Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-6873

enabling the legacy provider in openssl.cnf makes squid -k parse die with a SEGV

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-9.1.0
    • squid
    • Minor
    • sst_cs_infra_services
    • ssg_core_services
    • False
    • Hide

      None

      Show
      None
    • If docs needed, set a value

      Description of problem:
      Enabling the legacy provider in openssl.cnf makes "squid -k parse" die with a SEGV.

      Version-Release number of selected component (if applicable):
      openssl-libs-3.0.1-43.el9_0.x86_64
      squid-5.5-3.el9_1.x86_64

      How reproducible: always (I think)
      Reproduced in a fresh minimal install of RHEL 9.1/x64 in Virtualbox 7 but it was first noticed in a VM hosted by VMware vSphere 7.

      Steps to Reproduce:
      1. Enable (uncomment) the legacy provider in /etc/pki/tls/openssl.cnf

      [provider_sect]
      default = default_sect
      legacy = legacy_sect
      ##
      [default_sect]
      activate = 1

      [legacy_sect]
      activate = 1

      2. Try to parse squid config:
      squid -k parse -f /etc/squid/squid.conf.default

      Actual results:
      ...
      2022/12/22 18:04:29| Initializing https:// proxy context
      2022/12/22 18:04:29| Requiring client certificates.
      Segmentation fault (core dumped)

      Expected results:
      No SEGV by squid -k parse

      Additional info:
      The actual squid config does not matter.
      Also throws a SEGV with an empty squid.conf.

            luhliari@redhat.com Lubos Uhliarik
            whaidinger Walter Haidinger (Inactive)
            Lubos Uhliarik Lubos Uhliarik
            rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated: