httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Re: Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
Date Sat, 03 Mar 2012 00:37:19 GMT
On 2/3/2012 4:57 PM, Daniel Ruggeri wrote:
> On 2/3/2012 12:27 PM, Dr Stephen Henson wrote:
>> Hmm... the ENGINE code is careful not to shutdown an ENGINE if keys exist which
>> make use of it.
>>
>> So there is a possibility that the some chain verification leaves a reference to
>> an RSA key which prevents the ENGINE from closing down completely.
>>
>> In engines/e_chil.c try commenting out the line containing
>> ERR_load_HWCRHK_strings().
>>
>> Only side effect of doing that is you will only get numerical error codes and
>> not error strings.
>>
>> Steve.
> I will try that on Monday. This is a good tip, though, and gives me an
> avenue to explore! Thanks!

Yep! This was ultimately what the problem was - a missing cleanup of the
context after the config stage. Not a problem for straight forward certs
without an engine, but posed a problem in CHIL. Thank you for pointing
this out.

I'm still scratching my head about why the error manifested as a
segfault on Solaris SPARC and as CHIL (validly) complaining/bombing out
on AIX and RHEL. Unfortunately, it seems my debugger gets in the way
when trying to figure this out, so it may be a mystery to me forever.

-- 
Daniel Ruggeri


Mime
View raw message