You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2014/11/20 19:44:36 UTC
[jira] [Commented] (TS-2843) Buffer overflow in SSL error messages
[ https://issues.apache.org/jira/browse/TS-2843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14219766#comment-14219766 ]
James Peach commented on TS-2843:
---------------------------------
This was probably fixed in 3bb54ea825c9e3a310c760d45b5e2e2b97d36c3b.
> Buffer overflow in SSL error messages
> -------------------------------------
>
> Key: TS-2843
> URL: https://issues.apache.org/jira/browse/TS-2843
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Leif Hedstrom
> Labels: newbie
> Fix For: 6.0.0
>
>
> With a bad TLS config, I was getting the following errors, which looks like it's reading buffers beyond "EOL".
> {code}
> May 24 22:31:55 ats-int traffic_server[12696]: {0x2b89afcc6900} ERROR: <SSLUtils.cc:971 (SSLInitServerContext)> SSL::47870359922944:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596���
> May 24 22:31:55 ats-int traffic_server[12696]: {0x2b89afcc6900} ERROR: <SSLUtils.cc:971 (SSLInitServerContext)> SSL::47870359922944:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483���
> May 24 22:31:55 ats-int traffic_server[12696]: {0x2b89afcc6900} ERROR: <SSLUtils.cc:971 (SSLInitServerContext)> SSL::47870359922944:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669���
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)