Overview
Features
Download
Documentation
Community
Add-Ons & Services

SecureSocketImpl Segmentation Fault

Please post support and help requests here.

SecureSocketImpl Segmentation Fault

Postby fredouille » 19 Dec 2008, 19:11

Hi,

I have found an issue in Poco::Net::SecureSocketImpl::postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName), at line 444.

I use Poco 1.3.3p1 to develop an SLL server. My platform is RedHat EL5 with OpenSSL 0.9.8i. The server crashes when it tries to extract DNS information from the client certificate. It seems that it is a known problem with the OpenSSL code used in Poco, with higer versions of OpenSSL 0.9.6.

http://webui.sourcelabs.com/openssl/mail/user/threads/Trouble_extracting_DNS_field_from_certificate.meta

The solution seems to use another function: “The right way to do things is to call X509_get_ext_d2i() and examine the
STACK_OF(GENERAL_NAME) you get back (or NULL for an error).”

here is the suggested code:
Code: Select all
/**
 * Extract Common name and DNS names from an X509 certificate.
 */
void
get_cert_names (X509 *certificate,
                std::string& common_name,
                std::vector<std::string>& DNS_names)
{
  DNS_names.clear ();
  common_name.clear ();
  if (certificate == 0)
    {
      return;
    }

  if (STACK_OF (GENERAL_NAME) * names = static_cast<STACK_OF (GENERAL_NAME)
      *>
      (X509_get_ext_d2i (certificate, NID_subject_alt_name, 0, 0)))
    {
      for (int i = 0; i < sk_GENERAL_NAME_num (names); ++i)
        {
          const GENERAL_NAME *name = sk_GENERAL_NAME_value (names, i);
          if (name->type == GEN_DNS)
            {
              const char *data = reinterpret_cast<char *>
                      (ASN1_STRING_data (name->d.ia5));
              size_t len = ASN1_STRING_length (name->d.ia5);
              DNS_names.push_back (std::string (data, len));
            }
        }
      GENERAL_NAMES_free (names);
    }

  if (X509_NAME * subj = X509_get_subject_name (certificate))
    {
      char buffer[256];
      X509_NAME_get_text_by_NID (subj, NID_commonName,
                                 buffer, sizeof buffer);
      common_name = std::string (buffer);
      if (DNS_names.empty ())
        {
          DNS_names.push_back (common_name);
        }
    }
}


Regards,

Fred
fredouille
 
Posts: 1
Joined: 19 Dec 2008, 18:47

Return to Support

Who is online

Users browsing this forum: No registered users and 3 guests

cron