OpenSSL 0.9.8a dumps core in SSL_CTX_load_verify_locations()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OpenSSL 0.9.8a dumps core in SSL_CTX_load_verify_locations()

Marko Asplund

I'm having problems with the OpenSSL SSL_CTX_load_verify_locations()  
routine dumping core on Solaris 8 (sparc, 64-bit). I first noticed  
this problem with Apache mod_ssl but it can be reproduced with a  
minimal standalone C program which calls SSL_CTX_load_verify_locations

I've only experienced this problem with one certain CA bundle file.  
The problem doesn't appear with OpenSSL release 0.9.7e (and at least  
d) but starting with f I'm getting core dumps (tested with i, g, f  
and 0.9.8a).

Any ideas on what has changed between 0.9.7e and 0.9.7f that may be  
causing this?

Here's the code for reproducing the problem:

   export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
   export or=/home/aspa/tmp/openssl098a
   coreadm -p core $$
   gcc x509catest.c -g -m64 -I$or/include -L$or/lib -lssl -lcrypto -
lsocket -ldl
#include <openssl/ssl.h>
int main() {
   char *capath="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt";
   char *cafile;
   SSL_CTX *ctx = SSL_CTX_new(SSLv3_method());
   int r = SSL_CTX_load_verify_locations(ctx, cafile, capath);
   printf("SSL_CTX_load_verify_locations: %d\n",r);

Here's the stack backtrace from the core file:

#0  0x00000001000639a8 in x509_object_cmp (a=<value optimized out>,
     b=<value optimized out>) at x509_lu.c:161
161             ret=((*a)->type - (*b)->type);
(gdb) bt
#0  0x00000001000639a8 in x509_object_cmp (a=<value optimized out>,
     b=<value optimized out>) at x509_lu.c:161
#1  0xffffffff7ef53a9c in qsort () from /usr/lib/64/
#2  0x000000010004d9ac in sk_sort (st=0x1002351a0) at stack.c:331
#3  0x000000010004dac0 in sk_find (st=0x1002351a0, data=0x100291900  
"") at stack.c:227
#4  0x00000001000640f4 in X509_OBJECT_retrieve_match (h=0x1002351a0,  
     at x509_lu.c:460
#5  0x0000000100064354 in X509_STORE_add_cert (ctx=0x10021db80,  
     at x509_lu.c:344
#6  0x00000001000663e8 in X509_load_cert_crl_file (ctx=0x1002354a0,
     file=<value optimized out>, type=<value optimized out>) at  
#7  0x0000000100066504 in by_file_ctrl (ctx=0x1002354a0, cmd=1,
     argp=0x18 <Address 0x18 out of bounds>, argl=1, ret=0x0) at  
#8  0x0000000100063858 in X509_LOOKUP_ctrl (ctx=0x0, cmd=1,
     argc=0x1000d0210 "/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/
     argl=1, ret=0x0) at x509_lu.c:117
#9  0x0000000100060258 in X509_STORE_load_locations (ctx=0x10021db80,
     file=0x1000d0210 "/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/
     path=0x1000d01a0 "/home/aspa/kronodoc/dev-3.4/httpd/conf/
ssl.crt") at x509_d2.c:92
#10 0x0000000100023e64 in main () at x509catest.c:17

Here's the exact build procedure I'm using to build OpenSSL:

# build OpenSSL
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
perl Configure solaris64-sparcv9-gcc no-idea no-shared -g -fPIC --
gmake depend
gmake test
gmake install


OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]