Rgds,
-H-
On Thu, 30 May 2002, Richard Levitte via RT wrote:
>
> [[EMAIL PROTECTED] - Thu May 30 19:28:13 2002]:
>
> > Hi,
> >
> > Just wanted you to know that I'm still having problems with DER
> format
> > certificates. A more thorough inspection turned up additional double
> > free errors in the same directory :(
>
> Hmm, would you mind telling me which file it is, since you found it,
> or do you take pleasure in giving very little hintage?
>
>
--
Harvey M Wamboldt ^ E-Mail: [EMAIL PROTECTED]
MDA Inc 1000 Windmill Rd. Suite 60 ^ Fax: (902)468-2278
Dartmouth NS, B3B 1L7, Canada ^ Phone: (902)481-3531
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
