curl-and-php
Re: Segmentation fault when using CURLOPT_SSLCERT,
Date: Sun, 18 Nov 2007 10:56:31 +0100 (CET)
On Sat, 17 Nov 2007, Mike R wrote:
> I have a problem with php/curl when using sslcert option.
> Without CURLOPT_SSLCERT everything works fine, as soon as i enable it I get a segmentation fault.
[...]
> [ssl_version] => OpenSSL/0.9.7a
This is a very old OpenSSL version. I think I counted *14* known
vulnerabilities in it...
> in a truss output the last few lines read
> :20651 read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 1819
> 20651 read(4, "", 4096) = 0
> 20651 close(4) = 0
> 20651 munmap(0xb7d96000, 4096) = 0
> 20651 open("/tmp/key", O_RDONLY) = 4
> 20651 fstat64(4, {st_mode=S_IFREG|0644, st_size=1819, ...}) = 0
> 20651 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d96000
> 20651 read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 1819
> 20651 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> 20651 +++ killed by SIGSEGV +++
This reading is done by OpenSSL so it could imply a bug in there, so that's
yet another reason to try a newer version...
> When trying to reproduce the issue in development everything works just
> fine.
But are all components of the same version in that?
> I am guessing it's one of the libraries.. but i can't figure out which one.
Now we have a guess! ;-)
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.html _______________________________________________ http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-phpReceived on 2007-11-18