[[EMAIL PROTECTED] - Fri Jan 3 13:45:08 2003]: > > > > Hi Lutz, > > Sorry to email you directly, but I was unable to send any message to the > openssl-users mailing list. I tried sending the message via Google too and > it also didn't work. I think my subscription is still valid. > > > We are facing CORE DUMP in ssl library during cerificate chain validation > in the following > Scenario: > > working for ssl proxy ( single ssl context is used ). it is working fine ( > ie accepting ssl connections and establishing ssl connections ) with > self signed certificates. But we are failing to establish ssl connection > with certificate chains. > > we succeeded in accepting ssl connections, but when we try to establish a > secure connection ( ie when we try SSL_connect) > it core dumps at X509_NAME_cmp () in the library. > > ---Type <return> to continue, or q <return> to quit--- > Reading symbols from /usr/lib/libthread.so.1...done. > Loaded symbols for /usr/lib/libthread.so.1 > #0 0x001eb56c in X509_NAME_cmp () at src/sipexception.cpp:102 > 102 return "Invalid code"; > (gdb) where > #0 0x001eb56c in X509_NAME_cmp () > #1 0x001fb404 in X509_check_issued () > #2 0x001ec730 in check_issued () > #3 0x001ec048 in X509_verify_cert () > #4 0x001acf94 in ssl_verify_cert_chain () > #5 0x001baa98 in ssl3_get_server_certificate () > #6 0x001b9b90 in ssl3_connect () > > #7 0x000740b0 in sslConnect (this=0x3b1768) > > #8 0x00072d40 in tlsSelectThread (this=0x3b1768) > > > (gdb) > > Any pointers for the solution to the above problem. >
It is notg apparent from the debugging output where the core dump occurs in X509_NAME_cmp(). Maybe it needs full debugging symbols? Does s_client also crash when you attempt to connect to this same server with the same trusted certificates? If it does then if you could try extracting this certificate, possibly using an earlier s_client and see if 'openssl verify' in 0.9.7 also crashes. If it does then if you could send me the certificate chain I'll see if I can duplicate the problem and trace the cause. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
