This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit bba9e9464a1a884089e5f35dc7e4ee5d19cffea9 Author: Mark Thomas <[email protected]> AuthorDate: Wed Feb 4 15:19:44 2026 +0000 Fix 69939 EVP_PKEY_is_a() crashes with NULL key on OpenSSL 3.0.x https://bz.apache.org/bugzilla/show_bug.cgi?id=69939 --- native/src/sslutils.c | 2 +- xdocs/miscellaneous/changelog.xml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/native/src/sslutils.c b/native/src/sslutils.c index f7a79d8b2..8e0e23219 100644 --- a/native/src/sslutils.c +++ b/native/src/sslutils.c @@ -190,7 +190,7 @@ EVP_PKEY *SSL_dh_GetParamFromFile(const char *file) return NULL; evp = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL); BIO_free(bio); - if (!EVP_PKEY_is_a(evp, "DH")) { + if (evp && !EVP_PKEY_is_a(evp, "DH")) { EVP_PKEY_free(evp); return NULL; } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 80589b32b..94da1de41 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -62,6 +62,10 @@ Improve performance for the rare case of handling large OCSP responses. (markt) </scode> + <fix> + <bug>69939</bug>: Fix the cause of a crash with OpenSSL 3.0.x when a + certificate PEM file does not contain explicit DH parameters. (markt) + </fix> </changelog> </section> <section name="2.0.12" rtext="2026-01-12"> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
