You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/02/28 19:02:23 UTC

[Bug 63212] Unresolved Symbols while building against openssl 1.1.1b

https://bz.apache.org/bugzilla/show_bug.cgi?id=63212

William A. Rowe Jr. <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> ---
The httpd release 2.4.37 has a significant vulnerability and should not be 
used in combination with OpenSSL 1.1.1 or later. Previous versions did not
correctly interoperate with OpenSSL 1.1.1 and later in the first place.

I've just run a build against the following components;
apr-1.6.5       brotli-1.0.7  httpd-2.4.38    openssl-1.1.1b
apr-util-1.6.1  curl-7.64.0   nghttp2-1.36.0

and encountered no problems on Fedora 29.

Please confirm you are building a shared OpenSSL 1.1.1b library, repeat using
the appropriate version of httpd 2.4.38, and if you encounter issues, you may
wish to raise these on users@httpd.apache.org (see
http://httpd.apache.org/lists.html#http-users for info.) This bug tracker is
only for tracking issues with httpd server sources themselves. It may be that
this is a defect of the OpenSSL 1.1.1 AIX build (I no longer have a
reproduction environment.)

If you can reproduce and confirm this is not an openssl defect, please include
the ./configure results of both the OpenSSL and httpd packages you attempted to
combine.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org