[xmlsec] Bug 728213 - Segmenation Fault with self signed certificate

Nick Cloward ncloward at instructure.com
Mon May 5 10:20:41 PDT 2014

It depends on openssl c_rehash creating the symlink to the certificate.  Since its self signed it needs to find one thats an exact match in the store.  If those are not there it works just fine.  Our temporary fix for it is removing those symlinks so it cannot match the self signed cert.  

It makes sense that the key type is not correct in xmlSecOpenSSLKeyDataX509VerifyAndExtractKey().

Nick Cloward

On May 1, 2014 at 9:35:27 AM, Aleksey Sanin (aleksey at aleksey.com) wrote:

Just a very general thought is that the key type is not set correctly  
in xmlSecOpenSSLKeyDataX509VerifyAndExtractKey() or somewhere around it.  

Unfortunately, I wasn't able to repro the crash on my centos VM (I might  
be missing the cert you have or something).  


On 5/1/14, 7:57 AM, Nick Cloward wrote:  
> I am mostly just curious on the status of this bug or if anyone has any  
> ideas/thoughts on it. I should have asked here first before submitting  
> a bug report. If its not a real bug we can just close the ticket or  
> mark it as resolved.  
> Here is a link to it: https://bugzilla.gnome.org/show_bug.cgi?id=728213  
> Anyways… What do you think?  
> Thank You!!!  
> --  
> Nick Cloward  
> Software Engineer  
> Canvas by Instructure  
> _______________________________________________  
> xmlsec mailing list  
> xmlsec at aleksey.com  
> http://www.aleksey.com/mailman/listinfo/xmlsec  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140505/6c1be92a/attachment.html>

More information about the xmlsec mailing list