You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/10/23 08:30:29 UTC
DO NOT REPLY [Bug 24030] New: -
Missing private key in SSLProxyMachineCertificateFile causes SEGV
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24030>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24030
Missing private key in SSLProxyMachineCertificateFile causes SEGV
Summary: Missing private key in SSLProxyMachineCertificateFile
causes SEGV
Product: Apache httpd-2.0
Version: 2.0.47
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: kris.verbeeck@advalvas.be
When firing a request, the reverse proxy child process segfaults.
The segfault occurs in the ssl_callback_proxy_cert() function
(ssl_engine_kernel.c) when calling the modssl_set_cert_info() macro.
This macro is defined as follows:
#define modssl_set_cert_info(info, cert, pkey) \
*cert = info->x509; \
X509_reference_inc(*cert); \
*pkey = info->x_pkey->dec_pkey; \
EVP_PKEY_reference_inc(*pkey)
When tracing trough the code with gdb the following values are
present in the local variables:
(gdb) p info
$4 = (struct X509_info_st *) 0x8236688
(gdb) p cert
No symbol "cert" in current context.
(gdb) p pkey
$5 = (struct evp_pkey_st **) 0xbffff26c
(gdb) p *info
$6 = {x509 = 0x8236bf0, crl = 0x0, x_pkey = 0x0, enc_cipher = {cipher = 0x0,
iv = "ú\024/KJh\207§"}, enc_len = 0, enc_data = 0x0, references = 1}
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x08095b9d in ssl_callback_proxy_cert (ssl=0x0, x509=0xbffff268,
pkey=0xbffff26c) at ssl_engine_kernel.c:1592
1592 modssl_set_cert_info(info, x509, pkey);
The problem is that the x_pkey field in the info structure is NULL
(the third line in the macro tries to access a field in this x_pkey
structure).
Mod_proxy/mod_ssl should ensure that there is a private key for every
certificate in SSLProxyMachineCertificateFile (and vice versa).
(See also the following thread:
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=106629032008685&w=2)
(Related to bug 24029)
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org