From: | Lars Kanis <kanis(at)comcard(dot)de> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Date: | 2009-06-22 13:38:45 |
Message-ID: | 200906221538.52316.kanis@comcard.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Hi Magnus,
thanks for reply.
> > The following patch solves the problem:
>
> This looks good in generael to me. I remember looking at the engine code
> wondering why we didn't do that, but since I don't have a good
> environment to test that part in, I forgot about it :(
>
> Shouldn't there be an ENGINE_free() in the error path of ENGINE_init()?
In the patch it is already there, isn't it?
> Should we not also call ENGINE_finish() and ENGINE_free() in the success
> path of this code? Your patch adds it to the case where we didn't get
> the private key, but what if we did? I assume they should also go
> outside the error path, per the attached patch - or will that break
> their usage?
That's right. I thought about it, but I don't know where the right place is.
> Can you test that and verify that it doesn't break for you?
It breaks with Segmentation fault in my smartcard-based setup. The pkey-handle
is all we have from the engine, when client_cert_cb() is finished. Obviously
the ref-counting of openssl does not take the pkey-handle into account, so we
need to keep the engine_ptr for later freeing.
close_SSL() should be the right place for ENGINE_finish() and ENGINE_free() ?
--
Mit freundlichen Grüßen,
Lars Kanis
Bereichsleiter IT
Tel +49 3745 769 -422
Fax +49 3745 769 -334
eMail: kanis(at)comcard(dot)de
Sie können sich unter http://www.comcard.de unseren Newsletter abonnieren!
ComCard GmbH
Hammerbrücker Straße 3
08223 Falkenstein
Geschäftsführer: Dipl.-Ing. Ralph Siegel
Amtgericht Chemnitz HRB 3255
Ust.ID DE811118514
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2009-06-22 13:55:58 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Previous Message | Magnus Hagander | 2009-06-22 11:31:51 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |