On Fri, Aug 07, 2020 at 03:44:03PM +0200, William Lallemand wrote:
> On Thu, Aug 06, 2020 at 06:11:37PM +0200, William Dauchy wrote:
> > trivial commit, does not change the code behaviour
> >
>
>
> On Thu, Aug 06, 2020 at 06:11:38PM +0200, William Dauchy wrote:
> > Following work from Arjen and Mathilde, it adds ssl_{c,s}_chain_der
> > methods; it returns DER encoded certs from SSL_get_peer_cert_chain
> >
> > Also update existing vtc tests to add random intermediate certificates
> >
> > When getting the result through this header:
> > http-response add-header x-ssl-chain-der %[ssl_c_chain_der,hex]
> > One can parse it with any lib accepting ASN.1 DER data, such as in go:
> > bin, err := encoding/hex.DecodeString(cert)
> > certs_parsed, err := x509.ParseCertificates(bin)
> >
> > Cc: Arjen Nienhuis <ar...@zorgdoc.nl>
> > Signed-off-by: Mathilde Gilles <m.gil...@criteo.com>
> > Signed-off-by: William Dauchy <w.dau...@criteo.com>
> > ---
> > v2:
> > - add missing check after trasj alloc
> > v3:
> > - add ssl_s_chain_der support
>
>
> Thanks William, I merged both patches.
>
William,
I just pushed this fix on top on your patch, the sk_X509_pop_free() was
provoking a double free in the session release.
e3a5f84 BUG/MINOR: ssl: double free w/ smp_fetch_ssl_x_chain_der()
--
William Lallemand
