activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Sussman (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQCPP-347) SEGFAULT on ssl connections with certificates
Date Mon, 24 Jan 2011 17:22:44 GMT

    [ https://issues.apache.org/jira/browse/AMQCPP-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12985825#action_12985825
] 

Adam Sussman commented on AMQCPP-347:
-------------------------------------

You need a certificate that has a specific but optional v3 extension.  As an example, openssl
x509 would dump:


        X509v3 extensions:

            X509v3 Subject Alternative Name: 
                DNS:host.name.com


> SEGFAULT on ssl connections with certificates
> ---------------------------------------------
>
>                 Key: AMQCPP-347
>                 URL: https://issues.apache.org/jira/browse/AMQCPP-347
>             Project: ActiveMQ C++ Client
>          Issue Type: Bug
>          Components: Decaf
>    Affects Versions: 3.2.4
>            Reporter: Kevin Quick
>            Assignee: Timothy Bish
>            Priority: Blocker
>         Attachments: amqcpp-347.patch
>
>
> Attempting to use an ssl:// connection with certificates via:
>         decaf::lang::System::setProperty("decaf.net.ssl.trustStore", certfile);
>         decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> results in a segfault when the connection is established.  The segfault appears to be
in decaf's attempt to perform additional verification of the certificate:
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000 in ?? ()
> (gdb) bt
> #0  0x00000000 in ?? ()
> #1  0xb7d119e9 in decaf::internal::net::ssl::openssl::OpenSSLSocket::verifyServerCert
(this=0x81c8f40, serverName=...) at decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:659
> #2  0xb7d12d5d in decaf::internal::net::ssl::openssl::OpenSSLSocket::startHandshake (this=0x81c8f40)
at decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:368
> #3  0xb7d12174 in decaf::internal::net::ssl::openssl::OpenSSLSocket::write (this=0x81c8f40,
buffer=0x81cd9d0 "", size=221, offset=0, length=221)
>     at decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:555
> #4  0xb7d1823b in decaf::internal::net::ssl::openssl::OpenSSLSocketOutputStream::doWriteArrayBounded
(this=0x81cb808, buffer=0x81cd9d0 "", size=221, offset=0, length=221)
>     at decaf/internal/net/ssl/openssl/OpenSSLSocketOutputStream.cpp:94
> #5  0xb7d76687 in decaf::io::OutputStream::doWriteArray (this=0x81cb808, buffer=0x81cd9d0
"", size=221) at decaf/io/OutputStream.cpp:100
> #6  0xb7d76ae0 in decaf::io::OutputStream::write (this=0x81cb808, buffer=0x81cd9d0 "",
size=221) at decaf/io/OutputStream.cpp:70
> #7  0xb7d656e9 in decaf::io::BufferedOutputStream::emptyBuffer (this=0x81cd938) at decaf/io/BufferedOutputStream.cpp:87
> #8  0xb7d6610b in decaf::io::BufferedOutputStream::flush (this=0x81cd938) at decaf/io/BufferedOutputStream.cpp:104
> #9  0xb7d7270e in decaf::io::FilterOutputStream::flush (this=0x81cfa40) at decaf/io/FilterOutputStream.cpp:143
> #10 0xb7aa708f in activemq::transport::IOTransport::oneway (this=0x817ce40, command=...)
at activemq/transport/IOTransport.cpp:131
> #11 0xb7aa854d in activemq::transport::TransportFilter::oneway (this=0x817ce90, command=...)
at activemq/transport/TransportFilter.h:120
> #12 0xb7acffb4 in activemq::transport::inactivity::InactivityMonitor::oneway (this=0x81cfb30,
command=...) at activemq/transport/inactivity/InactivityMonitor.cpp:335
> #13 0xb7b09644 in activemq::wireformat::openwire::OpenWireFormatNegotiator::start (this=0x81d0230)
at activemq/wireformat/openwire/OpenWireFormatNegotiator.cpp:222
> #14 0xb7aac991 in activemq::transport::correlator::ResponseCorrelator::start (this=0x81d0350)
at activemq/transport/correlator/ResponseCorrelator.cpp:240
> #15 0xb7a11528 in activemq::core::ActiveMQConnectionFactory::doCreateConnection (this=0xbfffbe04,
url=..., username=..., password=..., clientId=...)
>     at activemq/core/ActiveMQConnectionFactory.cpp:263
> #16 0xb7a124ac in activemq::core::ActiveMQConnectionFactory::createConnection (url=...,
username=..., password=..., clientId=...) at activemq/core/ActiveMQConnectionFactory.cpp:298
> #17 0xb7a12548 in activemq::core::ActiveMQConnectionFactory::createConnection (this=0x817c7a0,
username=..., password=..., clientId=...) at activemq/core/ActiveMQConnectionFactory.cpp:211
> ...
> (gdb) up
> #1  0xb7d119e9 in decaf::internal::net::ssl::openssl::OpenSSLSocket::verifyServerCert
(this=0x81c8f40, serverName=...) at decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:659
> 659	                method->i2v( method, method->d2i( NULL, &data, extension->value->length
), NULL );
> (gdb) p method->d2i
> $1 = (X509V3_EXT_D2I) 0
> (gdb) 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message