I have found an issue in Poco::Net::SecureSocketImpl::postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName), at line 444.
I use Poco 1.3.3p1 to develop an SLL server. My platform is RedHat EL5 with OpenSSL 0.9.8i. The server crashes when it tries to extract DNS information from the client certificate. It seems that it is a known problem with the OpenSSL code used in Poco, with higer versions of OpenSSL 0.9.6.
The solution seems to use another function: “The right way to do things is to call X509_get_ext_d2i() and examine the
STACK_OF(GENERAL_NAME) you get back (or NULL for an error).”
here is the suggested code:
Code: Select all
* Extract Common name and DNS names from an X509 certificate.
get_cert_names (X509 *certificate,
if (certificate == 0)
if (STACK_OF (GENERAL_NAME) * names = static_cast<STACK_OF (GENERAL_NAME)
(X509_get_ext_d2i (certificate, NID_subject_alt_name, 0, 0)))
for (int i = 0; i < sk_GENERAL_NAME_num (names); ++i)
const GENERAL_NAME *name = sk_GENERAL_NAME_value (names, i);
if (name->type == GEN_DNS)
const char *data = reinterpret_cast<char *>
size_t len = ASN1_STRING_length (name->d.ia5);
DNS_names.push_back (std::string (data, len));
if (X509_NAME * subj = X509_get_subject_name (certificate))
X509_NAME_get_text_by_NID (subj, NID_commonName,
buffer, sizeof buffer);
common_name = std::string (buffer);
if (DNS_names.empty ())