httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@oss-institute.org>
Subject Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Thu, 22 Oct 2009 17:07:27 GMT
Kamesh Jayachandran wrote:
> On 10/22/2009 05:24 PM, Dr Stephen Henson wrote:
>> That's due to the function pointer issues which gcc 4.2 and later
>> doesn't like:
>> this was fixed in newer versions of OpenSSL.
>>
>>    
> 
> Is there any switch we can pass to gcc 4.2 to compile and make it work
> properly.
> 

No. If you really want to use 0.9.8b it needs an older version of gcc or you can
backport the fixes.

They are rather extensive but mainly contained in:

http://cvs.openssl.org/chngview?cn=16526

and

http://cvs.openssl.org/chngview?cn=16528

OpenSSL 0.9.8b doesn't use TLS extensions at all.

>> Do you need TLS extensions on the client/server? If not try compiling
>> OpenSSL
>> with no-tlsext.
>>    
> 
> May not be possible as *client* builds are not in our control.
> 
> I believe no-tlsext does *not* disable TLS functionality itself.
> 

The no-tlsext option disables TLS extension functionality. If that works on the
server side then an alternative workaround could be found.

>> Did you say what version of OpenSSL the failing client was using on
>> Windows?
>>
>>    
> 
> It happens with openssl-0.9.8j on client openssl-0.9.8k on server
> 

Hmm... could be 0.9.8j sending bad data with invalid extension syntax under rare
circumstances.

A packet sniffer or logging the errant extensions received by OpenSSL could help
trace this further.

Steve.
-- 
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org

Mime
View raw message