I am getting a core dump from d2i in the following code. The offending
line is:
*val = meth->i2v( meth, meth->d2i( NULL, &data, ext->value->length ), NULL
);*
I am running the 0.9.8k version of openssl compiled for shared objects,
32bit.
Can anyone spot what I am doing wrong? Has anyone else run across this
problem?
Ron
-----------------------------------------------------------------------------------------------------------------------------------
int
ssl_get_csp_name(SSL *ssl, char *csp_name, int csp_name_len)
{
X509 *cert;
X509_NAME *subj;
int extcount;
int seen_dns = 0;
int i;
csp_name[0] = '\0';
if( !(cert = SSL_get_peer_certificate(ssl)) )
{
LOGMSG( LOG_CRIT, "Failure getting client certificate");
return -1;
}
extcount = X509_get_ext_count(cert);
if( extcount <= 0 )
{
X509_free( cert );
LOGMSG( LOG_CRIT, "Client certificate has no extensions");
return -1;
}
for(i = 0; i < extcount; i++)
{
const char *extstr;
char *td = NULL;
X509_EXTENSION *ext;
ext = X509_get_ext(cert, i);
extstr = OBJ_nid2sn( OBJ_obj2nid( X509_EXTENSION_get_object(ext) ) );
if( strcmp(extstr, "subjectAltName") == 0 )
{
int j;
const unsigned char *data;
STACK_OF(CONF_VALUE) *val;
CONF_VALUE *nval;
X509V3_EXT_METHOD *meth;
if(!(meth = X509V3_EXT_get(ext)))
break;
data = ext->value->data;
*val = meth->i2v( meth, meth->d2i( NULL, &data, ext->value->length ),
NULL );*
for( j = 0; j < sk_CONF_VALUE_num(val); j++)
{
nval = sk_CONF_VALUE_value(val,j);
if( strcmp(nval->name, "DNS") == 0 )
{
if( strlen(nval->value) <= csp_name_len )
{
strcpy( csp_name, nval->value);
}
else
{
snprintf( msg, sizeof(msg), "Short name [%s] too long",
nval->value);
LOGMSG( LOG_ERR, msg);
}
break;
}
}
break;
}
}
X509_free( cert );
if( strlen(csp_name) == 0 )
{
return -1;
}
return (int)SSL_get_verify_result(ssl);
}
Here is the certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=IFCET, ST=Oklahoma, C=US/emailAddress=
amc-atow-tdls-supp...@faa.gov, O=AJW-178
Validity
Not Before: Jun 5 14:52:09 2009 GMT
Not After : Jun 3 14:52:09 2019 GMT
Subject: CN=IFCET, ST=OK, C=US/emailaddress=ron.ctr.brasw...@faa.gov,
O=TEST CSP, OU=confidence testing
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d0:52:0e:70:9a:5d:20:c7:77:c3:03:6b:2f:02:
c9:d6:eb:96:d0:df:ba:99:83:f8:30:c8:63:b4:68:
a5:e0:25:b4:fb:99:97:00:11:e2:ad:f3:41:50:55:
de:01:ac:94:41:9f:b0:18:18:8a:b4:9d:9a:1a:7b:
40:3d:f1:65:e0:c8:a3:a4:ad:38:ad:8c:4f:45:81:
35:fb:eb:d3:f7:6a:83:ab:0b:d7:b2:08:62:e1:fb:
eb:c9:6f:82:e6:d6:70:12:9b:2d:3b:e0:8a:db:e5:
5a:2a:e3:2c:f8:91:f8:84:f0:c0:da:d8:9e:7b:bd:
1c:22:aa:24:73:b7:b1:73:7f:22:33:60:7f:26:48:
34:a4:94:49:85:12:77:34:80:40:a1:44:a1:7d:6e:
b8:e9:26:55:ac:31:67:89:c7:8e:1a:f8:a0:be:57:
d4:d3:52:ff:49:6f:0d:31:f5:62:7e:3c:bf:10:39:
46:f8:4f:8a:6c:d0:4a:cb:3a:86:b2:09:b1:7a:a4:
c1:25:5f:f2:86:03:0a:66:9e:e2:78:ca:ea:e8:47:
cf:d5:02:96:6b:ff:53:ad:09:74:3d:ce:f7:e6:db:
74:96:53:cb:c8:c2:c7:47:e2:25:28:cf:12:7e:68:
17:63:c2:60:59:36:9c:a4:65:67:f0:0f:cc:7c:b3:
26:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:testcsp
Signature Algorithm: sha1WithRSAEncryption
14:58:9b:ff:0e:2c:a0:63:08:e7:30:3e:19:a2:7a:ec:87:90:
0c:cb:38:7f:1e:6c:b7:83:88:33:e4:d4:7a:98:e3:cd:36:fe:
85:09:fa:02:13:67:64:7e:d1:d4:6d:bc:d7:71:52:a3:e0:d1:
15:fa:71:e5:8c:ae:9b:b7:5a:94:f9:bf:11:a8:ea:0a:f3:66:
c7:02:af:d4:30:40:bf:ca:62:2a:8f:7e:d2:28:92:2b:bc:b0:
cb:b3:5e:5c:16:6a:99:32:e5:99:29:9b:ff:4c:24:f8:8a:d5:
c7:b4:0c:60:c9:39:f8:54:d0:ab:fa:4b:fd:9d:b9:aa:46:b8:
93:48:4a:20:59:32:85:fe:c5:39:87:1c:88:48:3f:7c:42:75:
ba:1d:7e:a1:57:7a:8f:9f:ab:52:85:6b:a8:3c:ee:fe:4d:f4:
44:95:a3:4d:d6:90:ae:44:14:e7:0e:f4:28:84:7d:1c:42:a5:
b3:fd:16:de:f2:4f:ed:6c:a2:19:f5:15:73:a5:ea:ae:dd:44:
c0:27:77:4c:9b:d7:d2:45:db:a3:4a:83:31:ad:29:f9:0c:05:
60:3e:bf:1d:30:d4:da:de:37:a2:66:56:16:9e:2b:4c:ee:a8:
ce:e6:2f:a4:18:9a:57:87:3d:f7:ef:55:60:a8:31:25:f3:41:
d7:09:a3:30
