Hi Rodrigo, Rodrigo Arias <rodarima@gmail.com> wrote:
This patch should get rid of the segfault, but I need to take a closer look and see if we are handling it well for LibreSSL, as they expose headers from version 2 from OpenSSL.
---8<--- diff --git a/src/IO/tls_openssl.c b/src/IO/tls_openssl.c index 3345a0dc..d1df2315 100644 --- a/src/IO/tls_openssl.c +++ b/src/IO/tls_openssl.c @@ -471,14 +471,12 @@ static bool_t Tls_check_cert_strength(SSL *ssl, Server_t *srv, int *choice) char buf[buflen]; int rc, i, n = sk_X509_num(sk); X509 *cert = NULL; - EVP_PKEY *public_key; int key_type, key_bits; const char *type_str; BIO *b;
for (i = 0; i < n; i++) { cert = sk_X509_value(sk, i); - public_key = X509_get_pubkey(cert);
/* We are trying to find a way to get the hash function used * with a certificate. This way, which is not very pleasant, puts @@ -521,6 +519,10 @@ static bool_t Tls_check_cert_strength(SSL *ssl, Server_t *srv, int *choice) if (print_chain) MSG("%s ", buf);
+ EVP_PKEY *public_key = X509_get_pubkey(cert); + if (public_key == NULL) + continue; + #if OPENSSL_VERSION_NUMBER < 0x30000000L key_type = EVP_PKEY_type(EVP_PKEY_id(public_key)); #else ---8<---
Thanks! Now the segfault is gone: Nav_open_url: new url='https://www.ssllabs.com:10446/' Dns_server [0]: www.ssllabs.com is 69.67.183.100 Connecting to 69.67.183.100:10446 www.ssllabs.com:10446: TLSv1.2, cipher ECDHE-ECDSA-AES256-GCM-SHA384 ecdsa-with-SHA256 384-bit EC: /C=US/ST=California/L=Foster City/O=Qualys, Inc./OU=SSLLabs CurveBall Leaf/CN=www.ssllabs.com ecdsa-with-SHA256 root: /C=US/ST=California/L=Foster City/O=Qualys, Inc./OU=SSLLabs/CN=SSLLabs CurveBall CA SSL_read() failed: error:10FFF010:elliptic curve routines:CRYPTO_internal:EC lib SSL_read() failed: error:10FFF07F:elliptic curve routines:CRYPTO_internal:pkparameters2group failure SSL_read() failed: error:10FFF010:elliptic curve routines:CRYPTO_internal:EC lib SSL_read() failed: error:10FFF08E:elliptic curve routines:CRYPTO_internal:decode error SSL_read() failed: error:0BFFF07D:x509 certificate routines:CRYPTO_internal:public key decode error Tls_close_by_key: Avoiding SSL shutdown for: https://www.ssllabs.com:10446/ Premature close for https://www.ssllabs.com:10446/ Regards, Alex