bug handling next update in CRLs

bug handling next update in CRLs

am 23.08.2002 05:04:29 von Leslie Liew

This is a cryptographically signed message in MIME format.

--------------ms32464F2B7EC1CC8AAF500817
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

The problem encountered was found using Apache and mod_ssl.
Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c
Only when using a CRL (without next update) apache would cause a
Segmentation Fault.

mod_ssl calls an openssl library to do a date comparison on next update.
using httpd -X -DSSL, I was able to use gdb to trace the fault.

I have tried openssl support and they believe the problem is in the
function ssl_callback_SSLVerify_CRL().

Is it possible to fix to handle this CRL?

[ while i was attempting to log a bug request I also noticed that the
bug datadase link is broken

Included is the gdb backtrace and the openssl contents of the crl.

(gdb) backtrace
#0 0x13e574 in X509_cmp_time ()
#1 0x377d4 in ssl_callback_SSLVerify_CRL ()
#2 0x373ac in ssl_callback_SSLVerify ()
#3 0x13e520 in internal_verify ()
#4 0x13e108 in X509_verify_cert ()
#5 0xf7d50 in ssl_verify_cert_chain ()
#6 0x106250 in ssl3_get_client_certificate ()
#7 0x10410c in ssl3_accept ()
#8 0xf1198 in ssl23_get_client_hello ()
#9 0xf0924 in ssl23_accept ()
#10 0x348e8 in ssl_hook_NewConnection ()
#11 0x96424 in new_connection ()
#12 0x97838 in child_main ()
#13 0x97b2c in make_child ()
#14 0x97d2c in startup_children ()
#15 0x9864c in standalone_main ()
#16 0x99264 in main ()

The contents of the CRL:
openssl crl -noout -text -in monash-dirslave1.crl
Certificate Revocation List (CRL):
Version 1 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=AU/O=Monash University/CN=Development Certificate
Manager
Last Update: Jul 19 07:23:05 2002 GMT
Next Update: NONE
Revoked Certificates:
Serial Number: 2C
Revocation Date: Jul 19 03:06:02 2002 GMT
Serial Number: 2B
Revocation Date: Jun 19 06:01:21 2002 GMT
Serial Number: 29
Revocation Date: Jun 17 05:24:35 2002 GMT
Serial Number: 26
Revocation Date: Jun 17 03:27:03 2002 GMT
Serial Number: 24
Revocation Date: Jun 19 01:22:20 2002 GMT
Serial Number: 23
Revocation Date: Jun 3 04:47:16 2002 GMT
Serial Number: 21
Revocation Date: Jun 3 04:16:07 2002 GMT
Serial Number: 20
Revocation Date: May 28 23:46:50 2002 GMT
Serial Number: 1F
Revocation Date: Jun 10 23:19:16 2002 GMT
Serial Number: 17
Revocation Date: Jun 19 01:31:23 2002 GMT
Serial Number: 10
Revocation Date: May 28 04:52:58 2002 GMT
Serial Number: 0F
Revocation Date: Apr 16 04:53:43 2002 GMT
Serial Number: 0E
Revocation Date: Apr 16 04:12:06 2002 GMT
Serial Number: 0D
Revocation Date: Apr 16 04:04:33 2002 GMT
Serial Number: 0C
Revocation Date: Apr 16 01:38:55 2002 GMT
Serial Number: 0B
Revocation Date: May 28 02:16:08 2002 GMT
Serial Number: 0A
Revocation Date: Apr 24 00:31:46 2002 GMT
Serial Number: 09
Revocation Date: May 28 04:32:49 2002 GMT
Serial Number: 08
Revocation Date: Mar 27 22:15:00 2002 GMT
Signature Algorithm: sha1WithRSAEncryption
19:d0:a5:1f:67:bf:ca:4b:69:d3:e0:ee:69:f9:45:4f:44:22:
5c:4e:7f:98:be:84:df:2e:d9:85:09:c4:7b:8a:6a:63:9c:ea:
b0:3c:ba:58:f5:c9:85:d8:e0:07:d8:41:96:07:f6:e4:15:f4:
4f:da:cc:1b:e7:4b:5a:80:49:8b:c7:00:c3:27:d2:2e:69:18:
4b:85:06:13:ac:bf:20:fb:4f:fb:89:d5:0e:a8:47:4e:37:2d:
7b:10:8f:e6:b9:b3:77:5c:4d:a6:61:46:36:e2:88:21:49:5b:
72:c4:09:0c:b5:97:44:e5:be:13:a1:3b:70:e5:83:c3:ed:26:
c2:c1

--
Leslie Liew
Directory Assistant, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone: +61 3 990 54542
--------------ms32464F2B7EC1CC8AAF500817
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIIEqQYJKoZIhvcNAQcCoIIEmjCCBJYCAQExCzAJBgUrDgMCGgUAMAsGCSqG SIb3DQEHAaCC
AsowggLGMIICL6ADAgECAgEzMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNVBAYT AkFVMRowGAYD
VQQKExFNb25hc2ggVW5pdmVyc2l0eTEdMBsGA1UEAxMUTW9uYXNoIFVuaXZl cnNpdHkgQ0Ew
HhcNMDIwNTIyMDcyNzU1WhcNMDMwNTIyMDcyNzU1WjCBlzELMAkGA1UEBhMC YXUxGjAYBgNV
BAoTEU1vbmFzaCBVbml2ZXJzaXR5MSgwJgYDVQQLEx9JbmZvcm1hdGlvbiBU ZWNobm9sb2d5
IFNlcnZpY2VzMRQwEgYDVQQDEwtMZXNsaWUgTGlldzEsMCoGCSqGSIb3DQEJ ARYdTGVzbGll
LkxpZXdAaXRzLm1vbmFzaC5lZHUuYXUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAM8v
u4b6cz2FAbMCfzWfaTRJV4rgw79/xI5bwJufklA7vtxvycWx3XWmn1yvTSEs riXnKSyhNX8H
yltLpowq8k/S6/KvS/jCbDgB0L4rJC8/ISKNDkT3cYDVjT73fIl9NtuN+tgt rkJrFWQ6FJLS
Ci8APibGMOHcVRWSrv6da7HxAgMBAAGjcDBuMBEGCWCGSAGG+EIBAQQEAwIF oDAOBgNVHQ8B
Af8EBAMCBsAwKAYDVR0RBCEwH4EdTGVzbGllLkxpZXdAaXRzLm1vbmFzaC5l ZHUuYXUwHwYD
VR0jBBgwFoAUcP8lgkB1Wf0OfK2hjvTNZBGlB+4wDQYJKoZIhvcNAQEFBQAD gYEAdCMahMyu
vzU4bUBDXe9L3ySnksRhVEvL09Q7fQLK5GP7y0VOuie3v4XgGMmAxulHKBy6 AgkaclulH4im
+iy70L62k78FhJrISeNOebUx43cABKgQyuEp3dI8tD5/yFigfsj0/p2b35pI 6B4re36zulh4
+LXIOrXD6yDGy7YE5ngxggGnMIIBowIBATBNMEgxCzAJBgNVBAYTAkFVMRow GAYDVQQKExFN
b25hc2ggVW5pdmVyc2l0eTEdMBsGA1UEAxMUTW9uYXNoIFVuaXZlcnNpdHkg Q0ECATMwCQYF
Kw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3 DQEJBTEPFw0w
MjA4MjMwMzA0MjlaMCMGCSqGSIb3DQEJBDEWBBQFaLKnN5xvvDsTXOWrarvS ClOshjBSBgkq
hkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUr DgMCBzANBggq
hkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgH2L N5nD/KXrdO95
+EPLr+hIey6/L0fStQkLrbysZdlXiFVJU9O0hKkUiIBAZPyJZsNK48atG0AC nRbxMWGaTwiK
isEGNl3WSU9HFelkuOPtcL77ifpJBjTH48mK5KdBNcGBwL6LHlgvaR6dDAsX bvfpV52nQjta
sLck1Q/y8f1o
--------------ms32464F2B7EC1CC8AAF500817--


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org