DO NOT REPLY [Bug 43695] New: - staticly compiled mod_ssl results in missreading OpenSSL version information when displaying Server Tokens

Wed, 24 Oct 2007 13:29:00 -0700 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43695>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43695

           Summary: staticly compiled mod_ssl results in missreading OpenSSL
                    version information when displaying Server Tokens
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


OS: Fedora Core 4
Platform: i386 (also reproduced in VMware)
OpenSSL v0.9.7f

compiling with
./configure --with-mpm=prefork --enable-ssl --disable-status --disable-userdir
--enable-so

results in: (sorry if the character after mod_ssl does not show - this is where
the openssl version should display - in this case it is \x01)
Apache/2.2.6 (Unix) mod_ssl/2.2.6 

In one request - apache reported back all the mime types.
Another time it just appended 'AddType'
Other times it displays a sequence of non-readable (and against RFC) characters.

Screenshot from a header check is here:
http://img509.imageshack.us/img509/3249/screenshothttphttpsheadre8.png

It appears as if it is referencing memory incorrectly.

As a temporary fix - ServerTokens Prod - does the job (which we should be using
anyway).

If I set mod_ssl as shared object - this problem dissapears - and the OpenSSL
version is properly displayed in the header.

Searching forums and such - I found some reports of this problem - but no
responses or solutions.

-chris

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to