[
https://issues.apache.org/jira/browse/PROTON-2919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Stitcher reassigned PROTON-2919:
---------------------------------------
Assignee: Andrew Stitcher
> Potential NULL dereference in SSL initialization path when calling
> X509_STORE_set_flags
> ---------------------------------------------------------------------------------------
>
> Key: PROTON-2919
> URL: https://issues.apache.org/jira/browse/PROTON-2919
> Project: Qpid Proton
> Issue Type: Bug
> Environment: Qpid Proton: latest master
> OpenSSL: 1.1.x
> Compiler: gcc
> Reporter: Qi Xu
> Assignee: Andrew Stitcher
> Priority: Minor
> Attachments: image-2026-03-10-18-26-55-532.png
>
>
> While testing the SSL initialization path in Qpid Proton, I encountered a
> segmentation fault triggered during the initialization of an SSL domain. The
> crash appears to occur when X509_STORE_set_flags() is called with a NULL
> X509_STORE pointer.
> From the stack trace, it seems that the certificate store returned during SSL
> domain initialization may be NULL in some cases, and the code path does not
> currently perform a defensive check before calling X509_STORE_set_flags().
> This leads to a NULL pointer dereference inside OpenSSL.
> !image-2026-03-10-18-26-55-532.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
