From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 23 Apr 2013 15:03:31 +0000 (+0300)
Subject: Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes squi
X-Git-Tag: SQUID_3_4_0_1~189
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b865855209358f98cb315fe4b607c05f6f82392a;p=thirdparty%2Fsquid.git

Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes squi
d

The SSL_get_certificate implementation in OpenSSL 1.0.1d and 1.0.1e releases,
will crash if called before the certificate sent to the client.
This patch add a hack when one of the problematic OpenSSL versions used to
retrieve the certificate directly from SSL_CTX object, instead of creating
a temporary SSL object, and call SSL_get_certificate.
---

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index c701bd6bda..883d5ef4a8 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -1452,9 +1452,18 @@ Ssl::generateSslContext(CertificateProperties const &properties, AnyP::PortCfg &
 
 bool Ssl::verifySslCertificate(SSL_CTX * sslContext, CertificateProperties const &properties)
 {
+    // SSL_get_certificate is buggy in openssl versions 1.0.1d and 1.0.1e
+    // Try to retrieve certificate directly from SSL_CTX object
+#if OPENSSL_VERSION_NUMBER == 0x1000105fL || OPENSSL_VERSION_NUMBER == 0x1000104fL
+    X509 ***pCert = (X509 ***)sslContext->cert;
+    X509 * cert = pCert && *pCert ? **pCert : NULL;
+#else
     // Temporary ssl for getting X509 certificate from SSL_CTX.
     Ssl::SSL_Pointer ssl(SSL_new(sslContext));
     X509 * cert = SSL_get_certificate(ssl.get());
+#endif
+    if (!cert)
+        return false;
     ASN1_TIME * time_notBefore = X509_get_notBefore(cert);
     ASN1_TIME * time_notAfter = X509_get_notAfter(cert);
     bool ret = (X509_cmp_current_time(time_notBefore) < 0 && X509_cmp_current_time(time_notAfter) > 0);