[openssl-dev] [openssl.org #4095] X509_STORE_get_by_subject crash
tosif tamboli via RT
rt at openssl.org
Fri Oct 16 09:43:12 UTC 2015
Hi,
below is my application code
sshX509CACertStore = X509_STORE_new();
X509_STORE_set_verify_cb_func(sshX509CACertStore,
sshX509CertVerifyCallback);
pLookup = X509_STORE_add_lookup(sshX509CACertStore,
X509_LOOKUP_file());
X509_LOOKUP_load_file(pLookup,caFile,X509_FILETYPE_PEM)
X509_STORE_CTX_init (pStoreCtx, sshX509CACertStore, pX509, NULL);
ret = X509_verify_cert (pStoreCtx);
in the callback function I just checked for
retVal = X509_STORE_get_by_subject (&storeCtx, X509_LU_CRL,
pSubject, &x509_obj);
retVal = X509_STORE_get_by_subject (&storeCtx, X509_LU_CRL,
pIssuer, &x509_obj);
older openssl used md5 hash and newer doesn't seem to use it
As you mentioned about c_rehash. How should I create new symlink in code.
My application is to verify the certificate and signature in image
It will be helpful if you can provide your inputs for crash of above
application at
X509_STORE_get_by_subject (&storeCtx, X509_LU_CRL,
pIssuer, &x509_obj);
Thanks & regards,
Tosif
On Thu, Oct 15, 2015 at 8:16 PM, Emilia Käsper <rt at openssl.org> wrote:
> This sounds like an application problem.
> 1) Did you recompile your source? 0.9.7 and 1.0.1 are not
> binary-compatible.
> 2) The certificate hash format has changed between 1.0.1 and 0.9.7, which
> could
> explain why the lookup no longer works:
> https://www.openssl.org/docs/manmaster/apps/rehash.html
>
> If the above isn't helpful, try asking for help on openssl-users at .
> Rejecting
> the ticket (though please reopen if you find new evidence that this is a
> bug
> within OpenSSL).
>
> Cheers,
> Emilia
>
>
More information about the openssl-dev
mailing list