search

pocoproject / poco

The POCO C++ Libraries are powerful cross-platform C++ libraries for building network- and internet-based applications that run on desktop, server, mobile, IoT, and embedded systems.
https://pocoproject.org
Other
8.43k stars 2.17k forks source link

Crash with certificates using Tableau Cloud secure server #4666

Open DevBreakpoint opened 2 months ago

DevBreakpoint commented 2 months ago

We're encountering a crash when trying to log in to a Tableau Cloud server via HTTPS in our C++ application. The issue occurs in Poco's X509Certificate constructor, where the pCert parameter is not initialized, leading to a junk value in the _pCert member variable. This results in a crash during the call to CertDuplicateCertificateContext(). Here’s a snippet of the relevant code: X509Certificate::X509Certificate(PCCERT_CONTEXT pCert, bool shared): _pCert(pCert) { poco_check_ptr(_pCert); if (shared) { _pCert = CertDuplicateCertificateContext(_pCert); } init(); } The same Tableau Cloud server works fine in a browser, and we've also successfully logged in using C# .NET. Both without providing a certificate or keys. The Tableau Servers work as expected within our application, the problem seems to stem from a different code path taken by Poco when setting up the HTTPS connection or at least with a secure Table Cloud server.

Here’s how the HTTPSClientSession is set up in our code: const Poco::Net::Context::Ptr context = new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, "", "", "", Poco::Net::Context::VERIFY_NONE, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); sessionSSL = new HTTPSClientSession(uri.getHost(), uri.getPort(), context); sessionSSL->setKeepAlive(true);

This is the stacktrace:

poco_stacktrace

We are currently using Poco v.1.13 and Windows 11. Visual Studio 2019 using msvc compiler.

Are there known issues with certificate initialization or SSL context handling in this version of Poco? Any recommended fixes or workarounds for ensuring pCert is properly initialized? Any guidance or suggestions would be much appreciated. Thanks!

matejk commented 2 months ago

Thank you very much.

Can you create a PR with code changes that resolve the problem and unit tests?

DevBreakpoint commented 2 months ago

Thank you very much.

Can you create a PR with code changes that resolve the problem and unit tests?

Thanks for your response. I just wanted to clarify that I am reporting the issue as a user and unfortunately, I can't implement the code changes or create a PR myself. I hope the development team can look into this crash and address it.