You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/05/02 10:34:32 UTC
[Bug 62346] New: LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined
symbol "OPENSSL_malloc_init"
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
Bug ID: 62346
Summary: LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined
symbol "OPENSSL_malloc_init"
Product: Apache httpd-2
Version: 2.4.33
Hardware: PC
OS: FreeBSD
Status: NEW
Severity: blocker
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: gessel@blackrosetech.com
Target Milestone: ---
LibreSSL 2.7.2's inclusion into the ports tree has created a bit of a rash of
issues. Most are documented at https://wiki.freebsd.org/LibreSSL/2.7.
Apache24 is listed as patched and does, in fact, build without glaring errors.
And, after patching a few ports that don't have their patches integrated yet, I
can rebuild all ports without fails
https://forums.freebsd.org/threads/python27-problem-at-packaging-stage.51189/page-2#post-386195
However, in my environment (at least) it will not start - this is on every jail
I have - Apache24 will not start:
httpd: Syntax error on line 130 of /usr/local/etc/apache24/httpd.conf: Cannot
load libexec/apache24/mod_ssl.so into server:
/usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "OPENSSL_malloc_init"
The following innocuous seeming error seems relevant
--- mod_ssl.slo ---
mod_ssl.c:404:5: warning: implicit declaration of function
'OPENSSL_malloc_init' is invalid in C99 [-Wimplicit-function-declaration]
OPENSSL_malloc_init();
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #3 from gessel <ge...@blackrosetech.com> ---
It appears these changes are not fully integrated in the FreeBSD port Apache
v2.4.33
As on my machine
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c:546-551
char *cp;
int protocol = mctx->protocol;
SSLSrvConfigRec *sc = mySrvConfig(s);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int prot;
#endif
Revision 1830522 shows
@@ -582,7 +582,8 @@
char *cp;
int protocol = mctx->protocol;
SSLSrvConfigRec *sc = mySrvConfig(s);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+ (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >=
0x20800000L)
int prot;
#endif
and in httpd/httpd/trunk/modules/ssl/mod_ssl.c:398-404
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
#if MODSSL_USE_OPENSSL_PRE_1_1_API
(void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
Revision 1828222 shows
@@ -407,7 +407,7 @@
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
-#if MODSSL_USE_OPENSSL_PRE_1_1_API
+#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
(void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #6 from gessel <ge...@blackrosetech.com> ---
Thanks Yann,
Yeah, crude and bumbling, but thanks for the new patch. modules/md/md_crypt.c
already has the patch. The ones for modules/ssl/... succeeded.
However, building with the patches yields:
(I reverted the system and successfully test built - of course while the
shipping version builds, it won't start due to the OPENSSL_malloc_init).
--- ssl_engine_init.slo ---
ssl_engine_init.c:54:12: error: static declaration of 'DH_set0_pqg' follows
non-static declaration
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
^
/usr/local/include/openssl/dh.h:195:5: note: previous declaration is here
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
^
1 error generated.
*** [ssl_engine_init.slo] Error code 1
According to some helpful people on the libressl list, it may be sufficient to
simply comment out the OPENSSL_malloc_init(); line. I'm going to revert and
try that next.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #4 from gessel <ge...@blackrosetech.com> ---
Failed attempt below:
make clean && make distclean && make
cd /var/ports/usr/ports/www/apache24/work/httpd-2.4.33/modules/ssl/
mv ssl_engine_init.c ssl_engine_init.c.orig
mv mod_ssl.c mod_ssl.c.orig
mv ssl_private.h ssl_private.h.orig
wget -O ssl_engine_init.c
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?revision=1830522&view=co&pathrev=1830522'
wget -O mod_ssl.c
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?revision=1828222&view=co&pathrev=1828222'
wget -O ssl_private.h
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1828222&view=co&pathrev=1828222'
cd ../md/
mv md_crypt.c.orig md_crypt.c.pre-182822
mv md_crypt.c md_crypt.c.orig
wget -O md_crypt.c
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_crypt.c?revision=1828222&view=co&pathrev=1828222'
cd /usr/ports/www/apache24
make makepatch
make clean && make distclean
portmaster
yields
--- ssl_engine_init.slo ---
ssl_engine_init.c:54:12: error: static declaration of 'DH_set0_pqg' follows
non-static declaration
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
^
/usr/local/include/openssl/dh.h:195:5: note: previous declaration is here
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
^
1 error generated.
*** [ssl_engine_init.slo] Error code 1
:(
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #5 from Yann Ylavic <yl...@gmail.com> ---
Created attachment 35905
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35905&action=edit
Backport r1828222 + r1830522
How about this patch instead?
Your method was quite rough to patch 2.4.33 :)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #1 from gessel <ge...@blackrosetech.com> ---
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
#if MODSSL_USE_OPENSSL_PRE_1_1_API
(void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_load_builtin_engines();
#endif
OpenSSL_add_all_algorithms();
OPENSSL_load_builtin_modules();
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #2 from Yann Ylavic <yl...@gmail.com> ---
(In reply to gessel from comment #1)
> /* We must register the library in full, to ensure our configuration
> * code can successfully test the SSL environment.
> */
> #if MODSSL_USE_OPENSSL_PRE_1_1_API
> (void)CRYPTO_malloc_init();
Here, trunk uses:
#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
This change was part of TLSv1.3 integration (bug 62236), so the full bits may
be r1828222 + r1830522.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #7 from gessel <ge...@blackrosetech.com> ---
FIXED.
https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?r1=1828222&r2=1828221&pathrev=1828222
is sufficient and builds correctly.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol
"OPENSSL_malloc_init"
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62346
--- Comment #8 from Bernard Spil <br...@freebsd.org> ---
Meanwhile, I've committed fixes to the FreeBSD port.
The LibreSSL 2.7 patch I created has been imported in trunk, how do you deal
with backporting to 2.4?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org