[openssl-dev] [openssl.org #4600] Core dump when using -keymatexport and receiving a handshake alert
Hubert Kario via RT
rt at openssl.org
Wed Jun 29 15:24:18 UTC 2016
when s_client receives alert during handshake and is configured to
export keying material, it will crash with a segmentation fault
current 1.0.2 and master are affected
reproducer:
openssl s_client -keymatexport EXPORT-label -connect google.com:443 -cipher IDEA
Result:
CONNECTED(00000003)
140315545597592:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 99 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1467213777
Timeout : 300 (sec)
Verify return code: 0 (ok)
Keying material exporter:
Label: 'EXPORT-label'
Length: 20 bytes
Segmentation fault (core dumped)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4600
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160629/b1851069/attachment-0001.sig>
More information about the openssl-dev
mailing list