AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Other
258
stars
105
forks
source link
Patch for OpenVPN certificate setting behavioral difference #1643
SSL_CTX_set_client_CA_list in AWS-LC creates a copy and frees the passed in parameter while OpenSSL stores a reference and leaves the passed in parameter untouched. The function contract states it is taking ownership of the passed in parameter and consuming applications should not expect to have continued access to the passed in parameter. However, OpenVPN code accesses the parameter immediately after an invocation to SSL_CTX_set_client_CA_list. This worked when building with OpenSSL but in AWS-LC it does not.
Changes:
A small patch to account for this functionality difference in OpenVPN code.
Changes to the documentation for SSL_CTX_set_client_CA_list & SSL_set_client_CA_list to make their behavior clearer
A callout in the porting guide
Testing:
N/A
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
Description of changes:
SSL_CTX_set_client_CA_list in AWS-LC creates a copy and frees the passed in parameter while OpenSSL stores a reference and leaves the passed in parameter untouched. The function contract states it is taking ownership of the passed in parameter and consuming applications should not expect to have continued access to the passed in parameter. However, OpenVPN code accesses the parameter immediately after an invocation to SSL_CTX_set_client_CA_list. This worked when building with OpenSSL but in AWS-LC it does not.
Changes:
Testing:
N/A
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.