Hi,
I am using openssl0.9.8a on Solaris 8. I see a core dump issue when I call
openssl API.
The code is got from O'Reilly openssl book example 5-8. The
post_connection_check is called after TLS handshake is finished. The parameter
ssl and host values are correct. It core dumps at "meth->d2i(NULL, (const
unsigned char **)(&data), ext->value->length)". The meth is not null, data is
also not null. The subjectAltName is as following.
X509v3 Subject Alternative Name:
URI:sip:[EMAIL PROTECTED], URI:pres:[EMAIL PROTECTED],
DNS:ih6g2-iota1.ih.lucent.com
Not sure it is a openssl bug or not. Can anyone help on this issue? Thanks!
Roger
The function got from O'Reilly openssl book example 5-8
long
TLSConnector::post_connection_check(SSL *ssl, const char *host)
{
X509 *cert;
X509_NAME *subj;
char data[256];
int extcount;
int ok = 0;
if (!host) goto err_occured;
if (!(cert = SSL_get_peer_certificate(ssl))) {
return X509_V_OK;
}
if ((extcount = X509_get_ext_count(cert)) > 0)
{
int i;
for (i = 0; i < extcount; i++)
{
const char *extstr;
X509_EXTENSION *ext;
ext = X509_get_ext(cert, i);
extstr =
OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
if (!strcmp(extstr, "subjectAltName"))
{
int j;
unsigned char *data;
STACK_OF(CONF_VALUE) *val;
CONF_VALUE *nval;
X509V3_EXT_METHOD *meth;
if (!(meth = X509V3_EXT_get(ext)))
break;
data = ext->value->data;
val = meth->i2v(meth, meth->d2i(NULL, (const
unsigned char **)(&data), ext->value->length), NULL);
for (j = 0; j < sk_CONF_VALUE_num(val); j++)
{
nval = sk_CONF_VALUE_value(val, j);
if (!strcmp(nval->name, "DNS") &&
!strcmp(nval->value, host))
{
ok = 1;
break;
}
}
}
if (ok) break;
}
}
if (!ok && (subj = X509_get_subject_name(cert)) &&
X509_NAME_get_text_by_NID(subj, NID_commonName, data, 256) > 0)
{
data[255] = 0;
if (strcasecmp(data, host) != 0) {
goto err_occured;
}
}
X509_free(cert);
return X509_V_OK;
err_occured:
if (cert)
X509_free(cert);
return X509_V_ERR_APPLICATION_VERIFICATION;
}
The certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17 (0x11)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=nwsgpb.ih.lucent.com, ST=IL, C=US/[EMAIL PROTECTED], O=Lucent
Validity
Not Before: Jun 19 21:43:49 2006 GMT
Not After : Jun 18 21:43:49 2011 GMT
Subject: CN=ih6g2-iota1.ih.lucent.com, ST=IL, C=US/[EMAIL PROTECTED],
O=Lucent
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b1:37:4e:e1:c0:fc:ce:93:c1:f4:4c:98:b7:42:
cd:9c:e9:4e:24:6a:5e:16:2c:1f:1d:a9:05:fc:b2:
1a:d4:83:fd:29:a9:72:9f:88:da:c5:28:06:82:8b:
66:8a:48:c5:39:5b:84:50:b4:cf:f1:3b:98:cf:bb:
f0:30:91:3f:1e:fa:d5:1f:e4:a1:81:51:fe:f7:99:
8a:07:bb:3a:32:b0:23:dc:63:df:ff:b1:8e:57:d7:
9d:32:98:bf:ce:2a:8e:4e:0a:48:98:29:1c:3b:70:
c7:df:dc:06:8b:1f:77:df:63:ac:14:c3:63:58:bd:
45:06:64:36:30:05:ac:fa:f6:e9:5d:e4:2f:9c:2d:
6e:e2:20:1d:75:d8:1e:d1:50:a2:6f:e0:af:4e:53:
52:4a:36:30:c7:32:f0:a7:20:1d:39:ac:74:e6:01:
1d:f6:f0:12:87:05:bb:5b:ae:6a:76:18:a1:e3:6e:
0c:e1:2e:18:d9:84:82:61:f2:28:87:6a:91:b6:28:
a4:ef:de:5a:8e:1a:ac:d3:3d:23:d8:83:f5:e2:e6:
4a:eb:b1:05:d8:97:11:b8:92:c5:92:cd:04:6e:df:
b3:93:9c:17:ec:43:13:c7:31:5c:27:d5:34:08:86:
b8:d9:d9:88:93:de:38:aa:a3:37:e8:83:4e:73:3c:
5a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:29:1E:85:DC:B3:ED:97:51:E9:95:93:8D:1A:13:45:16:E3:F5:AD
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
URI:sip:[EMAIL PROTECTED], URI:pres:[EMAIL PROTECTED],
DNS:ih6g2-iota1.ih.lucent.com
Signature Algorithm: sha1WithRSAEncryption
90:54:a6:3c:66:1a:e3:93:1c:06:16:c1:d8:4a:73:4c:24:63:
b4:d6:33:0e:61:17:ad:a3:a6:d0:92:90:c0:31:79:af:7c:1d:
81:98:ab:fb:6a:b5:23:99:c1:87:c3:7e:69:b9:f7:5d:cd:a0:
2f:cd:d1:e7:ca:dc:6c:e1:71:10:0f:9a:07:1f:55:88:f3:7d:
9c:cf:d7:31:5c:74:47:fc:2c:7a:73:a4:2f:39:37:65:ab:10:
3e:a5:10:fc:11:50:51:a8:dc:47:ad:9a:ef:87:03:ff:a7:a6:
61:88:79:cf:d8:7f:97:0c:ab:75:40:a4:6d:a3:b6:fa:7e:7d:
22:a0:25:78:49:c0:3a:ba:7a:fb:d8:20:d6:78:2a:2f:9f:e3:
c9:64:63:76:a5:46:5a:61:19:67:8c:3c:45:1f:56:ab:b7:4a:
9c:31:f3:41:76:30:b8:34:68:79:0d:02:d0:b2:af:5a:c9:4c:
77:d0:11:02:64:8a:ad:42:a3:6f:cf:99:02:6e:54:b7:47:a7:
32:03:a4:20:7e:21:3e:17:62:2d:85:2e:c1:dd:25:99:9b:52:
39:0b:8c:4a:03:50:85:95:82:2d:4d:f4:f9:84:29:fd:d9:3d:
ad:c8:79:22:1f:f6:64:81:d2:54:d7:37:14:3d:23:d9:74:00:
e8:5f:fd:d5
The certificate raw data
-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIBETANBgkqhkiG9w0BAQUFADBtMR0wGwYDVQQDExRud3Nn
cGIuaWgubHVjZW50LmNvbTELMAkGA1UECBMCSUwxCzAJBgNVBAYTAlVTMSEwHwYJ
KoZIhvcNAQkBFhJ5aXpob3UxQGx1Y2VudC5jb20xDzANBgNVBAoTBkx1Y2VudDAe
Fw0wNjA2MTkyMTQzNDlaFw0xMTA2MTgyMTQzNDlaMHIxIjAgBgNVBAMTGWloNmcy
LWlvdGExLmloLmx1Y2VudC5jb20xCzAJBgNVBAgTAklMMQswCQYDVQQGEwJVUzEh
MB8GCSqGSIb3DQEJARYSeWl6aG91MUBsdWNlbnQuY29tMQ8wDQYDVQQKEwZMdWNl
bnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxN07hwPzOk8H0TJi3
Qs2c6U4kal4WLB8dqQX8shrUg/0pqXKfiNrFKAaCi2aKSMU5W4RQtM/xO5jPu/Aw
kT8e+tUf5KGBUf73mYoHuzoysCPcY9//sY5X150ymL/OKo5OCkiYKRw7cMff3AaL
H3ffY6wUw2NYvUUGZDYwBaz69uld5C+cLW7iIB112B7RUKJv4K9OU1JKNjDHMvCn
IB05rHTmAR328BKHBbtbrmp2GKHjbgzhLhjZhIJh8iiHapG2KKTv3lqOGqzTPSPY
g/Xi5krrsQXYlxG4ksWSzQRu37OTnBfsQxPHMVwn1TQIhrjZ2YiT3jiqozfog05z
PFqZAgMBAAGjezB5MB0GA1UdDgQWBBSzKR6F3LPtl1HplZONGhNFFuP1rTAJBgNV
HRMEAjAAME0GA1UdEQRGMESGEnNpcDp2a2dAbHVjZW50LmNvbYYTcHJlczp2a2dA
bHVjZW50LmNvbYIZaWg2ZzItaW90YTEuaWgubHVjZW50LmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAkFSmPGYa45McBhbB2EpzTCRjtNYzDmEXraOm0JKQwDF5r3wdgZir
+2q1I5nBh8N+abn3Xc2gL83R58rcbOFxEA+aBx9ViPN9nM/XMVx0R/wsenOkLzk3
ZasQPqUQ/BFQUajcR62a74cD/6emYYh5z9h/lwyrdUCkbaO2+n59IqAleEnAOrp6
+9gg1ngqL5/jyWRjdqVGWmEZZ4w8RR9Wq7dKnDHzQXYwuDRoeQ0C0LKvWslMd9AR
AmSKrUKjb8+ZAm5Ut0enMgOkIH4hPhdiLYUuwd0lmZtSOQuMSgNQhZWCLU30+YQp
/dk9rch5Ih/2ZIHSVNc3FD0j2XQA6F/91Q==
-----END CERTIFICATE-----
The key raw data
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,46A47C5F2F9A4829
oCkhK4JrJbANGJ8kCf2I4ua70aE3Szqq/Lx268h4t1oKI5DORHFitWepWuSFEZku
tnw8yg/4B91eOaaAUOA7vIvWCtHXt4ktEKHnfl3aWFxTnc5hM34PzR+pdyvx6z1+
YFCIyL9GZOhkeH330a6boFEpRz6fJ3CnZb/uSxbrGvR7F82ByxNhqTa3bDA9m+00
tvsv6bhcOCORtZ6CDycxFuxixNn95k7W9U9qk3eeG6iktm3kupwA/v3Xt+vRqPwa
W+gEay1PWEZDmf7YJzRDlGszV+bAdy3xaxcMKgXMDmmswMTKpgINvKDdLni1Nw4u
cByaCi6dyUf/e3YjL4g+vSb911moiUt7p0KX1jYy7pqnfIIDs1FlbGQqycgSDMDM
HDshaAhOhhoH28+7aRT5Tb7XtxOLbCJGn36/hr+ryH/jV34acFvXMKGLzoQLBQ8T
sqrtQCuM7FjvNOmA8RYu8btwQx+2ji1JbbyqSHDTgNYwpJsJSkQXd8eaJqoBWoe+
ouc2WRE2/wC0PoGF0BRoK3LXFAx+/lh540ZEay8F51ZAE54ScVRahSbKAewJ7BM0
8B2jyyolCnSXNn2VMj17Sr9ge6vOpPiSGdauD3F1PhmSTSMesD4I/l2bd/WHfZBJ
d3z6/UgXvtyvKcZIK1+fKm/ulvoRrewVeO6xAJx5S3VjIzwTI6wvCexVqM0xVsiZ
BjJGljg5riQdV2HZ64dOaRi2MOYH/mFAf9v29YJPf+jFUCZmakio36Pz0RzSRNAb
ZdwKu49TeJgSkTOWWwZBETNxCe7J+SRanh+LQdMK8qDCblDyhZOomzd+ZfpgNMGr
OKMyWCBIW3LXyjWPTGakFE9kl54hTJ9besVWLOWHuZzQlm/uPhOqb36f8f5J/HP7
aLOIcoUAsacww6k8sZmDn9T92hPwtR3uP5C1oVOxfk/ErZc5JGouCMWygSaB/2Ea
X8rjt0fkiSIpjIAaLgcFQSNLu8j1Yf6a4gvmSnWv36DL9QvCHzzojpUKN6ChtxEW
j+Lxoh7AGPpq7qeq9mw1m3RhzF712H8bzjLuMSnTHXsWp9y8NlY/JdiWtlIg2EhT
OoJrOmteY5USVPctZreBixb/vxNBX4GrIDiLxVR4jEco7TeBTn/bpmy93Mf/RtYe
y2dowwgmtGbkq1fgRRupqK+UgUW7J2zO4N/o7rAvXKHrzFXNBjMASMaHvuc8O7I7
5OfaRfYRMoixpGaliDZ5FqQHTxZ1jWE+zOzsZOowYckBRrMeQiVWIB5vBDPjeYSs
iZbBURpm94t25iQutFOrbZAO/PNsqYh9k6corCMMk9LfA9knYAhviHnGw67XnWox
VVqBBjRj9JFfoQu1xhCOhAtic2YukZ+rrmJu9/lo2jH/wV4CVfIw5uLFZiI5gxZH
N643oYusZ1MIx/lRjOAZ3Jy/GiOH+b3VT4Yk8W6Wk0xcH30n1Ok0kGQjBv/BaYcp
BQKPFTE9tMVCuBI87Qums1cTPVWfREge4z96uqwM9P9sXY/KNANkyfL2cO6CjL1/
Vv9UFmo4QHyo0Gb6PYJNsAMlQG6B0JjgwPHXn1ZP0zXLL60sk2DotUuSrZKS8xc4
-----END RSA PRIVATE KEY-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
