diff --git a/CHANGES b/CHANGES index 787a424..e431fd4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@  +Porting: + OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain + conditions: client connection to server with certificate with empty + subject, and pressing ^C after successful connect. + This crash is now prevented by setting OPENSSL_INIT_NO_ATEXIT. + Thanks to Martin Dorey for reporting and analyzing this issue, and for + providing an environment for reproduction. + Testing: Unset SOCAT_MAIN_WAIT on informational Socat calls diff --git a/sslcls.c b/sslcls.c index a05e382..ce8e9c6 100644 --- a/sslcls.c +++ b/sslcls.c @@ -21,7 +21,7 @@ #include "sysutils.h" #include "sycls.h" -#if HAVE_OPENSSL_init_ssl +#if HAVE_OPENSSL_INIT_SSL int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { int result; Debug2("OPENSSL_init_ssl("F_uint64_t", %p)", opts, settings); @@ -31,7 +31,7 @@ int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { } #endif -#if !HAVE_OPENSSL_init_ssl +#if !HAVE_OPENSSL_INIT_SSL void sycSSL_load_error_strings(void) { Debug("SSL_load_error_strings()"); SSL_load_error_strings(); @@ -39,7 +39,7 @@ void sycSSL_load_error_strings(void) { } #endif -#if !HAVE_OPENSSL_init_ssl +#if !HAVE_OPENSSL_INIT_SSL int sycSSL_library_init(void) { int result; Debug("SSL_library_init()"); diff --git a/sslcls.h b/sslcls.h index df1c368..1412f80 100644 --- a/sslcls.h +++ b/sslcls.h @@ -8,7 +8,7 @@ #if WITH_SYCLS #if WITH_OPENSSL -#if HAVE_OPENSSL_init_ssl +#if HAVE_OPENSSL_INIT_SSL int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); #endif void sycSSL_load_error_strings(void); diff --git a/xio-openssl.c b/xio-openssl.c index 58e7884..48fffa2 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -959,11 +959,15 @@ int openssl_delete_cert_info(); /* OpenSSL preparation */ -#if HAVE_OPENSSL_init_ssl +#if HAVE_OPENSSL_INIT_SSL { + uint64_t opts = 0; OPENSSL_INIT_SETTINGS *settings; settings = OPENSSL_INIT_new(); - sycOPENSSL_init_ssl(0, settings); +#ifdef OPENSSL_INIT_NO_ATEXIT + opts |= OPENSSL_INIT_NO_ATEXIT; +#endif + sycOPENSSL_init_ssl(opts, settings); } #else sycSSL_library_init();