httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Fwd: svn commit: r1748461 - in /httpd/httpd/branches/2.2.x: ./ CHANGES support/ab.c
Date Wed, 15 Jun 2016 16:20:57 GMT
Steffen, thanks for the confirmation about SPKI (although why Windows users
persist in using mod_php over the php-fcgi sapi is beyond me... sigh). Note
that
your hack only works when mod_php and those extensions are built with the
same clib as httpd.exe.

I am concerned that some of the functions for reading/writing certificate
CRL chains
may require this in mod_ssl.so as well. A quick review of
apr_crypto_openssl-1.dll
suggests that none of the functions we use require this stub.

It's also reassuring that others see the value of using this with all
flavors of VC,
and not simply the most problematic VS14/VS15 versions.

In building httpd.exe, some users don't build and install openssl. It isn't
going
to be possible to simply #include <openssl/applink.c> without some
conditional
test. OpenSSL itself is partly the culprit, for not having an
APPLINK_REQUIRED
style macro conditional. But we can work around this in the cmake tests.

I'll look at making this a standard bit of the httpd 2.4 build. We can
likely
add a user-toggled flag to the os/win32/os.h?



---------- Forwarded message ----------
From: Steffen <info@apachelounge.com>
Date: Wed, Jun 15, 2016 at 4:39 AM
Subject: Re: svn commit: r1748461 - in /httpd/httpd/branches/2.2.x: ./
CHANGES support/ab.c
To: dev@httpd.apache.org


I do not understand your conclusion.

Background you find :  https://www.openssl.org/docs/faq.html#PROG2

Also Apachelounge includes applink shim in http.exe with all (VC10/11/14),
this is done in cooperation of the PHP dev's.

Quote:
Yeah, now it turned out, that the SPKI functionality in PHP requires this
shim to be in. The functionality is available since PHP 5.6 and coupled
with Apache could result an unexpected process exit without the solution
mentioned in the OpenSSL FAQ compiled in.

Steffen


On Wednesday 15/06/2016 at 03:33, William A Rowe Jr wrote:

Two quick observations...

Every time OpenSSL was compiled against a different CRT, whether is was a
release build of OpenSSL and a debug build of httpd/ab, or whether OpenSSL
was built under Visual Studio 2012 and httpd/ab was built against VS 2015,
this issue would occur without this patch.

Visual Studio 2015 only magnified or brought this quirk to light.

I'm curious, having seen reports of a Windows specific defect in local CRL
validation, whether this is also required in httpd.

Sadly, OpenSSL only looks for this symbol in the currently executing binary
(recall Win32 is two-level namespace)... we bind libssl/libcrypto to
libaprutil.dll and mod_ssl.so.  Exporting this from httpd.exe isn't
practical.

If that is the root of the other CRL failure observation, I'm not sure that
OpenSSL's hack is going to resolve it for our custom BIO implementation.

Gregg, if you would vet the patch as applied to trunk/2.4/2.2, I'd
appreciate it.
On Jun 14, 2016 3:37 PM, <wrowe@apache.org> wrote:

Author: wrowe
Date: Tue Jun 14 20:37:52 2016
New Revision: 1748461

URL: http://svn.apache.org/viewvc?rev=1748461&view=rev
Log:
abs: Include OPENSSL_Applink when compiling on Windows, to resolve
failures under Visual Studio 2015 and other mismatched MSVCRT flavors.

PR: 59630
Submitted by: Jan Ehrhardt <phpdev ehrhardt.nl>


Modified:
    httpd/httpd/branches/2.2.x/   (props changed)
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/support/ab.c

Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Jun 14 20:37:52 2016
@@ -1,2 +1,2 @@
 /httpd/httpd/branches/2.4.x:1555538,1555559,1648845,1649003,1681034,1682929,1682939,1707123,1722573,1726087
-/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,1368131,136
 8396,1369568,1395225,1398066,1400700,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621453,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,1680942,1681037,1682923,1682937,1684513,1685345,1685347,1685349-1685350,1688274,
 1688536,1688538,1706989,1722572,1726086
+/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,1368131,136
 8396,1369568,1395225,1398066,1400700,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621453,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,1680942,1681037,1682923,1682937,1684513,1685345,1685347,1685349-1685350,1688274,
 1688536,1688538,1706989,1722572,1726086,1745767,1748448

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1748461&r1=1748460&r2=1748461&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Jun 14 20:37:52 2016
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8
-*-
 Changes with Apache 2.2.32

+  *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
+     failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
+     PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
+
   *) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers
to
      use a different scoreboard slot then the original one.  PR 58267.
      [Ruediger Pluem]

Modified: httpd/httpd/branches/2.2.x/support/ab.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=1748461&r1=1748460&r2=1748461&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/ab.c (original)
+++ httpd/httpd/branches/2.2.x/support/ab.c Tue Jun 14 20:37:52 2016
@@ -187,6 +187,14 @@ typedef STACK X509_STACK_TYPE;
 #define SK_VALUE(x,y) sk_X509_value(x,y)
 typedef STACK_OF(X509) X509_STACK_TYPE;

+#if defined(_MSC_VER)
+/* The following logic ensures we correctly glue FILE* within one CRT used
+ * by the OpenSSL library build to another CRT used by the ab.exe build.
+ * This became especially problematic with Visual Studio 2015.
+ */
+#include <openssl/applink.c>
+#endif
+
 #endif

 #if defined(USE_SSL)

Mime
View raw message