Old versions of OpenSSL stored a valid flag in the certificate (see inline code
comment for details) that if already set, causes parts of the verification to
be skipped and return that the certificate is valid, even if it's not actually
signed by the CA in the trust store.
This issue was assigned CVE-2025-48057.
`X509_STORE_CTX_get_error(csc)` was called after `X509_STORE_CTX_free(csc)`.
This is fixed by automatically freeing variables at the end of the function
using `std::unique_ptr`.
As seen in the recent GHA run for #10102, the two Windows Actions have
failed. The output log contains:
> DEBUG: 27+ >>>> ctest.exe -C "${env:CMAKE_BUILD_TYPE}" -T test -O $env:ICINGA2_BUILDPATH/Test.xml
> --output-on-failure --log_level=all
> CMake Error: Unknown argument: --log_level=all
> CMake Error: Run 'ctest --help' for all supported options.
After consulting ctest(1), older versions included, I have never found a
mention of the "--log_level" flag. Since the useful
"--output-on-failure" flag is already set, which will "[o]utput anything
outputted by the test program if the test should fail", I do not see any
further reason for more logging information.
This flag was introduced in 7665143afa500dd589546665124293b9c1206265,
but I have not found any reasoning for the flag in particular.
The previous validation in set_verify_callback() could be bypassed, tricking
Icinga 2 into treating invalid certificates as valid. To fix this, the
validation checks were moved into the IsVerifyOK() function.
This is tracked as CVE-2024-49369, more details will be published at a later time.
Raspbian builds were running on Ubuntu 20.04 but with qemu-user-static from Ubuntu 21.10 (impish) due to need for newer features. However, the impish package repos are no longer available as that version reached its EOL. ubuntu-latest still refers to 20.04 on GitHub Actions but 22.04 is already available when explicitly specified. This commit switches the build over to that version and removes the workaround.
The very same object is already serialized a few lines above, the result is
even stored in a variable, but that variable was not used before. Simply using
this variable results in a noticeable improvement of config validation times.
Apparently there was a reason for making the members of generated classes
atomic. However, this was only done for some types, others were still accessed
using non-atomic operations. For members of type T::Ptr (i.e. intrusive_ptr<T>),
this can result in a double free when multiple threads access the same variable
and at least one of them writes to the variable.
This commit makes use of std::atomic<T> for more T (it removes the additional
constraint sizeof(T) <= sizeof(void*)) and uses a type including a mutex for
load and store operations as a fallback.
