Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
openwsman
0001-Fix-ssl-certificate-thumbprint-callback-is...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-ssl-certificate-thumbprint-callback-issue.patch of Package openwsman
From 7d9455d6760706d4d7084833585c277ab38daf82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Fri, 5 Mar 2010 14:07:26 +0100 Subject: [PATCH 1/4] Fix ssl (certificate thumbprint) callback issue We are seeing an issue where using openwsman client an ssl connection is not being established even if a valid certificate is available. This due to a wrong check present in wsman-curl-client-transport.c at line 336 where we are doing a NULL check for cl->authentication.certificatethumbprint which is invalid as certificatethumbprint is a array of size 20 of type char and not a char pointer. So we must check for length of the string and not a NULL check. Due to this the callback is set in curl which in-turn sets a callback for certificate verification in OpenSSL which fails and so does ssl connection. The callback must not be set as the client has not set the thumbprint using +wsman_transport_set_certhumbprint() --- ChangeLog | 4 ++++ src/lib/wsman-curl-client-transport.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index f25d72e..e82ed26 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +- Bugfix release: + - fix ssl (certificate thumbprint) callback check (Arun Venkatachalam) + 2.2.3 final - Bugfix release: - cleanup: access CMPIString by macro, not by casted direct member access diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c index 66ef4be..4e04fba 100644 --- a/src/lib/wsman-curl-client-transport.c +++ b/src/lib/wsman-curl-client-transport.c @@ -218,6 +218,7 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data) debug("write_handler: recieved %d bytes, all = %d\n", len, u_buf_len(buf)); return len; } + #ifdef ENABLE_EVENTING_SUPPORT static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg) { @@ -333,7 +334,7 @@ init_curl_transport(WsManClient *cl) #ifdef ENABLE_EVENTING_SUPPORT /* Bug in e.g. Fedora: [ curl-Bugs-1924441 ] SSL callback option with NSS-linked libcurl */ #ifndef NO_SSL_CALLBACK - else if (cl->authentication.certificatethumbprint && 0 != cl->authentication.verify_peer) { + else if (strlen((char *)cl->authentication.certificatethumbprint) > 0 && 0 != cl->authentication.verify_peer) { r = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun); if(r != 0) { curl_err("Could not curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION)"); -- 1.6.4.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor