httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <>
Subject Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
Date Wed, 18 Jan 2012 16:40:02 GMT
   I stumbled across this yesterday and was hoping some of our more
experienced openssl developers may be able to offer suggestions on how I
can track this down. I've been testing on 2.2.21 though the code should
be the same in trunk/2.4. The patch I've applied is currently proposed
for backport in 2.2 (and works fine until using an openssl engine).

Patch applied to 2.2.21 distribution - trunk already has this:

When the new SSLProxyMachineCertificateChainFile directive is set at the
same time SSLCryptoDevice is set, a segfault occurs during
ssl_hook_pre_config while calling SSL_load_error_strings. The backtrace
I gathered with dbx points to something deeper inside openssl, but I'm
sure I've done something to cause it.

t@1 (l@1) signal SEGV (no mapping at the fault address) in err_cmp at
0xffffffff7ab05540: err_cmp       :     ld       [%o0 + 4], %o3
Current function is ssl_hook_pre_config (optimized)
  280       SSL_load_error_strings();
(dbx) where
current thread: t@1
  [1] err_cmp(0xffffffff7ae542a8, 0xffffffff7fff9470, 0x22cd,
0x100251f30, 0xac, 0xab), at 0xffffffff7ab05540
  [2] lh_retrieve(0x10023aa80, 0xffffffff7fff9470, 0x14064057, 0x57,
0x10024edc8, 0xffffffff7ab05540), at 0xffffffff7ab034bc
  [3] int_err_get_item(0xffffffff7fff9470, 0xffffffff7acb4528, 0x14520,
0xffffffff7aca0008, 0x19b904, 0x14400), at 0xffffffff7ab0476c
  [4] ERR_func_error_string(0x64, 0xffffffff7acbdf48, 0x14520,
0xffffffff7acbdf48, 0xffffffff7acb4528, 0x14400), at 0xffffffff7ab053d0
  [5] ERR_load_SSL_strings(0x0, 0xffffffff77e542a8, 0xffffffff77e4f0d0,
0x51d8, 0x105df4, 0x5000), at 0xffffffff77d492f8
=>[6] ssl_hook_pre_config(pconf = ???, plog = ???, ptemp = ???)
(optimized), at 0xffffffff77f08f04 (line ~280) in "mod_ssl.c"
  [7] ap_run_pre_config(pconf = ???, plog = ???, ptemp = ???)
(optimized), at 0x10004cfe4 (line ~85) in "config.c"
  [8] main(argc = ???, argv = ???) (optimized), at 0x100031954 (line
~709) in "main.c"

For reference, removing one directive or the other avoids the segfault.
This seems to be brought on by the combination of the two (and possibly
the engine implementation).

Any ideas?

Daniel Ruggeri

View raw message