Re: [openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error

2003-02-03 Thread Bodo Moeller 
Arne Ansper <[EMAIL PROTECTED]>:

>> Like I say, they should only do this if there was an error reported, surely?

> No. Take a look at the SSL_CTX_use_certificate_chain_file:
> 
> ret=SSL_CTX_use_certificate(ctx,x);
> if (ERR_peek_error() != 0)
> ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */

Actually I think this is a bug in SSL_CTX_use_certificate() -- if it
intentionally ignores an error returned by X509_check_private_key(),
it should call ERR_clear_error().

The reason why I did not fix this when I looked at this some time ago
is some rather weird code in ssl_set_cert(), the function used by
SSL_CTX_use_certificate() from which X509_check_private_key() is
called.  (If you look at ssl_set_cert(), you'll see that it switches
from SSL_PKEY_DH_RSA to SSKL_PKEY_DH_DSA and the other way around,
which does not appear to make much sense.)  Investigating this has
been on my "to do" list for a while.  Once this has been resolved,
the lines

 if (ERR_peek_error() != 0)
ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */

can be removed from SSL_CTX_use_certificate_chain_file().


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error

2003-01-31 Thread Richard Levitte - VMS Whacker via RT 

In message <[EMAIL PROTECTED]> on Fri, 31 Jan 2003 15:50:06 
+0100 (MET), "Bodo Moeller via RT" <[EMAIL PROTECTED]> said:

rt> A second theory is that OpenSSL should always clear the error queue by
rt> calling ERR_clear_error() if stuff left in the error queue might cause
rt> confusion later.

The problem is finding out what it's appropriate.  Let's not forget
that some OpenSSL functions are called from other OpenSSL functions,
so this might be tricky.

Besides, I'm not sure I agree with that theory in any case.  Would
libc functions clear errno all the time?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error

2003-01-31 Thread Bodo Moeller via RT 

On Tue, Nov 26, 2002 at 10:44:15PM +0200, Arne Ansper wrote:

> I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
> problem. Other uses of ERR_peek_error seem to be immune to the old entries
> in error stack.

One theory is that applications should not call arbitrary OpenSSL
functions while there is stuff in the error queue.

A second theory is that OpenSSL should always clear the error queue by
calling ERR_clear_error() if stuff left in the error queue might cause
confusion later.

The second theory is nicer, but until someone has patched OpenSSL
appropriately, unfortunately the first theory remains true.


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error

2003-01-30 Thread Lutz Jaenicke via RT 

On Thu, Jan 30, 2003 at 10:09:22PM +0100, Richard Levitte via RT wrote:
> 
> Any more thoughts on this issue?

The problem is not yet solved. Using the global error stack as error indicator
instead of correctly passing state back via return values is a design flaw.
It happend to make problems in the past.

I am currently busy as hell, so I will probably not be able to fix it over the
next days.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error

2002-11-26 Thread Arne Ansper via RT 



> Adding ERR_clear_errors() into SSL_read() etc seems to be the correct
> approach. It is already handled this way in _accept(), _connect(), but
> not that obvious, because it is found e.g. in ssl3_accept() which is
> called depending on the method selected.
>
> You will often find ERR_clear_errors() combined with clear_sys_error()
> but obviously not in all occasions.

I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
problem. Other uses of ERR_peek_error seem to be immune to the old entries
in error stack.

> Unfortunately it is not obvious enough to simply add it without some
> further investigation. I will thus put this issue into the 0.9.7 queue
> and will not consider it for 0.9.6h anymore.

0.9.7 is fine for me.

Arne

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]