Some more info:
(gdb) disassemble
Dump of assembler code for function X509_VERIFY_PARAM_set_flags:
0xb7a9ec10 <X509_VERIFY_PARAM_set_flags+0>: push %ebp
0xb7a9ec11 <X509_VERIFY_PARAM_set_flags+1>: mov %esp,%ebp
0xb7a9ec13 <X509_VERIFY_PARAM_set_flags+3>: mov 0x8(%ebp),%ecx
0xb7a9ec16 <X509_VERIFY_PARAM_set_flags+6>: mov 0xc(%ebp),%eax
0xb7a9ec19 <X509_VERIFY_PARAM_set_flags+9>: mov 0xc(%ecx),%edx
0xb7a9ec1c <X509_VERIFY_PARAM_set_flags+12>: or %eax,%edx
0xb7a9ec1e <X509_VERIFY_PARAM_set_flags+14>: test $0x780,%eax
0xb7a9ec23 <X509_VERIFY_PARAM_set_flags+19>: mov %edx,0xc(%ecx)
0xb7a9ec26 <X509_VERIFY_PARAM_set_flags+22>: je 0xb7a9ec31
<X509_VERIFY_PARAM_set_flags+33>
0xb7a9ec28 <X509_VERIFY_PARAM_set_flags+24>: or $0x80,%edx
0xb7a9ec2e <X509_VERIFY_PARAM_set_flags+30>: mov %edx,0xc(%ecx)
0xb7a9ec31 <X509_VERIFY_PARAM_set_flags+33>: pop %ebp
0xb7a9ec32 <X509_VERIFY_PARAM_set_flags+34>: mov $0x1,%eax
0xb7a9ec37 <X509_VERIFY_PARAM_set_flags+39>: ret
0xb7a9ec38 <X509_VERIFY_PARAM_set_flags+40>: nop
0xb7a9ec39 <X509_VERIFY_PARAM_set_flags+41>: lea 0x0(%esi),%esi
End of assembler dump.
(gdb) info registers
eax 0x4 4
ecx 0x0 0
edx 0x814e008 135585800
ebx 0xb7aec830 -1213282256
esp 0xbfd61c68 0xbfd61c68
ebp 0xbfd61c68 0xbfd61c68
esi 0x8eec090 149864592
edi 0xc 12
eip 0xb7a9ec19 0xb7a9ec19 <X509_VERIFY_PARAM_set_flags+9>
eflags 0x210296 [ PF AF SF IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
So it seems the segfault happens because ecx is a null pointer, and if I
interpret the assembler code correctly ecx has been fetched from the
stack (right?), so that would mean the X509_VERIFY_PARAM_set_flags
function has been called with a null pointer. Running the example with
debugging builds of the libraries would show that easily (I'm too lazy
to build those myself right now).
(After me checking more) Ah, there is no debugging build for
libnet-ssleay-perl, but there is one (well rather just the symbol tables
as addon -dbg package) for libssl0.9.8.
With that installed (and the source package unpacked and a "cd
openssl-0.9.8e/crypto/x509/" so that gdb can find the code) I get:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209964864 (LWP 444)]
X509_VERIFY_PARAM_set_flags (param=0x0, flags=4) at x509_vpm.c:217
217 param->flags |= flags;
(gdb) bt
#0 X509_VERIFY_PARAM_set_flags (param=0x0, flags=4) at x509_vpm.c:217
#1 0xb7c98257 in X509_STORE_CTX_set_flags (ctx=0x816ad10, flags=4) at
x509_vfy.c:1497
#2 0xb7d75bf3 in XS_Net__SSLeay_X509_STORE_CTX_set_flags ()
from /usr/lib/perl5/auto/Net/SSLeay/SSLeay.so
#3 0x080bdad1 in Perl_pp_entersub ()
#4 0x080bc3a9 in Perl_runops_standard ()
#5 0x08063bfd in perl_run ()
#6 0x0805ffd1 in main ()
So yes that function is called with a null "param" struct.
(gdb) up
#1 0xb7c98257 in X509_STORE_CTX_set_flags (ctx=0x816ad10, flags=4) at
x509_vfy.c:1497
1497 X509_VERIFY_PARAM_set_flags(ctx->param, flags);
The whole function is:
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
{
X509_VERIFY_PARAM_set_flags(ctx->param, flags);
}
(gdb) up
#2 0xb7d75bf3 in XS_Net__SSLeay_X509_STORE_CTX_set_flags ()
from /usr/lib/perl5/auto/Net/SSLeay/SSLeay.so
So it seems Net::SSLeay is calling X509_STORE_CTX_set_flags with a ctx
which has a NULL "param" field.
Next step for being able to see more info there would be to create a
debugging build of Net::SSLeay.
BTW removing the crl check from my code avoids the segfault, but my code
is then unable to verify that the server certificate has a valid
signature (either because the missing crl check has a side effect to
signature checking, or there's even more stuff broken).
Christian.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
