Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 858885737c1d2672d5b1ba80a58c0bb585a0b981
commit858885737c1d2672d5b1ba80a58c0bb585a0b981[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Thu Feb 27 14:48:35 2020 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Thu Feb 27 14:48:35 2020 +0100
treeb49a03fe297ea804f96316da99395e1e5656f6b1
parent530408f976e5fe2f2f2b4b733b39da36770b566f [diff]
BUG/MEDIUM: ssl: chain must be initialized with sk_X509_new_null()

Even when there isn't a chain, it must be initialized to a empty X509
structure with sk_X509_new_null().

This patch fixes a segfault which appears with older versions of the SSL
libs (openssl 0.9.8, libressl 2.8.3...) because X509_chain_up_ref() does
not check the pointer.

This bug was introduced by b90d2cb ("MINOR: ssl: resolve issuers chain
later").

Should fix issue #516.
1 file changed
tree: b49a03fe297ea804f96316da99395e1e5656f6b1
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION