httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
Date Tue, 31 Jan 2012 00:49:17 GMT
On 30/01/2012 23:43, Daniel Ruggeri wrote:
> It's been hell lately - sorry for the sloooooow reply
> On 1/19/2012 1:13 AM, Sander Temme wrote:
>> Interesting... which version of OpenSSL?  Must be 0.9.7 or 0.9.8, because err_cmp()
disappeared after that.  And the signature doesn't match what we're seeing in the backtrace.
>> And which platform? Solaris?  SPARC or x86_64?
> I was building on Sparc - but I'll have to try with openssl 1.0.0.
>>>  ...
>> So the combination of directives causes some memory to be overwitten that ends up
pointing outside httpd's allocated address space.  Does the order of the directives matter?

>> Which Engine if I may ask?  A fix was applied to the CHIL Engine that removes a dangling
cleanup function pointer which caused a segfault on startup on platforms that vary the address
location in which libraries are loaded (RHEL 5 being a prime example).  I don't remember off
the top of my head which OpenSSL version got the fix.  
>> Can you reproduce with a non-optimized, debug/symbols enabled build of OpenSSL and
Apache?  With the latest versions of each?  
>> S.
> I'll try messing with the order and will let you know how I get on - the
> chil engine is the one in use but this is a fairly recent openssl
> (0.9.8r). I didn't explicitly enable optimization of either build but
> did explicitly add "-g" which seemed to create a build of httpd with
> debug symbols but a regular old build of openssl. I have some other
> platforms available (RHEL being one of them) and will try soon to see
> what I get there.

The fix in 0.9.8r, the relevant patch is here:

Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775

View raw message