Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-90513

Check whether SSL_get0_verified_chain returns null before consuming it

    • Server Security
    • Fully Compatible
    • ALL
    • v8.0, v7.3, v7.0, v6.0, v5.0
    • Security 2024-05-27

      SSL_get0_verified_chain sometimes returns null if the peer did not supply a certificate or if the SSL context somehow got reset. We store the output of this into a UniqueStackOfX509 object, which is simply a unique_ptr that wraps around the stack_st_X509 pointer returned by the OpenSSL call. However, we pass that raw pointer directly into X509_chain_up_ref before returning the unique_ptr. This should be preceded by a nullptr check to ensure that SSL_get0_verified_chain did not return null.

            Assignee:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: