httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Re: Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
Date Mon, 30 Jan 2012 23:43:24 GMT
It's been hell lately - sorry for the sloooooow reply

On 1/19/2012 1:13 AM, Sander Temme wrote:
> Interesting... which version of OpenSSL?  Must be 0.9.7 or 0.9.8, because err_cmp() disappeared
after that.  And the signature doesn't match what we're seeing in the backtrace.  
>
> And which platform? Solaris?  SPARC or x86_64?

I was building on Sparc - but I'll have to try with openssl 1.0.0.

>
>>  ...
> So the combination of directives causes some memory to be overwitten that ends up pointing
outside httpd's allocated address space.  Does the order of the directives matter? 
>
> Which Engine if I may ask?  A fix was applied to the CHIL Engine that removes a dangling
cleanup function pointer which caused a segfault on startup on platforms that vary the address
location in which libraries are loaded (RHEL 5 being a prime example).  I don't remember off
the top of my head which OpenSSL version got the fix.  
>
> Can you reproduce with a non-optimized, debug/symbols enabled build of OpenSSL and Apache?
 With the latest versions of each?  
>
> S.
>

I'll try messing with the order and will let you know how I get on - the
chil engine is the one in use but this is a fairly recent openssl
(0.9.8r). I didn't explicitly enable optimization of either build but
did explicitly add "-g" which seemed to create a build of httpd with
debug symbols but a regular old build of openssl. I have some other
platforms available (RHEL being one of them) and will try soon to see
what I get there.

-- 
Daniel Ruggeri


Mime
View raw message