httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: perl-framework + apache 2.1.9 + openssl-0.9.8a
Date Wed, 23 Nov 2005 15:03:47 GMT
On Wed, Nov 23, 2005 at 03:42:42PM +0100, Oden Eriksson wrote:
> onsdagen den 23 november 2005 15.17 skrev Joe Orton:
> > On Sun, Nov 20, 2005 at 04:43:57PM +0100, Oden Eriksson wrote:
> > > Not so long ago I started packaging apache 2.1.x (rpm) and also run the
> > > perl-framework tests at build time in Mandriva Cooker (development branch
> > > of Mandriva Linux). Ever since I updated openssl-0.9.7i -> openssl-0.9.8a
> > > some ssl tests in the perl-framework stopped working. Is this a known
> > > fact?
> >
> > I see this too now that I have a box running 0.9.8a, all tests which
> > involve a client cert are failing.  It looks like a failure on the
> > client side; from a quick manual test mod_ssl seems to be behaving
> > correctly.  I'll investigate this further.
> >
> > joe
> 
> I forgot to give an update on this. It fixed in Mandriva now. It was because 
> openssl must not be built with these (or one of these) "no-mdc2 no-ec no-ecdh 
> no-ecdsa".

Thanks.  Having spoken to our OpenSSL maintainer it's something more 
specifically to do with zlib compression being enabled by default now in 
0.9.8a.  We're using the below patch for the moment, be careful of the 
patent minefield if you start turning on all those cipher suites.

--- openssl-0.9.8a/ssl/ssl_ciph.c.no-builtin-comp	2005-10-01 01:38:20.000000000 +0200
+++ openssl-0.9.8a/ssl/ssl_ciph.c	2005-11-22 16:08:37.000000000 +0100
@@ -203,6 +203,7 @@
 
 static void load_builtin_compressions(void)
 	{
+#if 0
 	if (ssl_comp_methods != NULL)
 		return;
 
@@ -233,6 +234,7 @@
 		MemCheck_on();
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+#endif
 	}
 #endif
 

Mime
View raw message