I'm having problems with the OpenSSL SSL_CTX_load_verify_locations()
routine dumping core on Solaris 8 (sparc, 64-bit). I first noticed
this problem with Apache mod_ssl but it can be reproduced with a
minimal standalone C program which calls SSL_CTX_load_verify_locations
().

I've only experienced this problem with one certain CA bundle file
(see attached ca-bundle.crt.gz). The problem doesn't appear with
OpenSSL release 0.9.7e (and at least d) but starting with f I'm
getting core dumps (tested with i, g, f and 0.9.8a).

Any ideas on what has changed between 0.9.7e and 0.9.7f that may be
causing this?

I'm building OpenSSL and the application using gcc v4.0.2 on Solaris.
The problem does not appear on HP-UX 11i v1 (pa-risc, 64-bit, HP C/
ANSI C compiler), Red Hat Enterprise Linux 3.0 (ia32, gcc) or 4.0
(ia32, gcc).

Here's the code for reproducing the bug:

/*
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
export or=/home/aspa/tmp/openssl098a
coreadm -p core $$
gcc x509catest.c -g -m64 -I$or/include -L$or/lib -lssl -lcrypto -
lsocket -ldl
./a.out
*/
#include
int main() {
char *capath="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt";
char *cafile;
cafile="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/bundle.crt";
cafile="/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/ca-
bundle.crt";
SSL_load_error_strings();
SSL_library_init();
SSL_CTX *ctx = SSL_CTX_new(SSLv3_method());
int r = SSL_CTX_load_verify_locations(ctx, cafile, capath);
printf("SSL_CTX_load_verify_locations: %d\n",r);
}


Here's the stack backtrace from the core file:


#0 0x00000001000639a8 in x509_object_cmp (a=,
b=) at x509_lu.c:161
161 ret=((*a)->type - (*b)->type);
(gdb) bt
#0 0x00000001000639a8 in x509_object_cmp (a=,
b=) at x509_lu.c:161
#1 0xffffffff7ef53a9c in qsort () from /usr/lib/64/libc.so.1
#2 0x000000010004d9ac in sk_sort (st=0x1002351a0) at stack.c:331
#3 0x000000010004dac0 in sk_find (st=0x1002351a0, data=0x100291900
"") at stack.c:227
#4 0x00000001000640f4 in X509_OBJECT_retrieve_match (h=0x1002351a0,
x=0x100291900)
at x509_lu.c:460
#5 0x0000000100064354 in X509_STORE_add_cert (ctx=0x10021db80,
x=0x100257f70)
at x509_lu.c:344
#6 0x00000001000663e8 in X509_load_cert_crl_file (ctx=0x1002354a0,
file=, type=) at
by_file.c:287
#7 0x0000000100066504 in by_file_ctrl (ctx=0x1002354a0, cmd=1,
argp=0x18
, argl=1, ret=0x0) at
by_file.c:120
#8 0x0000000100063858 in X509_LOOKUP_ctrl (ctx=0x0, cmd=1,
argc=0x1000d0210 "/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/
ca-bundle.crt",
argl=1, ret=0x0) at x509_lu.c:117
#9 0x0000000100060258 in X509_STORE_load_locations (ctx=0x10021db80,
file=0x1000d0210 "/home/aspa/kronodoc/dev-3.4/httpd/conf/ssl.crt/
ca-bundle.crt",
path=0x1000d01a0 "/home/aspa/kronodoc/dev-3.4/httpd/conf/
ssl.crt") at x509_d2.c:92
#10 0x0000000100023e64 in main () at x509catest.c:17


Here's the exact build procedure I'm using to build OpenSSL:

# build OpenSSL
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
perl Configure solaris64-sparcv9-gcc no-idea no-shared -g -fPIC --
prefix=/home/aspa/tmp/openssl098a
gmake depend
gmake
gmake test
gmake install


--
aspa

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org