[openssl-dev] [openssl.org #3642] Bug in OpenSSL 1.0.1j version: Decode error in TLS 1.2 handshake failure from client
Stephen Henson via RT
rt at openssl.org
Tue Jan 6 17:42:08 UTC 2015
On Fri Dec 26 12:19:01 2014, sameerpjoshi at gmail.com wrote:
> Hi,
>
> I see a problem in OpenSSL code and want to confirm if this has been
> already reported as a bug or not.
>
> If the server sends CertificateRequest during TLS handshake in case of
> TLS1.2, the Client processes this request in method
> ssl3_get_certificate_request(SSL* s).
>
> While processing the request it calls tls1_process_sigalgs() method to
> process the signature algorithms.
>
> In this method tls1_process_sigalgs(), its being checked if the s->cert
> pointer is NULL . This actually means the check whether the client has its
> own certificate or not. In case the pointer is NULL, indicating the client
> does not have certificate, the function returns zero or failure. TLS
> handshake fails here with "decode error" owing to
> SSL_R_SIGNATURE_ALGORITHMS_ERROR.
>
Can you actually produce the above error using s_client/s_server?
The s->cert field is not NULL if there is no client certificate: it is a
structure which contains certificate related information which is set up in
SSL_new(). It should never be NULL hence the "Should never happen" comment.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list