RE: Problem with X509_set_verify()

[steve thornton]

OK, I haven't found the problem. It does appear to be an OpenSSL bug.

I use

SSL_CTX_set_verify ( ctx, SSL_VERIFY_PEER, verifyCallbackProc );

and

int verifyCallbackProc ( int ok, X509_STORE_CTX *store )
{

  return 1;
}

this causes the verification code to hang in the middle of the handshake.
Can anybody confirm that this happens with standard OpenSSL builds?


Steve

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of steve thornton
Sent: 26 June 2003 11:07
To: [EMAIL PROTECTED]
Subject: RE: Problem with X509_set_verify()


I think I've found the problem (in my code) but will take a while to make
sure.

As far as "horrible crash" goes - it freezes in mid handshake (as the verify
callback explodes), and causes the real-time embedded kernel to lock up all
its signal queues, causing the whole (very complex) system to gradually
nosedive into deadlock. The display device goes crazy foe while as it
twitches in its death throes. After a while I get an auto reset. This of
course has nothing to do with OpenSSL.

cheers

Steve

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke
Sent: 26 June 2003 10:28
To: [EMAIL PROTECTED]
Subject: Re: Problem with X509_set_verify()


On Thu, Jun 26, 2003 at 10:07:08AM +0100, steve thornton wrote:
> Actually, I take that back, it does get called whether the chain passes or
> fails. However, it still crashes horribly when ok is altered. Any clues?

Hmm. I don't use the function directly but indirectly via the SSL layer.
See the Postfix/TLS pachtkit (file pfixtls.c after applying the patch,
available from my homepage) on how I use it.

Anyway, I am currently trying to imagine a "horrible crash".
I assume it is similar to the Enterprise being hit by a photone torpedo:
sparks are coming out of the consoles, computers explode and smoke
fills the bridge...

Best regards,
        Lutz
--
Lutz Jaenicke                             [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]