From 14c7b357062edf88e350fb95c06847b2c2a2b934 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Sun, 9 Dec 2012 19:23:06 -0500 Subject: [PATCH] OCSP/SNI: set correct callback. Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work had just renamed the variables and theoretically made it more visible. I still missed it. The server_sni context initialisation was setting the OCSP status callback context parameter back on the original server_ctx instead of the new server_sni context. I guess OCSP and SNI aren't being used together in Exim much yet. --- doc/doc-txt/ChangeLog | 5 +++++ src/src/tls-openssl.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9ed827f49..bf8141351 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -143,6 +143,11 @@ GF/01 DCC debug and logging tidyup TF/03 Avoid unnecessary rebuilds of lookup-related code. +PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. + Bug spotted by Jeremy Harris; was flawed since initial commit. + Would have resulted in OCSP responses post-SNI triggering an Exim + NULL dereference and crash. + Exim version 4.80.1 ------------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 08b92bae5..440993585 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -689,7 +689,7 @@ if (cbinfo->server_cipher_list) if (cbinfo->ocsp_file) { SSL_CTX_set_tlsext_status_cb(server_sni, tls_stapling_cb); - SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo); + SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo); } #endif -- 2.30.2