httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Fixing more OpenSSL callback crashes
Date Thu, 04 May 2017 06:25:00 GMT


On 04/19/2017 05:54 PM, Jacob Champion wrote:
> On 04/12/2017 11:34 AM, Jacob Champion wrote:
>> It's probably worth noting at this point that, even if &errno is unsafe:
>>
>> - Windows and BeOS users are still handled explicitly by default in 1.0.x.
>> - If OpenSSL still provides the deprecated CRYPTO_set_id_callback(), we
>> can use it instead. We're not making use of the pointer-based THREADID
>> implementation like we should be, heh, so we're not really getting a
>> benefit out of the new system.
>> - This whole problem goes away in 1.1.x.
> 
> Latest trunk now takes care of all of these cases -- if you're not on a platform that
has a known safe default
> implementation, we'll use CRYPTO_set_id_callback() instead, falling back to the THREADID
stuff only as a last resort.

Just as a heads up as I currently don't have time to investigate further. I get the below
on CentOS 6.9 64 bit, which
puzzles me a little bit as I would expect the errno addresses to be different in different
threads on my OS.

[Thu May 04 06:17:13.723918 2017] [ssl:notice] [pid 2629:tid 140039001335552] AH10028: using
deprecated
CRYPTO_set_id_callback for OpenSSL


OpenSSL used is the one delivered by CentOS: openssl-1.0.1e-57.el6.x86_64

Regards

RĂ¼diger


Mime
View raw message