diff options
| author | Matt Caswell <matt@openssl.org> | 2020-06-16 17:40:40 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-06-23 12:46:47 +0100 |
| commit | 7cccecc0b64e8c273c36a69eab22d942d12209a1 (patch) | |
| tree | 4292d0f16bb145c23a20c44733208a1b7736b476 /doc/man3/SSL_new.pod | |
| parent | 457751fb48d8f6c31f32cdc1bcfcc376db98bacb (diff) | |
| download | openssl-7cccecc0b64e8c273c36a69eab22d942d12209a1.tar.gz | |
Don't attempt to duplicate the BIO state in SSL_dup
SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs
configured for it. This did not work.
Firstly the SSL_dup code was passing a BIO ** as the destination
argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that
parameter. Any attempt to use this will either (1) fail silently, (2) crash
or fail in some other strange way.
Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make
this work.
Thirdly, if rbio == wbio in the original SSL object, then an attempt is made
to up-ref the BIO in the new SSL object - even though it hasn't been set
yet and is NULL. This results in a crash.
This appears to have been broken for a very long time with at least some of
the problems described above coming from SSLeay. The simplest approach is
to just remove this capability from the function.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)
Diffstat (limited to 'doc/man3/SSL_new.pod')
| -rw-r--r-- | doc/man3/SSL_new.pod | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod index 4d963d10d8..659b6d6738 100644 --- a/doc/man3/SSL_new.pod +++ b/doc/man3/SSL_new.pod @@ -73,9 +73,6 @@ L<SSL_set_info_callback(3)> =item any configured Cipher List -=item any BIOs configured on I<s> will have new BIO's created and the BIO state -duplicated via BIO_dup_state(). - =item initial accept (server) or connect (client) state =item the max cert list value set via L<SSL_set_max_cert_list(3)> |