Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL context is not getting set in cpp code #1802

Open
vijaygouda opened this issue Sep 2, 2024 · 1 comment
Open

SSL context is not getting set in cpp code #1802

vijaygouda opened this issue Sep 2, 2024 · 1 comment

Comments

@vijaygouda
Copy link

vijaygouda commented Sep 2, 2024
edited
Loading

I am setting ssl context in cpp code which uses cpprestsdk lib to host endpoint server, using boost and openssl also

config.set_ssl_context_callback([](boost::asio::ssl::context& ctx) {
            ctx.set_options(boost::asio::ssl::context::default_workarounds | 
                    boost::asio::ssl::context::no_sslv2 |
                    boost::asio::ssl::context::no_sslv3 |
                    boost::asio::ssl::context::tlsv13);

            std::string cert_chain_file = "path/cert.pem";
            std::string private_key_file = "path/privatekey.pem";
            std::string ca_cert_file = "path/rootcertificate.pem";
                        ctx.use_certificate_chain_file(cert_chain_file);
    ctx.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
    ctx.load_verify_file(ca_cert_file);

    ctx.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
        });

This is how i m setting context to http_listener_config config
I m able to host the server, but when client try to access the server i m getting segmentation fault, code is crashing at

#1  0x00007ffff791515c in CRYPTO_strdup () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#2  0x00007ffff7a8a604 in x509_pubkey_ex_new_ex () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#3  0x00007ffff77c861d in asn1_template_new () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#4  0x00007ffff77c85e5 in asn1_template_new () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#5  0x00007ffff77c8b03 in ASN1_item_new_ex () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#6  0x00007ffff7a8cf12 in X509_new_ex () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#7  0x00007ffff6bf86aa in SSL_CTX_use_certificate_chain_file ()

This is the gdb crash , it says its crashing at setting chain file

One thing is , this is happenning only for openssl 3.1 version and not for openssl 1.1.1
If i m building my same code with ssl 1.1.1 , no error and its working perfectly fine, crash happens only for code built with ssl 3.1 version,
What and how should i set in ssl 3.1 version is there any change in the way setting it?
@yangqun
Copy link

yangqun commented Sep 8, 2024

I did update some libs when installing mysql++ and my program failed to start like you:
Thread 8 "DB" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffecffd640 (LWP 984082)]
0x00005555557abf6e in ossl_namemap_empty ()
(gdb) bt
#0 0x00005555557abf6e in ossl_namemap_empty ()
#1 0x00005555557ac45c in ossl_namemap_stored ()
#2 0x00005555557979b6 in evp_is_a ()
#3 0x000055555590d7ee in EVP_KEYMGMT_is_a ()
#4 0x00005555559fcb18 in ossl_x509v3_cache_extensions ()
#5 0x00005555559fcea2 in ossl_x509_likely_issued ()
#6 0x0000555555803c10 in check_issued ()
#7 0x0000555555801f0b in X509_STORE_CTX_get1_issuer ()
#8 0x00005555558052e9 in build_chain ()
#9 0x0000555555806f16 in verify_chain ()
#10 0x0000555555807fe2 in X509_verify_cert ()
#11 0x00007ffff798abe8 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
#12 0x00007ffff79c27bf in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
#13 0x00007ffff79bfc1c in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
#14 0x00007ffff79c1698 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
#15 0x00007ffff7bff66e in boost::asio::ssl::detail::engine::perform(int (boost::asio::ssl::detail::engine::)(void, unsigned long), void*, unsigned long, boost::system::error_code&, unsigned long*) () from /opt/vcpkg/installed/x64-linux/lib/libcpprest.so.2.10
#16 0x00007ffff7c54a19 in boost::asio::ssl::detail::io_op<boost::asio::basic_stream_socket<boost::asio::ip::tcp, boost::asio::any_io_executor>, boost::asio::ssl::detail::handshake_op, boost::asio::detail::wrapped_handler<boost::asio::io_context::strand, std::_Bind<void (websocketpp::transport::asio::tls_socket::connection::*(std::shared_ptrwebsocketpp::transport::asio::tls_socket::connection, std::function<void (std::error_code const&)>, std::_Placeholder<1>))(std::function<void (std::error_code const&)>, boost::system::error_code const&)>, boost::asio::detail::is_continuation_if_running> >::operator()(boost::system::error_code, unsigned long, int) ()
from /opt/vcpkg/installed/x64-linux/lib/libcpprest.so.2.10

it worked well before update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yangqun @vijaygouda