My product got hit by this bug too. ( it uses 0.9.8y branch). I understand
the fix is in main branch, but I am curious - will 0.9.8 be patched
eventually?
--
View this message in context:
http://openssl.6102.n7.nabble.com/NULL-ptr-deref-when-calling-SSL-get-certificate-with-1-0-0k-tp43636p45271
On Tue, Mar 05, 2013, Vimol Kshetrimayum wrote:
> Hi Steve,
>
> I am also facing the same issue.
> If I want to to fix this bug, should the code for SSL_get_certificate() be
> restored to previous state? Is there any other place to be fixed?
>
Effectively yes. The fix is here:
http://git.opens
Hi Steve,
I am also facing the same issue.
If I want to to fix this bug, should the code for SSL_get_certificate() be
restored to previous state? Is there any other place to be fixed?
Thanks,
-Vimol
On Mon, Feb 11, 2013 at 10:21 PM, Dr. Stephen Henson wrote:
> On Mon, Feb 11, 2013, Bogdan Harj
On Mon, Feb 11, 2013, Bogdan Harjoc wrote:
> I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer
> dereference when I call SSL_get_certificate on a valid SSL object.
>
> Backtrace:
>
> ssl_set_cert_masks:1845
> ssl_get_server_send_pkey:2117
> ssl_get_server_send_cert:2175
> SSL_get_
I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer
dereference when I call SSL_get_certificate on a valid SSL object.
Backtrace:
ssl_set_cert_masks:1845
ssl_get_server_send_pkey:2117
ssl_get_server_send_cert:2175
SSL_get_certificate:2605
ssl_get_server_send_pkey calls ssl_set_cert_
