diff options
author | Matt Caswell <matt@openssl.org> | 2023-05-09 15:20:04 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-05-24 12:18:33 +0100 |
commit | b946a3eed5c40230955d5acc67884c3fd2fd6b18 (patch) | |
tree | 5a11a5471cc22601967dda03d6f880023bb72840 /ssl | |
parent | bfcf1356f9fdc6ad939f73f2d4e505bd519c33d2 (diff) |
Fix an SSL_trace bug
Ensure that SSL_trace can print certificate data even with a non-default
libctx.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_trce.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 7776a0bea1..b05012f74f 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1268,13 +1268,14 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc return !msglen; } -static int ssl_print_certificate(BIO *bio, int indent, +static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent, const unsigned char **pmsg, size_t *pmsglen) { size_t msglen = *pmsglen; size_t clen; X509 *x; const unsigned char *p = *pmsg, *q; + SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(sc); if (msglen < 3) return 0; @@ -1284,8 +1285,12 @@ static int ssl_print_certificate(BIO *bio, int indent, q = p + 3; BIO_indent(bio, indent, 80); BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); - x = d2i_X509(NULL, &q, clen); - if (!x) + x = X509_new_ex(ctx->libctx, ctx->propq); + if (x != NULL && d2i_X509(&x, &q, clen) == NULL) { + X509_free(x); + x = NULL; + } + if (x == NULL) BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n"); else { BIO_puts(bio, "\n------details-----\n"); @@ -1362,7 +1367,7 @@ static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server BIO_indent(bio, indent, 80); BIO_printf(bio, "certificate_list, length=%d\n", (int)clen); while (clen > 0) { - if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) + if (!ssl_print_certificate(bio, sc, indent + 2, &msg, &clen)) return 0; if (SSL_CONNECTION_IS_TLS13(sc) && !ssl_print_extensions(bio, indent + 2, server, |