[PATCH] ne_ssl_trust_default_ca() segfault

Henrik Holst henrik.holst at millistream.com
Sun May 13 10:37:53 EDT 2012


If one calls ne_ssl_trust_default_ca() on a ne_session that is not set up
for SSL by either ne_session_create() or by the user manually then neon
segfaults.

/Henrik Holst

Index: src/ne_gnutls.c
===================================================================
--- src/ne_gnutls.c    (revision 1883)
+++ src/ne_gnutls.c    (arbetskopia)
@@ -998,9 +998,10 @@
 void ne_ssl_trust_default_ca(ne_session *sess)
 {
 #ifdef NE_SSL_CA_BUNDLE
-    gnutls_certificate_set_x509_trust_file(sess->ssl_context->cred,
-                                           NE_SSL_CA_BUNDLE,
-                                           GNUTLS_X509_FMT_PEM);
+    if (sess->ssl_context)
+        gnutls_certificate_set_x509_trust_file(sess->ssl_context->cred,
+                                               NE_SSL_CA_BUNDLE,
+                                               GNUTLS_X509_FMT_PEM);
 #endif
 }

Index: src/ne_openssl.c
===================================================================
--- src/ne_openssl.c    (revision 1883)
+++ src/ne_openssl.c    (arbetskopia)
@@ -797,8 +797,13 @@

 void ne_ssl_trust_default_ca(ne_session *sess)
 {
-    X509_STORE *store = SSL_CTX_get_cert_store(sess->ssl_context->ctx);
-
+    X509_STORE *store;
+
+    if (!sess->ssl_context)
+        return;
+
+    store = SSL_CTX_get_cert_store(sess->ssl_context->ctx);
+
 #ifdef NE_SSL_CA_BUNDLE
     X509_STORE_load_locations(store, NE_SSL_CA_BUNDLE, NULL);
 #else
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.manyfish.co.uk/pipermail/neon/attachments/20120513/2c664e9d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: neon.diff
Type: application/octet-stream
Size: 1253 bytes
Desc: not available
Url : http://lists.manyfish.co.uk/pipermail/neon/attachments/20120513/2c664e9d/attachment.obj 


More information about the neon mailing list