5.28 built with libressl 3.3.3 segfaults with cert verification enabled on expired certificates
Issue #990
resolved
With this setting enabled in the config (as soon as this removed it no longer crashes):
set ssl options {
verify: enable
}
and this check:
check host server with address host.domain.tld
if failed port 443 protocol https
for 2 cycles
then alert
bt full is as follows:
#0 0x00007fb82ff5b159 in ASN1_TIME_to_generalizedtime (t=0x0, out=0x0) at asn1/a_time_tm.c:353
tmp = 0x0
tm = {tm_sec = 1528942400, tm_min = 32766, tm_hour = 4709164, tm_mday = 0, tm_mon = 1528941788, tm_year = 32766, tm_wday = 5073008, tm_yday = 0, tm_isdst = 0, tm_gmtoff = 0, tm_zone = 0x0}
str = 0x0
#1 0x000000000047a26b in Ssl_getCertificateValidDays (C=0x19b9e20) at src/ssl/Ssl.c:769
deltadays = 0
t = 0x0
__func__ = "Ssl_getCertificateValidDays"
#2 0x0000000000431dd9 in _testIp (p=0x19b6440) at src/net/socket.c:597
Exception_flag = 1
Exception_frame = {line = 661, env = {{__jmpbuf = {0, 7178093696638085856, 4246784, 140730427369456, 0, 0, 7178093697118333664, -7178455325744731424}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}},
func = 0x4d6edc <__func__.19039> "Ssl_connect", file = 0x4d62f6 "src/ssl/Ssl.c", exception = 0x6e5e18 <IOException>, prev = 0x7ffe5b21d040,
message = "SSL server certificate verification error: certificate has expired", '\000' <repeats 445 times>}
Exception_flag = 0
Exception_frame = {line = 0, env = {{__jmpbuf = {0, 7178093696638085856, 4246784, 140730427369456, 0, 0, 7178093697118333664, -7178455325540914464}, __mask_was_saved = 0, __saved_mask = {__val = {18446744073709551615, 0, 0,
1024, 4294967295, 1621965146, 307686403, 140429050292032, 0, 1621965146, 27001040, 140730427368224, 27001040, 140429047179591, 26967936, 206158430224}}}}, func = 0x7ffe5b21d1e0 "", file = 0x7ffe5b21d120 "",
exception = 0x0, prev = 0x7ffe5b21d980,
message = "\000\322![\376\177\000\000\f\322![\376\177\000\000 4096 \000\000\000\000\001\000\000\000\245ky/\270\177\000\000\307\302\r1\270\177\000\000\232&z/\270\177", '\000' <repeats 18 times>, "\260\033z/\270\177\000\000\200\177\233\001", '\000' <repeats 12 times>, "\320\000\234\001\000\000\000\000\360\347![\376\177", '\000' <repeats 18 times>, "\361Ry/\270\177\000\000\320\000\234\001\000\000\000\000 \343![\376\177\000\000\320\000\234\001\000\000\000\000I\273F", '\000' <repeats 13 times>, "\260\343![\376\177\000\000\002\000\000\000\000\000\000\000"...}
S = 0x19b85e0
r = 0x19b9c40
error = '\000' <repeats 511 times>
is_available = Connection_Failed
result = 0x19b9c40
__func__ = "_testIp"
#3 0x0000000000432236 in Socket_test (P=0x19b6440) at src/net/socket.c:645
start = 1625850049909904
Exception_flag = 0
Exception_frame = {line = 4918599, env = {{__jmpbuf = {0, 7178093696560491232, 4246784, 140730427369456, 0, 0, 7178093696635988704, -7178455324262044960}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 12, 0, 0, 0, 0,
0, 0, 32, 0, 18446744069414584320, 0, 140728898420736, 140728898420748}}}}, func = 0xa <error: Cannot access memory at address 0xa>, file = 0x0, exception = 0x7ffe5b21daa0, prev = 0x7ffe5b21dcc0,
message = "\000\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377", '\000' <repeats 16 times>, "B\rK\000\000\000\000\000\320\336![\376\177", '\000' <repeats 465 times>}
p = 0x19b6440
__func__ = "Socket_test"
#4 0x00000000004421f4 in _checkConnection (s=0x19ba6f0, p=0x19b6440) at src/validate.c:156
Exception_flag = 0
Exception_frame = {line = 0, env = {{__jmpbuf = {0, 7178093697848142560, 4246784, 140730427369456, 0, 0, 7178093696558394080, -7178455350031979808}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}},
func = 0x0, file = 0x0, exception = 0x0, prev = 0x0, message = '\000' <repeats 215 times>...}
retry_count = 1
rv = State_Succeeded
buf = '\000' <repeats 20 times>, "&\000\000\000\260\252\233\001", '\000' <repeats 12 times>, "\300ț\001", '\000' <repeats 13 times>, "\340\347\\\326\366\252\341\060\344![\376\177\000\000\364\204F\000\000\000\000\000\000\000\000\000%\000\000\000\260\252\233\001", '\000' <repeats 12 times>, "\360Ǜ\001\000\000\000\000\000\000\000\000\001\000\000\000\000\340\347\\\326\366\252\341p\344![\376\177\000\000\364\204F\000\000\000\000\000`\000\000\000e\000\000\000\260\252\233\001\000\000\000\000[\000\000\000n\000\000\000\200\371\233\001", '\000' <repeats 13 times>, "\340\347\\\326\366\252\341\260\344![\376\177\000\000\364\204"...
report = '\000' <repeats 1023 times>
#5 0x000000000044b7ff in check_remote_host (s=0x19ba6f0) at src/validate.c:1971
p = 0x19b6440
rv = State_Succeeded
last_ping = 0x0
#6 0x00000000004494f0 in validate () at src/validate.c:1513
state = State_Succeeded
s = 0x19ba6f0
errors = 0
#7 0x0000000000420671 in do_default () at src/monit.c:616
__func__ = "do_default"
#8 0x000000000041faec in do_action (arguments=0x19a1ba0) at src/monit.c:437
action = 0x0
#9 0x000000000041f1f0 in main (argc=1, argv=0x7ffe5b21e7f8) at src/monit.c:175
arguments = 0x19a1ba0
Not sure if applies to openssl, as all my systems are openssl-free.
Comments (4)
-
reporter
-
repo owner
- changed status to resolved
Fixed: Issue
#990: Monit built with libressl may crash during verification of expired certificate.→ <<cset 15817268592c>>
-
repo owner
thanks Vlad for great details and analysis
-
reporter
Always welcome. Thank you for a quick fix.
- Log in to comment
I suspect the reason is
X509_getm_notAfter()returnsNULL.The cert is typical letsencrypt.