The problem encountered was found using Apache and mod_ssl.
Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c
Only when using a CRL (without next update) apache would cause a
Segmentation Fault.
mod_ssl calls an openssl library to do a date comparison on next update.
using httpd -X -DSSL, I was able to use gdb to trace the fault.
Is it possible to fix to handle this CRL?
Included is the gdb backtrace and the openssl contents of the crl.
(gdb) backtrace
#0 0x13e574 in X509_cmp_time ()
#1 0x377d4 in ssl_callback_SSLVerify_CRL ()
#2 0x373ac in ssl_callback_SSLVerify ()
#3 0x13e520 in internal_verify ()
#4 0x13e108 in X509_verify_cert ()
#5 0xf7d50 in ssl_verify_cert_chain ()
#6 0x106250 in ssl3_get_client_certificate ()
#7 0x10410c in ssl3_accept ()
#8 0xf1198 in ssl23_get_client_hello ()
#9 0xf0924 in ssl23_accept ()
#10 0x348e8 in ssl_hook_NewConnection ()
#11 0x96424 in new_connection ()
#12 0x97838 in child_main ()
#13 0x97b2c in make_child ()
#14 0x97d2c in startup_children ()
#15 0x9864c in standalone_main ()
#16 0x99264 in main ()
The contents of the CRL:
openssl crl -noout -text -in monash-dirslave1.crl
Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=AU/O=Monash University/CN=Development Certificate
Manager
Last Update: Jul 19 07:23:05 2002 GMT
Next Update: NONE
Revoked Certificates:
Serial Number: 2C
Revocation Date: Jul 19 03:06:02 2002 GMT
Serial Number: 2B
Revocation Date: Jun 19 06:01:21 2002 GMT
Serial Number: 29
Revocation Date: Jun 17 05:24:35 2002 GMT
Serial Number: 26
Revocation Date: Jun 17 03:27:03 2002 GMT
Serial Number: 24
Revocation Date: Jun 19 01:22:20 2002 GMT
Serial Number: 23
Revocation Date: Jun 3 04:47:16 2002 GMT
Serial Number: 21
Revocation Date: Jun 3 04:16:07 2002 GMT
Serial Number: 20
Revocation Date: May 28 23:46:50 2002 GMT
Serial Number: 1F
Revocation Date: Jun 10 23:19:16 2002 GMT
Serial Number: 17
Revocation Date: Jun 19 01:31:23 2002 GMT
Serial Number: 10
Revocation Date: May 28 04:52:58 2002 GMT
Serial Number: 0F
Revocation Date: Apr 16 04:53:43 2002 GMT
Serial Number: 0E
Revocation Date: Apr 16 04:12:06 2002 GMT
Serial Number: 0D
Revocation Date: Apr 16 04:04:33 2002 GMT
Serial Number: 0C
Revocation Date: Apr 16 01:38:55 2002 GMT
Serial Number: 0B
Revocation Date: May 28 02:16:08 2002 GMT
Serial Number: 0A
Revocation Date: Apr 24 00:31:46 2002 GMT
Serial Number: 09
Revocation Date: May 28 04:32:49 2002 GMT
Serial Number: 08
Revocation Date: Mar 27 22:15:00 2002 GMT
Signature Algorithm: sha1WithRSAEncryption
19:d0:a5:1f:67:bf:ca:4b:69:d3:e0:ee:69:f9:45:4f:44:22:
5c:4e:7f:98:be:84:df:2e:d9:85:09:c4:7b:8a:6a:63:9c:ea:
b0:3c:ba:58:f5:c9:85:d8:e0:07:d8:41:96:07:f6:e4:15:f4:
4f:da:cc:1b:e7:4b:5a:80:49:8b:c7:00:c3:27:d2:2e:69:18:
4b:85:06:13:ac:bf:20:fb:4f:fb:89:d5:0e:a8:47:4e:37:2d:
7b:10:8f:e6:b9:b3:77:5c:4d:a6:61:46:36:e2:88:21:49:5b:
72:c4:09:0c:b5:97:44:e5:be:13:a1:3b:70:e5:83:c3:ed:26:
c2:c1
--
Leslie Liew
Directory Assistant, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone: +61 3 990 54542
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
