You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2019/02/03 14:16:02 UTC
[Bug 63139] New: apr_crypto_openssl.dll can causean endless loop
with OpenSSL 1.1.x
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
Bug ID: 63139
Summary: apr_crypto_openssl.dll can causean endless loop with
OpenSSL 1.1.x
Product: APR
Version: 1.6.1
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: APR-util
Assignee: bugs@apr.apache.org
Reporter: asf.bugzilla@ehrhardt.nl
Target Milestone: ---
Created attachment 36416
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36416&action=edit
call SSL_library_init() before OPENSSL_malloc_init()
When building Subversion with apr-util 1.6.1 and OpenSSL 1.1.1a on Windows the
crypto-test.exe test ends in an endless loop.
Cause: OPENSSL_malloc_init() is called without preceding SSL_library_init();
Analysis of the bug: https://github.com/nono303/win-svn/issues/3
Comparable report for Serf in the OpenSSL issues:
https://github.com/openssl/openssl/issues/2865
Patch: add SSL_library_init()
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can cause an endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
--- Comment #3 from Jan Ehrhardt <as...@ehrhardt.nl> ---
Did you notice
https://github.com/openssl/openssl/issues/2865#issuecomment-460675702 and the
PR to make OPENSSL_malloc_init() a no-op in
https://github.com/openssl/openssl/pull/8167 ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can cause an endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
William A. Rowe Jr. <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #2 from William A. Rowe Jr. <wr...@apache.org> ---
We need to review whether we want the entire scope of OPENSSL_init_ssl()...
or whether OPENSSL_init_crypto() is sufficient for the needs of APR.
Also worthwhile to confirm that a later OPENSSL_init_ssl() would succeed
following the invocation of OPENSSL_init_crypto().
OPENSSL_init_[crypto|ssl] were introduced in release 1.1.0.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can causean endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
--- Comment #1 from Jan Ehrhardt <as...@ehrhardt.nl> ---
SSL_library_init() has been deprecated in favour of OPENSSL_init_ssl():
https://www.openssl.org/docs/man1.1.0/man3/SSL_library_init.html
I only tested the atch with SSL_library_init()
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can cause an endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
Jan Ehrhardt <as...@ehrhardt.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS|All |Windows 7
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can cause an endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
Jan Ehrhardt <as...@ehrhardt.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |Windows 7
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can causean endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
Jan Ehrhardt <as...@ehrhardt.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
CC| |asf.bugzilla@ehrhardt.nl
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 63139] apr_crypto_openssl.dll can cause an endless loop with
OpenSSL 1.1.x
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
Jan Ehrhardt <as...@ehrhardt.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|apr_crypto_openssl.dll can |apr_crypto_openssl.dll can
|causean endless loop with |cause an endless loop with
|OpenSSL 1.1.x |OpenSSL 1.1.x
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org