diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-16 17:40:40 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-30 10:54:02 +0100 |
commit | 4864a232ee7f901388532f65911866ca2478cfa9 (patch) | |
tree | d85c72e4cf7a2a43916bb51c0c36980c722322e9 /doc/man3 | |
parent | d3ef3d01accec8cc373661c7f0dd39541a8df96c (diff) |
Don't attempt to duplicate the BIO state in SSL_dup
SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs
configured for it. This did not work.
Firstly the SSL_dup code was passing a BIO ** as the destination
argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that
parameter. Any attempt to use this will either (1) fail silently, (2) crash
or fail in some other strange way.
Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make
this work.
Thirdly, if rbio == wbio in the original SSL object, then an attempt is made
to up-ref the BIO in the new SSL object - even though it hasn't been set
yet and is NULL. This results in a crash.
This appears to have been broken for a very long time with at least some of
the problems described above coming from SSLeay. The simplest approach is
to just remove this capability from the function.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12245)
Diffstat (limited to 'doc/man3')
-rw-r--r-- | doc/man3/SSL_new.pod | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod index ac4b7a46cd..4986132286 100644 --- a/doc/man3/SSL_new.pod +++ b/doc/man3/SSL_new.pod @@ -73,9 +73,6 @@ L<SSL_set_info_callback(3)> =item any configured Cipher List -=item any BIOs configured on I<s> will have new BIO's created and the BIO state -duplicated via BIO_dup_state(). - =item initial accept (server) or connect (client) state =item the max cert list value set via L<SSL_set_max_cert_list(3)> |