Overview
Features
Download
Documentation
Community
Add-Ons & Services

SSL Manager crashes

A general discussion forum.

SSL Manager crashes

Postby nhasson76 » 17 Dec 2009, 10:25

Hey -

I'm new to POCO and doing some testing using it.
I found a crash in SSL Manager method:
int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore).
The original code was -
Code: Select all
int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore)
{
   if (!ok)
   {
      X509* pCert = X509_STORE_CTX_get_current_cert(pStore);
      X509Certificate x509(pCert);
      int depth = X509_STORE_CTX_get_error_depth(pStore);
      int err = X509_STORE_CTX_get_error(pStore);
      std::string error(X509_verify_cert_error_string(err));
      VerificationErrorArgs args(x509, depth, err, error);
      if (server)
         SSLManager::instance().ServerVerificationError.notify(&SSLManager::instance(), args);
      else
         SSLManager::instance().ClientVerificationError.notify(&SSLManager::instance(), args);
      ok = args.getIgnoreError() ? 1 : 0;
   }

   return ok;
}


The problem is that the X509Certificate object frees the X509 in its destructor.
So I simply increased the reference count.
The fixed code is -
Code: Select all
int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore)
{
   if (!ok)
   {
      X509* pCert = X509_STORE_CTX_get_current_cert(pStore);
      X509Certificate x509(pCert);
      pCert->references++;
      int depth = X509_STORE_CTX_get_error_depth(pStore);
      int err = X509_STORE_CTX_get_error(pStore);
      std::string error(X509_verify_cert_error_string(err));
      VerificationErrorArgs args(x509, depth, err, error);
      if (server)
         SSLManager::instance().ServerVerificationError.notify(&SSLManager::instance(), args);
      else
         SSLManager::instance().ClientVerificationError.notify(&SSLManager::instance(), args);
      ok = args.getIgnoreError() ? 1 : 0;
   }

   return ok;
}



Hope this make sense and can be applied to the source code branch.
nhasson76
 
Posts: 1
Joined: 14 Dec 2009, 17:20

Re: SSL Manager crashes

Postby guenter » 17 Dec 2009, 19:58

This must have been introduced in the last release, while fixing a memory leak with certificates. Reference counting behavior in OpenSSL is really inconsistent :-(
guenter
 
Posts: 1105
Joined: 11 Jul 2006, 16:27
Location: Austria


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest