httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <champio...@gmail.com>
Subject Re: Fixing more OpenSSL callback crashes
Date Thu, 04 May 2017 17:23:18 GMT
On 05/04/2017 09:39 AM, Jacob Champion wrote:
> On 05/04/2017 09:36 AM, William A Rowe Jr wrote:
>> Ugh... This suggests we've further broken crosscompile, just noticed
>> this based on your comment.
>
> Why? Cross-compilation uses the same fallback mechanism.

To expand on this, there are three choices for implementation for older 
(pre-1.1.0) OpenSSLs:

- Builtin (optimal on some platforms, nonexistent or unsafe on others)
- Deprecated (but believed safe enough for most)
- Dangerous (but still apparently good enough for a bunch of people?)

Builtin is only used if we can *prove* that the builtin implementation 
is available and safe. Some environments (Windows + 1.0.x) are known to 
have safe builtins; everyone else has to run a test.

If we can't run that test for any reason, we fall back to the Deprecated 
implementation. If that API is no longer available (e.g. 
OPENSSL_NO_DEPRECATED is in use), we have no choice but to use the 
Dangerous implementation.

So since we can't run a test executable on a cross-compile target, if 
you're cross-compiling to a platform that isn't "known safe", we'll fall 
back to the Deprecated implementation if it's available. That choice can 
be overridden with a cachevar, if you know your platform guarantees 
safety -- ac_cv_openssl_use_errno_threadid in this case.

--Jacob

Mime
View raw message