cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: Segmentation fault when using CURLOPT_SSLCERT,

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 18 Nov 2007 10:56:31 +0100 (CET)

On Sat, 17 Nov 2007, Mike R wrote:

> I have a problem with php/curl when using sslcert option.
> Without CURLOPT_SSLCERT everything works fine, as soon as i enable it I get a segmentation fault.

[...]

> [ssl_version] => OpenSSL/0.9.7a

This is a very old OpenSSL version. I think I counted *14* known
vulnerabilities in it...

> in a truss output the last few lines read
> :20651 read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 1819
> 20651 read(4, "", 4096) = 0
> 20651 close(4) = 0
> 20651 munmap(0xb7d96000, 4096) = 0
> 20651 open("/tmp/key", O_RDONLY) = 4
> 20651 fstat64(4, {st_mode=S_IFREG|0644, st_size=1819, ...}) = 0
> 20651 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d96000
> 20651 read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 1819
> 20651 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> 20651 +++ killed by SIGSEGV +++

This reading is done by OpenSSL so it could imply a bug in there, so that's
yet another reason to try a newer version...

> When trying to reproduce the issue in development everything works just
> fine.

But are all components of the same version in that?

> I am guessing it's one of the libraries.. but i can't figure out which one.

Now we have a guess! ;-)

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2007-11-18