Hi All,
On HP-UX 11.23 , httpd does a segfault when
ClientCertificates are used for authentication. This
happens only on a multi-cpu, multi-threaded
environment.
After debugging found that the problem is double
free of the certificate in ssl_engine_io.c
----------snip------------------
/* deallocate the SSL connection */
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL;
}
SSL_free(ssl);
----------/snip-----------
Here, the sslconn->client_cert is freed up. If the
sslconn->client_cert address and the
ssl->session->peer address is the same, it dumps the
core.
Hence, changed the above to look like this.
Now, it does not dump core.
------snip----------------
/* deallocate the SSL connection */
if (sslconn->client_cert) {
if(sslconn->client_cert == ssl->session->peer)
&& (ssl->references == 1) {
ssl->session->peer = NULL;
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL;
}
SSL_free(ssl);
-------/snip-----------
Do you see any problem in this approach?
How does the session certificate address match the
peer certificate address though they are in different
structures?
Is this any problem with apr_*alloc?
In Apache 1.3, the same code is in
ssl_engine_kernel.c and in 1.3, X509_free call is not
present.
Would like to hear your comments on this.
Thanks,
Madhu
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|