-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release/7.0] Fix disposing root X.509 certificate prematurely for OCSP stapling #82277
Conversation
This defers disposal of the root certificate when it might be needed for OCSP staple fetching. Before this change, the root certificate would get disposed, giving it a null handle. We would then use this null handle when attempting to build an OCSP request, which OpenSSL would null-deref. For platforms that don't need the root certificate, they dispose of it.
Even though we've fixed the null pointer being passed now, add some defenses so that if we are somehow given a null handle some time in the future, we skip OCSP stapling instead of null derefing in native code.
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue DetailsBackport of #82116 to release/7.0 Customer ImpactTestingRiskIMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.
|
/azp run runtime-libraries-coreclr outerloop-linux |
Azure Pipelines successfully started running 1 pipeline(s). |
Seeing some weird failure related to servicing versions:
Rebasing since I already merged the branding PR and a few dependency flow PRs. Let's see if that makes the error goes away. |
The failures look unrelated. |
Backport of #82116 to release/7.0
Fixes #81964
/cc @bartonjs @vcsjones
Customer Impact
Reported by a customer in #81964. In .NET 7, OCSP server stapling support was added for Linux. Customers that use a certificate chain that has exactly two certificates, including the root, will receive a segfault and the .NET process will crash due to incorrect management of the lifetime of an X.509 certificate when attempting to query the OCSP responder.
This change correctly handles certificate chains with two elements. Additionally, guards were introduced to correctly handle certificates that are in an invalid state.
Testing
Tests were introduced to cover the two certificate element chains.
Risk
Low. The changes are isolated and well understood, and tested.
Closes #81964
IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.