You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Michael Kaufmann <ma...@michael-kaufmann.ch> on 2018/10/18 07:39:51 UTC

Crash with SSL renegotiations in 2.4.x branch

Hi,

there's a bug in the current 2.4.x branch of httpd which leads to  
crashes for SSL renegotiations.

The variable "ctx" is always NULL in ssl_engine_kernel.c,  
ssl_hook_Access_classic(), and it's used here:

if (!(cert_store ||
     (cert_store = SSL_CTX_get_cert_store(ctx))))
...

In trunk, this bug has been fixed in r1828793. Please backport this  
for 2.4.37.

Regards,
Michael

Re: Crash with SSL renegotiations in 2.4.x branch

Posted by Michael Kaufmann <ma...@michael-kaufmann.ch>.

> Backported in 1844223, will be part of 2.4.37.
>
> Thanks again!
>
> Rainer

Great! Thanks a lot for proposing & backporting.

Regards,
Michael

Re: Crash with SSL renegotiations in 2.4.x branch

Posted by Rainer Jung <ra...@kippdata.de>.

Am 18.10.2018 um 11:09 schrieb Rainer Jung:
> Hi Michael,
> 
> Am 18.10.2018 um 09:39 schrieb Michael Kaufmann:
>> Hi,
>>
>> there's a bug in the current 2.4.x branch of httpd which leads to 
>> crashes for SSL renegotiations.
>>
>> The variable "ctx" is always NULL in ssl_engine_kernel.c, 
>> ssl_hook_Access_classic(), and it's used here:
>>
>> if (!(cert_store ||
>>      (cert_store = SSL_CTX_get_cert_store(ctx))))
>> ...
>>
>> In trunk, this bug has been fixed in r1828793. Please backport this 
>> for 2.4.37.
> 
> Thanks for letting us know. Indeed the backport is missing.
> 
> Unfortunately the test suite seems to not cover the case that triggers 
> the crash. It seems to be when OptRenegotiate is set and we do have 
> client certs from the original handshake, but those certs were not 
> verified and we want a reneg now.
> 
> I will propose for backport now.

Backported in 1844223, will be part of 2.4.37.

Thanks again!

Rainer

Re: Crash with SSL renegotiations in 2.4.x branch

Posted by Rainer Jung <ra...@kippdata.de>.

Hi Michael,

Am 18.10.2018 um 09:39 schrieb Michael Kaufmann:
> Hi,
> 
> there's a bug in the current 2.4.x branch of httpd which leads to 
> crashes for SSL renegotiations.
> 
> The variable "ctx" is always NULL in ssl_engine_kernel.c, 
> ssl_hook_Access_classic(), and it's used here:
> 
> if (!(cert_store ||
>      (cert_store = SSL_CTX_get_cert_store(ctx))))
> ...
> 
> In trunk, this bug has been fixed in r1828793. Please backport this for 
> 2.4.37.

Thanks for letting us know. Indeed the backport is missing.

Unfortunately the test suite seems to not cover the case that triggers 
the crash. It seems to be when OptRenegotiate is set and we do have 
client certs from the original handshake, but those certs were not 
verified and we want a reneg now.

I will propose for backport now.

Regards,

Rainer