[openssl-users] [openssl.org #4582] BUG - Application crashing in OpenSSL code while creating x509 certificate object
Hi OpenSSL users, I have come across an issue which is reported in the below ticket: http://rt.openssl.org/Ticket/Display.html?id=4582 (Please log in as guest with password guest if prompted) 0.9.8 is no longer supported by OpenSSL. So I am posting in this forum. Can you guys help me out if you can recall coming across similar issue anytime? Thanks, Sharan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function
On Tue, Sep 29, 2015 at 01:56:06PM +, Tiantian Liu via RT wrote: > Hi Matt & Vi > > I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. > I only enabled the TLSv1.2 by SSL_CTX_set_option(). > You can see my previous code: Why are you disabling TLSv1, there's little reason to do that at present. If the server supports TLS 1.2 you'll use that, otherwise you'll at least get TLS 1.0 > /*Only allow TLSv1.2 protocol*/ > SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | > SSL_OP_NO_TLSv1); I would not disable TLSv1 at this time, just SSLv2 and SSLv3. > While the above code didn't work. I couldn't reach the server. Though the > SSL_connect() didn't crash, it returned as: > > 17:49:12.939 [5499]- SSL_connect res : -1 And did you print the error stack? Look at a PCAP trace with wireshark? Connect to the server with "openssl s_client" and examine the negotiated protocol parameters? > I will continue to investigate, and keep updating the ticket. I > will adopt your idea to see if I can obtain more information during > crash. This thread does not belong on openssl-dev, cross-posting and redirecting to openssl-users. -- Viktor. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl.org #3804] AutoReply: BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken
I have now successfully built and tested 1.0.2c on Solaris 10 with gcc 4.7.2 from unixpackages.com. ./Configure solaris-sparcv9-gcc no-shared -m32 -fPIC -fvisibility=hidden ./Configure solaris64-sparcv9-gcc no-shared -m64 -fPIC -fvisibility=hidden Looks like Solaris Studio is buggy. This bug should be closed. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl.org #3804] AutoReply: BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken
I have now successfully built and tested 1.0.2c on Solaris 10 with gcc 4.7.2 from unixpackages.com. ./Configure solaris-sparcv9-gcc no-shared -m32 -fPIC -fvisibility=hidden ./Configure solaris64-sparcv9-gcc no-shared -m64 -fPIC -fvisibility=hidden Looks like Solaris Studio is buggy. This bug should be closed. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [openssl.org #3804] BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken
apparently a Sun library bug, closing this report as requested by the original poster. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl.org #3804] BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken
If I build using just ./Configure solaris-sparcv9-cc Everything works fine. However ./Configure solaris-sparcv9-cc -xcode=pic32 Causes the problem. John. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl.org #3804] BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken
If I build using just ./Configure solaris-sparcv9-cc Everything works fine. However ./Configure solaris-sparcv9-cc -xcode=pic32 Causes the problem. John. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [openssl.org #3804] AutoReply: BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken
Greetings, This message has been automatically generated in response to the creation of a trouble ticket regarding: BUG: OpenSSL 1.0.2 Solaris 32 bit build is broken, a summary of which appears below. There is no need to reply to this message right now. Your ticket has been assigned an ID of [openssl.org #3804]. Please include the string: [openssl.org #3804] in the subject line of all future correspondence about this issue. To do so, you may reply to this message. Thank you, r...@openssl.org - I have an application that runs quite happily using OpenSSL 1.0.1h on Solaris 32 bit. I want to upgrade but neither 1.0.2 nor 1.0.2a work. Solaris 10 Solaris Studio 12.4 Make test log attached. 1 When building 1.0.2 using ./Configure solaris-sparcv9-cc no-shared -m32 -xcode=pic32 -xldscope=hidden openssl s_client crashes on start: -bash-3.00$ ./openssl s_client -connect eos.es.cpth.ie:4250 Segmentation Fault (core dumped) -bash-3.00$ pstack core core 'core' of 468: ./openssl s_client -connect eos.es.cpth.ie:4250 000e9ce8 sha1_block_data_order (2ed490, 2ed4ec, 4, ffbfebc0, ffbfebc4, 44) + 8 00226140 ssleay_rand_add (ffbfecbc, 1, 20, ffbfeb94, 0, 14) + 530 00227028 RAND_poll (4, ffbfeca8, ffbfecc8, ffbfecc8, 2c0630, 2c0624) + 38c 00226be0 ssleay_rand_status (c734, 0, 2b9f5c, 2c05ac, 2a0e50, 13000) + 138 00065eb4 app_RAND_load_file (ffbfefc0, 2d5218, 1, 2800, 0, 1) + 88 0004d784 s_client_main (0, c00, 0, c00, 2b4adc, 2f4380) + 5c94 0001328c do_cmd (2eb4c8, 3, ffbffa88, 2b4738, 13e64, 2b3e78) + b8 00012f08 main (4, ffbffa84, 2eb4c8, 2a, 2b3e78, 2b4adc) + 3a4 00012a08 _start (0, 0, 0, 0, 0, 2b3e78) + 108 2 So I then rebuilt adding no-asm flag. It manages to connect but negotiation fails with an error: 4280581268:error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:s3_pkt.c:1456:SSL alert number 20 4280581268:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: This is against the server that is still running 1.0.1h and can be successfully connected with openssl s_client built with 1.0.1h. The 64 bit build seems to work perfectly. The 32 bit builds that we use on Windows and Linux also work perfectly. 1.0.2a build fails in the same way. gcc build fails in the same way. I have built 1.0.1m with asm and that works fine. Regards, John. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
openssl-users@openssl.org
Hello,
I getting crazy !
In one application I insert CA certificates and CRLs in the X509_STORE.
This store is included in the SSL_CTX. No problem. The certificate
verification process during handshake runs like a charm.
In a second application, I create an X509_STORE and try to insert my CA
certificates and CRL lists and right at the FIRST insertion of a CA I get :
error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert
already in hash table
It is not possible : the store is empty !
I tried even to create a dummy SSL_CTX and use its store like I do in
the other application (I imagined that the SSL_CTX creation may be made
some initialisation in the store...) : same result.
i.e. : the same code runs smoothly in one application and not in the
second one !
I compared the compilation environment (command parameters, includes)
and didn't find any significant difference, except that the second
application is compiled with the option -D_FILE_OFFSET_BITS=64. Could
it be the cause of my misery ???
Hereafter is the code :
#include openssl/ssl.h
if ( (G_store = X509_STORE_new()) == NULL){
trace_s(O_UTL, 0, LV_ERR, Erreur à l'allocation du X509_STORE
pour CAs et CRLs.);
return(-1);
}
CA = Gl_listeCA;
while (CA != NULL){
if (!(err = X509_STORE_add_cert(G_store, CA-x509))) {
trace_si(O_UTL, 0, LV_ERR, Erreur à l'insertion d'un
certificat dans le STORE.CA N° :, CA-num);
X509_NAME_oneline(X509_get_subject_name(CA-x509), bid,
sizeof(bid)-1);
trace_ss(O_UTL, 0, LV_ERR, Sujet :, bid);
X509_NAME_oneline(X509_get_issuer_name(CA-x509), bid,
sizeof(bid)-1);
trace_ss(O_UTL, 0, LV_ERR, Sujet :, bid);
trace_si(O_UTL, 0, LV_ERR, Erreur :, err);
err = ERR_get_error();
trace_ss(O_UTL, 0, LV_ERR, , ERR_error_string(err, NULL));
flush_trace();
}
}
The CA is a structure containing the certificate in 2 formats : DER
and the internal X509 structure and some other informations. Gl_listeCA
is a global chained list of these structures. It's the same architecture
in the running application.
The X509 looks correct : the subject and the issuer are extracted
without any problem in order to print details on the error.
Compilation parameters :
gcc -c -g -ggdb -D_FILE_OFFSET_BITS=64 -Wno-comment -Wno-unused -ansi
-D_BSD_SOURCE -D_XOPEN_SOURCE -Dunix
Both applications are linked with libcrypto and libssl 0.9.8
Thanks in advance for any clue !
--
Francis GASCHET / NUMLOG
http://www.numlog.fr
Tel.: +33 (0) 130 791 616
Fax.: +33 (0) 130 819 286
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
#MFUUJ#openssl-users@openssl.org@alfredo@letti.com.br
Title: E-mail Protegido Esta conta est protegida. Mais informaes: http://www.letti.com.br This account is protected. More info: http://www.letti.com.br Ateno: Voc est recebendo esta mensagem porque enviou um e-mail para uma caixa postal que est protegida pelo Sistema Letti Antispam e, para que seja entregue ao seu destinatrio, necessrio que voc responda esta mensagem clicando em Responder e Enviar. Esta solicitao ser efetuada apenas uma vez. You are receiving this warning because you have sent a message to a mailbox which is protected by the Letti Antispam System. For this message to be delivered to its recipient, it's necessary that you reply to it by pressing Reply and Send. This request will be sent only once. AntiVirus/AntiSpam by Letti Received: (qmail 18793 invoked from network); 13 Jul 2004 02:15:42 - Received: from unknown (HELO xixi) ([EMAIL PROTECTED]) by 127.0.0.1 with SMTP; 13 Jul 2004 02:15:40 - teste ... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Message delayed (openssl-users@openssl.org)
Your message has been delayed and is still awaiting delivery to the following recipient(s): [EMAIL PROTECTED] Message delayed Your message is delayed Message for domain openssl.org delayed at computerland.pl. Unable to deliver to domain for 23 hours. Will continue trying for 24 hours. No action is required on your part. Last attempt failed because: Can't connect to host Reporting-MTA: dns; NS2.computerland.pl Received-From-MTA: dns; incl.clinternal.pl (incl.clinternal.pl [10.2.0.61]) Arrival-Date: Wed, 28 Jan 2004 18:05:47 +0100 Final-Recipient: rfc822; [EMAIL PROTECTED] Action: delayed Status: 4.4.1 (Persistent transient failure - routing/network: no answer from host) Will-Retry-Until: Fri, 30 Jan 2004 16:24:51 +0100 Received: from incl.clinternal.pl (incl.clinternal.pl [10.2.0.61]) by NS2.computerland.pl (Content Technologies SMTPRS 4.3.12) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Wed, 28 Jan 2004 18:05:47 +0100 To: [EMAIL PROTECTED] Subject: Linking C++ std::iostream with BIO MIME-Version: 1.0 X-Mailer: Lotus Notes Wydanie 5.0.9a 7 stycznia 2002 Message-ID: [EMAIL PROTECTED] From: Andrzej Posiadala [EMAIL PROTECTED] Date: Wed, 28 Jan 2004 17:40:20 +0100 X-MIMETrack: Serialize by Router on WEB/ComputerLand/PL(Release 5.0.12 |February 13, 2003) at 2004-01-28 18:09:42, Serialize complete at 2004-01-28 18:09:42 Content-Type: multipart/alternative; boundary==_alternative 005B8FB8C1256E29_= __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
