hi
I'm having problems with the OpenSSL SSL_CTX_load_verify_locations()
routine dumping core on Solaris 8 (sparc, 64-bit). I first noticed
this problem with Apache mod_ssl but it can be reproduced with a
minimal standalone C program which calls SSL_CTX_load_verify_locations
().
I've only experienced this problem with one certain CA bundle file.
The problem doesn't appear with OpenSSL release 0.9.7e (and at least
d) but starting with f I'm getting core dumps (tested with i, g, f
and 0.9.8a).
Any ideas on what has changed between 0.9.7e and 0.9.7f that may be
causing this?
Here's the code for reproducing the problem:
/*
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
export or=/home/aspa/tmp/openssl098a
coreadm -p core $$
gcc x509catest.c -g -m64 -I$or/include -L$or/lib -lssl -lcrypto -
lsocket -ldl
./a.out
*/
#include <openssl/ssl.h>
int main() {
char *capath="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt";
char *cafile;
cafile="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/bundle.crt";
cafile="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/ca-
bundle.crt";
SSL_load_error_strings();
SSL_library_init();
SSL_CTX *ctx = SSL_CTX_new(SSLv3_method());
int r = SSL_CTX_load_verify_locations(ctx, cafile, capath);
printf("SSL_CTX_load_verify_locations: %d\n",r);
}
Here's the stack backtrace from the core file:
#0 0x00000001000639a8 in x509_object_cmp (a=<value optimized out>,
b=<value optimized out>) at x509_lu.c:161
161 ret=((*a)->type - (*b)->type);
(gdb) bt
#0 0x00000001000639a8 in x509_object_cmp (a=<value optimized out>,
b=<value optimized out>) at x509_lu.c:161
#1 0xffffffff7ef53a9c in qsort () from /usr/lib/64/libc.so.1
#2 0x000000010004d9ac in sk_sort (st=0x1002351a0) at stack.c:331
#3 0x000000010004dac0 in sk_find (st=0x1002351a0, data=0x100291900
"") at stack.c:227
#4 0x00000001000640f4 in X509_OBJECT_retrieve_match (h=0x1002351a0,
x=0x100291900)
at x509_lu.c:460
#5 0x0000000100064354 in X509_STORE_add_cert (ctx=0x10021db80,
x=0x100257f70)
at x509_lu.c:344
#6 0x00000001000663e8 in X509_load_cert_crl_file (ctx=0x1002354a0,
file=<value optimized out>, type=<value optimized out>) at
by_file.c:287
#7 0x0000000100066504 in by_file_ctrl (ctx=0x1002354a0, cmd=1,
argp=0x18 <Address 0x18 out of bounds>, argl=1, ret=0x0) at
by_file.c:120
#8 0x0000000100063858 in X509_LOOKUP_ctrl (ctx=0x0, cmd=1,
argc=0x1000d0210 "/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/
ca-bundle.crt",
argl=1, ret=0x0) at x509_lu.c:117
#9 0x0000000100060258 in X509_STORE_load_locations (ctx=0x10021db80,
file=0x1000d0210 "/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/
ca-bundle.crt",
path=0x1000d01a0 "/home/aspa/kronodoc/dev-3.4/httpd/conf/
ssl.crt") at x509_d2.c:92
#10 0x0000000100023e64 in main () at x509catest.c:17
Here's the exact build procedure I'm using to build OpenSSL:
# build OpenSSL
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
perl Configure solaris64-sparcv9-gcc no-idea no-shared -g -fPIC --
prefix=/home/aspa/tmp/openssl098a
gmake depend
gmake
gmake test
gmake install
--
aspa
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
