Package: libneon24 Severity: minor Version: 0.24.7.dfsg-2 ne_openssl.c::dup_client_cert() requires that the certificate it is duplicating is decrypted. Although that's a bit weird, what's weirder is that if the certificate *isn't* decrypted, it causes a segfault deep in the bowels of libssl.
So, I recommend adding something like the following to the top of
dup_client_cert():
if (ne_ssl_clicert_encrypted(cc))
{
sprintf(stderr, "ERROR: Cannot duplicate encrypted certificate\n");
exit(1);
}
I'm thoroughly unsure of the error handling, but I'm not familiar with
libneon's internals to know what the correct way to handle it is.
Certainly, it should not just segfault.
Thanks,
- Matt
signature.asc
Description: Digital signature
