Qi Xu created PROTON-2919:
-----------------------------
Summary: Potential NULL dereference in SSL initialization path
when calling X509_STORE_set_flags
Key: PROTON-2919
URL: https://issues.apache.org/jira/browse/PROTON-2919
Project: Qpid Proton
Issue Type: Bug
Environment: Qpid Proton: latest master
OpenSSL: 1.1.x
Compiler: gcc
Reporter: Qi Xu
Attachments: image-2026-03-10-18-26-55-532.png
While testing the SSL initialization path in Qpid Proton, I encountered a
segmentation fault triggered during the initialization of an SSL domain. The
crash appears to occur when X509_STORE_set_flags() is called with a NULL
X509_STORE pointer.
>From the stack trace, it seems that the certificate store returned during SSL
>domain initialization may be NULL in some cases, and the code path does not
>currently perform a defensive check before calling X509_STORE_set_flags().
This leads to a NULL pointer dereference inside OpenSSL.
!image-2026-03-10-18-26-55-532.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
