DRuggeri at primary
Jan 30, 2012, 3:43 PM
It's been hell lately - sorry for the sloooooow reply
Re: Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
[In reply to]
On 1/19/2012 1:13 AM, Sander Temme wrote:
> Interesting... which version of OpenSSL? Must be 0.9.7 or 0.9.8, because err_cmp() disappeared after that. And the signature doesn't match what we're seeing in the backtrace.
> And which platform? Solaris? SPARC or x86_64?
I was building on Sparc - but I'll have to try with openssl 1.0.0.
> So the combination of directives causes some memory to be overwitten that ends up pointing outside httpd's allocated address space. Does the order of the directives matter?
> Which Engine if I may ask? A fix was applied to the CHIL Engine that removes a dangling cleanup function pointer which caused a segfault on startup on platforms that vary the address location in which libraries are loaded (RHEL 5 being a prime example). I don't remember off the top of my head which OpenSSL version got the fix.
> Can you reproduce with a non-optimized, debug/symbols enabled build of OpenSSL and Apache? With the latest versions of each?
I'll try messing with the order and will let you know how I get on - the
chil engine is the one in use but this is a fairly recent openssl
(0.9.8r). I didn't explicitly enable optimization of either build but
did explicitly add "-g" which seemed to create a build of httpd with
debug symbols but a regular old build of openssl. I have some other
platforms available (RHEL being one of them) and will try soon to see
what I get there.