httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: The drive for 2.4.26
Date Thu, 20 Apr 2017 22:29:38 GMT
Am 20.04.2017 um 21:23 schrieb Jacob Champion:
> On 04/20/2017 07:31 AM, Gregg Smith wrote:
>> ABS doesn't work with openssl 1.1.0, on windows anyway. It builds
>> without warning yet doesn't work.
>>
>> abs https://www.domain.com
>> just sits there forever and never completes or shows anything.
>>
>> I cannot imagine this being a windows only problem.
>
> I haven't tested Windows yet, but in Ubuntu, ab built with OpenSSL 1.1.0
> hangs whether you're using HTTP or HTTPS.
>
> We call OPENSSL_malloc_init(), which in 1.1.0 is documented to be
> unnecessary except "in certain shared-library situations." (I haven't
> found documented examples of these "situations" yet.) This is a macro
> that just sets a bunch of malloc callbacks to their defaults.
>
> Unfortunately on my machine, the "default" functions are actually
> translated into PLT stubs for the linker -- it's a macro call, so it
> uses the executable's addresses for the functions rather than the
> library's. So CRYPTO_malloc calls the PLT stub which calls CRYPTO_malloc
> which calls the PLT stub which recurses into madness. Configuring
> OpenSSL with --debug turns the hang into a stack overflow like we'd expect.
>
> On the one hand, it's arguably an API bug in OpenSSL, but I get the
> feeling that we're not supposed to call most of these initialization
> functions anymore as of 1.1.0.

Thanks for the analysis. So the following patch on trunk works for me 
when using OpenSSL 1.0.1e (on Solaris 10):

Index: support/ab.c
===================================================================
--- support/ab.c        (revision 1792155)
+++ support/ab.c        (working copy)
@@ -2576,8 +2576,6 @@
  #else
  #if OPENSSL_VERSION_NUMBER < 0x10100000L
      CRYPTO_malloc_init();
-#else
-    OPENSSL_malloc_init();
  #endif
  #endif
      SSL_load_error_strings();


The same fix should apply for 2.4.x.

In addition I noticed the following glitch:

Index: support/ab.c
===================================================================
--- support/ab.c        (revision 1792155)
+++ support/ab.c        (working copy)
@@ -2465,14 +2465,14 @@
              case 'B':
                  myhost = apr_pstrdup(cntxt, opt_arg);
                  break;
+            case 'm':
+                method = CUSTOM_METHOD;
+                method_str[CUSTOM_METHOD] = strdup(opt_arg);
+                break;
  #ifdef USE_SSL
              case 'Z':
                  ssl_cipher = strdup(opt_arg);
                  break;
-            case 'm':
-                method = CUSTOM_METHOD;
-                method_str[CUSTOM_METHOD] = strdup(opt_arg);
-                break;
              case 'f':
  #if OPENSSL_VERSION_NUMBER < 0x10100000L
                  if (strncasecmp(opt_arg, "ALL", 3) == 0) {


The "-m" option is independent of SSL use and should be handled outside 
of "#ifdef USE_SSL".

Will apply some time over the weekend if noone does it before.

Regards,

Rainer

Mime
View raw message