[Net-ssleay-devel] Net-SSLeay-1.33_01 X509_get_subjectAltNames segfaults on test.eonis.net:443
Mike McCauley
mikem at open.com.au
Wed Feb 20 22:22:37 UTC 2008
Hi Florian,
On Wednesday 20 February 2008 21:43, Florian Ragwitz wrote:
> On Wed, Feb 20, 2008 at 08:50:41PM +1000, Mike McCauley wrote:
> > Hi Florian,
> >
> > On Wednesday 20 February 2008 20:42, Florian Ragwitz wrote:
> > > On Wed, Feb 20, 2008 at 06:39:15PM +1000, Mike McCauley wrote:
> > > > On Wednesday 20 February 2008 16:41, Steffen Ullrich wrote:
> > > > > It looks like that I did not make clear that I already send the bug
> > > > > report to Florian Ragwitz and that he is on it.
> > > > > Sorry for the duplicate bug report.
> > > >
> > > > OK, well, I have checked in a fix now.
> > > > I hope FR is not working on it too. Florian?
> > >
> > > Actually I was. Sorry for not pushing my changes.
> > >
> > > Your fix looks good to me, although I'd just return an SvIV for the
> > > X509_NAME structure for GEN_DIRNAME just like other parts of the api
> > > do.
> >
> > Im not sure what you mean. If tis a DIRNAME, then there is an interesting
> > string. The bug reporters sample certificate had such an interesting
> > DIRNAME string.
>
> I was saying that maybe we shouldn't call X059_NAME_oneline to format
> that X509_NAME but leave it for the users of the api to do as we already
> do in other parts of it where we return X509_NAME structures and
> provide X509_NAME_oneline and other functions for formatting it.
OK, I see. Not to sure what to do about that. My intention was to provide a
simple interface that would suit most people.
>
> > > I'm not totally sure about GEN_OTHERNAME. Are you sure the utf8 string
> > > is everything one could be interested in?
> >
> > Not really. I was just copying some other code. What are you thinking of?
>
> I have no idea. I didn't have the guts to check what that structure
> actually contains.
>
>
> Another question I have is why you used the elements of the GENERAL_NAME
> structure that are marked as "old" in the header file. There also are
> other elements in the d union for every GEN_ constant. Do they provide
> other information than the "old" fields? Do we want to use the old ones
> to be more compatible with old openssls? Shall we check if the new
> fields are there and use the old ones if they aren't?
Tricky. Im inlcined to use the old structures for backweard compatibility,
since we are never really sure what version of openssl is going to be
present.
>
>
> -Flo
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
More information about the Net-ssleay-devel
mailing list