[openssl-dev] [openssl.org #4095] X509_STORE_get_by_subject crash
tosif tamboli via RT
rt at openssl.org
Fri Oct 16 09:56:31 UTC 2015
My application is written for vxWorks OS and openssl and vxWorks are part
of the binary that I need to verify
On Fri, Oct 16, 2015 at 3:13 PM, tosif tamboli <tamboli.t at gmail.com> wrote:
> Hi,
>
> below is my application code
> sshX509CACertStore = X509_STORE_new();
>
> X509_STORE_set_verify_cb_func(sshX509CACertStore,
> sshX509CertVerifyCallback);
> pLookup = X509_STORE_add_lookup(sshX509CACertStore,
> X509_LOOKUP_file());
> X509_LOOKUP_load_file(pLookup,caFile,X509_FILETYPE_PEM)
>
> X509_STORE_CTX_init (pStoreCtx, sshX509CACertStore, pX509, NULL);
>
> ret = X509_verify_cert (pStoreCtx);
>
> in the callback function I just checked for
> retVal = X509_STORE_get_by_subject (&storeCtx, X509_LU_CRL,
> pSubject, &x509_obj);
>
> retVal = X509_STORE_get_by_subject (&storeCtx, X509_LU_CRL,
> pIssuer, &x509_obj);
>
> older openssl used md5 hash and newer doesn't seem to use it
> As you mentioned about c_rehash. How should I create new symlink in code.
> My application is to verify the certificate and signature in image
>
> It will be helpful if you can provide your inputs for crash of above
> application at
> X509_STORE_get_by_subject (&storeCtx, X509_LU_CRL,
> pIssuer, &x509_obj);
>
> Thanks & regards,
> Tosif
>
>
> On Thu, Oct 15, 2015 at 8:16 PM, Emilia Käsper <rt at openssl.org> wrote:
>
>> This sounds like an application problem.
>> 1) Did you recompile your source? 0.9.7 and 1.0.1 are not
>> binary-compatible.
>> 2) The certificate hash format has changed between 1.0.1 and 0.9.7, which
>> could
>> explain why the lookup no longer works:
>> https://www.openssl.org/docs/manmaster/apps/rehash.html
>>
>> If the above isn't helpful, try asking for help on openssl-users at .
>> Rejecting
>> the ticket (though please reopen if you find new evidence that this is a
>> bug
>> within OpenSSL).
>>
>> Cheers,
>> Emilia
>>
>>
>
More information about the openssl-dev
mailing list