On Tue, Apr 16, 2013, xiaotu65217 wrote:
> Hello,my friend!
> Today when I use the openssl 0.9.8y,I met a problem,please help me.
> The problem is : I upgrade the openssl form version 0.9.8w to
> 0.9.8y,a progress occured coredump.I finally found that the issue is:
> /* Fix this function so that it takes an optional type parameter */
> X509 *SSL_get_certificate(const SSL *s)
> {
> if (s->server)
> return(ssl_get_server_send_cert(s)); //it changed here??and add
> this two lines.
> else if (s->cert != NULL)
> return(s->cert->key->x509);
> else
> return(NULL);
> }
> So my question is :why you modiy this SSL_get_certificate function?Did you
> modify the other codes at the same time or just this two lines?
> If I modify this function,and roll back,do I need to rolback other code ?
>
> Thank you very much!
>
> The pciture is captured from the openssl0.9.8y,and the bugs and fixs show
> like the following:
>
>
>
This is a bug which is fixed in the latest snapshots. Specifically if you call
SSL_get_certificate() on a server before a certificate has been sent.
It was changed to fix OCSP stapling in the case of multiple certificates: it
used to return just the last certificate confuigured, now it returns the
certificate that was actually used.
The original "fix" for this was broken and it is now handled in a different
way: unfortunately not all the original code was removed when this was
changed.
See:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f751dc47596050694c19feba162e63f610e29a74;hp=fbe621d08f2026926c91c1c5f386b27605e39a43
You can either use the latest snapshot or jus revert the changes to that file.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
