On Fri, Oct 17, 2014 at 6:47 AM, Frank Schmirler <open...@schmirler.de> wrote:
> On Thu, 16 Oct 2014 16:33:28 +0200, Frank Schmirler wrote
>> I get the following segfault when trying to send an SSLv3 request to
>> the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3 disabled:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at bio_ssl.c:312
>> 312 if (ssl->handshake_func == ssl->method->ssl_connect)
>
> Problem is that ssl23_get_server_method(SSL3_VERSION) returns NULL when
> compiled with "no-ssl3", setting ssl->method to NULL. The attached patch adds
> a define to ssl23_get_client_hello(...) to treat the "no-ssl3" just like the
> "SSL_OP_NO_SSLv3" flag.
Well, shooting from the hip.... If OpenSSL was configured with
no-ssl3, then the following will be defined in <opensslconf.h>:
OPENSSL_NO_SSL3
So you might want to OR-in the flag only if OPENSSL_NO_SSL3 is
defined. And treat the NULL return as an error otherwise.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
