[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: Verifying certificates with IPv6 crashes

From: Simon Josefsson
Subject: [Help-gnutls] Re: Verifying certificates with IPv6 crashes
Date: Mon, 29 Jan 2007 20:16:16 +0100
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.92 (gnu/linux)

John Brooks <address@hidden> writes:

> #0  0xb76f6e5d in gnutls_auth_get_type () from /usr/lib/
> #1  0xb76fb42d in gnutls_certificate_verify_peers2 () from
> /usr/lib/
> #2  0xb7748d61 in ModuleSSLGnuTLS::VerifyCertificate (this=0x80c7050,
> session=0x80c70c8, user=0x8110f9c)
>    at m_ssl_gnutls.cpp:668
> This happens only on sockets that are IPv6; IPv4 works fine. Since it
> crashes inside gnutls, my best guess is that something isn't properly
> handling IPv6 there; I went over our code quickly and didn't see
> anything that involved the IP that might be a problem..
> If you need more specifics on our implementation, see:
> (Specifically, void VerifyCertificate(issl_session* session,
> Extensible* user))

The GnuTLS library is generally not aware of IPv4 vs IPv6 differences,
so without more information, I'm not sure that is the best theory.
The function you indicate is quite short:

  int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;

    _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
                              current_cipher_suite), server);

If code like that crashes, it probably means that the session variable
is NULL or garbled.

Please build a local copy of GnuTLS and re-run 'gdb' single-stepping
before the crash.  Running the binary under valgrind might help too.

Btw, have you looked at the GnuTLS C++ library?  If you are using C++,
it might be more appropriate.  However, few have tried it, and there
are no documentation or examples, so you are on your on. :)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]