On Fri, 17 Oct 2014 21:17:49 +0200, The default queue via RT wrote > On Thu, 16 Oct 2014 16:33:28 +0200, Frank Schmirler wrote > > I get the following segfault when trying to send an SSLv3 request to > > the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3 disabled: > > > > Program received signal SIGSEGV, Segmentation fault. > > 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at > > bio_ssl.c:312 > > 312 if (ssl->handshake_func == ssl->method->ssl_connect) > > Problem is that ssl23_get_server_method(SSL3_VERSION) returns NULL when > compiled with "no-ssl3", setting ssl->method to NULL. The attached > patch adds a define to ssl23_get_client_hello(...) to treat the "no- > ssl3" just like the "SSL_OP_NO_SSLv3" flag.
The same problem will also occur in an SSLv2 style handshake. Find attached an extended patch. Works without problems now. Regards, Frank
openssl-1.0.1j-no_ssl3.patch
Description: application/download
