[exim-cvs] OCSP/SNI: set correct callback.

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] OCSP/SNI: set correct callback.
Gitweb: http://git.exim.org/exim.git/commitdiff/14c7b357062edf88e350fb95c06847b2c2a2b934
Commit:     14c7b357062edf88e350fb95c06847b2c2a2b934
Parent:     9d6bb16d6af8c4d2c5e2f58d2a6983c03600c35a
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun Dec 9 19:23:06 2012 -0500
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun Dec 9 19:30:02 2012 -0500


    OCSP/SNI: set correct callback.


    Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work
    had just renamed the variables and theoretically made it more visible.
    I still missed it.


    The server_sni context initialisation was setting the OCSP status
    callback context parameter back on the original server_ctx instead of
    the new server_sni context.


    I guess OCSP and SNI aren't being used together in Exim much yet.
---
 doc/doc-txt/ChangeLog |    5 +++++
 src/src/tls-openssl.c |    2 +-
 2 files changed, 6 insertions(+), 1 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9ed827f..bf81413 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -143,6 +143,11 @@ GF/01 DCC debug and logging tidyup

TF/03 Avoid unnecessary rebuilds of lookup-related code.

+PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+      Bug spotted by Jeremy Harris; was flawed since initial commit.
+      Would have resulted in OCSP responses post-SNI triggering an Exim
+      NULL dereference and crash.
+


Exim version 4.80.1
-------------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 08b92ba..4409935 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -689,7 +689,7 @@ if (cbinfo->server_cipher_list)
if (cbinfo->ocsp_file)
{
SSL_CTX_set_tlsext_status_cb(server_sni, tls_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo);
}
#endif