duplicate config vars are not reported
I am a new user of lighttpd and was trying to setup fastcgi support for php. After this worked I then tried to make my cgi's work as well. I duplicated the entries that I had. After much time spent on the #lighttpd irc channel weigon_ spent much time helping me along. It was then determined that my duplication of my fastcgi.server section was the cause of my problems. After running ktrace and kdump this duplicate configuration variable was not reported.
hence this ticket.
[mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
provide a safer X590_NAME_oneline() with return value semantics similar
to those of snprintf() and use safer_X509_NAME_oneline() to set
SSL_CLIENT_S_DN when client cert is validated.
The manpage for X509_NAME_oneline() says:
The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.
Besides X509_NAME_oneline() function being deprecated, until fairly recently, there was a security issue with the function, too.
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Also available in: Atom