httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47408] segfault potential in modssl ssl_log_cxerror
Date Tue, 23 Jun 2009 13:41:05 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47408





--- Comment #2 from Peter Sylvester <peter.sylvester@edelweb.fr>  2009-06-23 06:41:04
PST ---
In crypto/x509/x509_vfy.c : the call back is called explicitely with
no certficate under two circumstances:

- When there is no acceptable explicit certficationpolicy found.

- To notify the active policy.

in the check_policy routine which is invoked after presenting 
each certficate in the chain to the callback, the callback is called
again.

     if (ret == -2)
        {
        ctx->current_cert = NULL;
        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
        return ctx->verify_cb(0, ctx);
        }

    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
        {
        ctx->current_cert = NULL;
        ctx->error = X509_V_OK;
        if (!ctx->verify_cb(2, ctx))
            return 0;
        }

The "previous" cert had already be presented to the verify callback, so it was
already logged by apache.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message