Overview

File 0001-Fix-ssl-certificate-thumbprint-callback-issue.patch of Package openwsman

From 7d9455d6760706d4d7084833585c277ab38daf82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Fri, 5 Mar 2010 14:07:26 +0100
Subject: [PATCH 1/4] Fix ssl (certificate thumbprint) callback issue

We are seeing an issue where using openwsman client an ssl connection
is not being established even if a valid certificate is available.

This due to a wrong check present in wsman-curl-client-transport.c at
line 336 where we are doing a NULL check for cl->authentication.certificatethumbprint
which is invalid as certificatethumbprint is a array of size 20 of
type char and not a char pointer.

So we must check for length of the string and not a NULL check. Due
to this the callback is set in curl which in-turn sets a callback for
certificate verification in OpenSSL which fails and so does ssl
connection. The callback must not be set as the client has
not set the thumbprint using +wsman_transport_set_certhumbprint()
---
 ChangeLog                             |    4 ++++
 src/lib/wsman-curl-client-transport.c |    3 ++-
 2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f25d72e..e82ed26 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+- Bugfix release:
+  - fix ssl (certificate thumbprint) callback check (Arun Venkatachalam)
+
 2.2.3 final
 - Bugfix release:
   - cleanup: access CMPIString by macro, not by casted direct member access 
diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
index 66ef4be..4e04fba 100644
--- a/src/lib/wsman-curl-client-transport.c
+++ b/src/lib/wsman-curl-client-transport.c
@@ -218,6 +218,7 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data)
 	debug("write_handler: recieved %d bytes, all = %d\n", len, u_buf_len(buf));
 	return len;
 }
+
 #ifdef ENABLE_EVENTING_SUPPORT
 static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
 {
@@ -333,7 +334,7 @@ init_curl_transport(WsManClient *cl)
 #ifdef ENABLE_EVENTING_SUPPORT
 /*  Bug in e.g. Fedora: [ curl-Bugs-1924441 ] SSL callback option with NSS-linked libcurl */
 #ifndef NO_SSL_CALLBACK
-	else if (cl->authentication.certificatethumbprint && 0 != cl->authentication.verify_peer) {
+	else if (strlen((char *)cl->authentication.certificatethumbprint) > 0 && 0 != cl->authentication.verify_peer) {
 		r = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun);
 		if(r != 0) {
 			curl_err("Could not curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION)");
-- 
1.6.4.2
openSUSE Build Service is sponsored by
Places