Skip Menu |

This queue is for tickets about the Crypt-SSLeay CPAN distribution.

Report information
The Basics
Id: 121896
Status: new
Priority: 0/
Queue: Crypt-SSLeay
People
Owner: Nobody in particular
Requestors: nerdmachine [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu May 25 14:50:53 2017 nerdmachine [...] gmail.com - Ticket created
Subject: Null CTX causes perl to crash
Date: Thu, 25 May 2017 14:50:08 -0400
To: bug-Crypt-SSLeay [...] rt.cpan.org
From: Duane Bronson <nerdmachine [...] gmail.com>
In this code, ctx could be NULL (i.e., in FIPS mode where a particular SSL version is forbidden) and should be checked before it's used: SSLeay.xs: if(ssl_version == 23) { ctx = SSL_CTX_new(SSLv23_client_method()); } else if(ssl_version == 3) { ctx = SSL_CTX_new(SSLv3_client_method()); } else { #ifndef OPENSSL_NO_SSL2 /* v2 is the default */ ctx = SSL_CTX_new(SSLv2_client_method()); #else /* v3 is the default */ ctx = SSL_CTX_new(SSLv3_client_method()); #endif } SSL_CTX_set_options(ctx,SSL_OP_ALL|0); Thanks, Duane Bronson