[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash with SSL renegotiations in 2.4.x branch

Hi Michael,

Am 18.10.2018 um 09:39 schrieb Michael Kaufmann:

there's a bug in the current 2.4.x branch of httpd which leads to crashes for SSL renegotiations.

The variable "ctx" is always NULL in ssl_engine_kernel.c, ssl_hook_Access_classic(), and it's used here:

if (!(cert_store ||
     (cert_store = SSL_CTX_get_cert_store(ctx))))

In trunk, this bug has been fixed in r1828793. Please backport this for 2.4.37.

Thanks for letting us know. Indeed the backport is missing.

Unfortunately the test suite seems to not cover the case that triggers the crash. It seems to be when OptRenegotiate is set and we do have client certs from the original handshake, but those certs were not verified and we want a reneg now.

I will propose for backport now.