On Tue, Dec 17, 2013, Ron Barber via RT wrote: > > > On 12/16/13, 6:40 PM, "Stephen Henson via RT" <r...@openssl.org> wrote: > > > >Yes, please print out the entire s->s3->handshake_dgst array instead of > >just > >the first element. That is: > > > >s->s3->handshake_dgst[0] > >s->s3->handshake_dgst[1] > >.. up to ... > >s->s3->handshake_dgst[5] > > > I had to set this back up so this is a new core dump (similar stack trace): > Program terminated with signal 11, Segmentation fault.
[snip] > (gdb) print s->s3->handshake_dgst[4] > $5 = (EVP_MD_CTX *) 0x2ae5648a5a90 That's very interesting. That shows that the handshake digest corresponding to SHA256 is being set. That should only happen with a TLS v1.2 connection. So it seems that somehow the array is being set up for a TLS v1.2 connection yet it later tries to treat it as TLS v1.0. I can't see how that can happen but at least it is making slightly more sense. If you disable TLS v1.2 that condition would never arise. Ideally I'd like to trace how the state can get confused like that but that would be tricky without being able to reproduce it myself. As mitigation I'll commit a check to return an error at the point if it can't find the digests it needs. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org