[Bug 58956] New: SSL Library Error ssl_undefined_function:called a function you should not call after updating to OpenSSL 1.0.2f

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=58956

            Bug ID: 58956
           Summary: SSL Library Error ssl_undefined_function:called a
                    function you should not call after updating to OpenSSL
                    1.0.2f
           Product: Apache httpd-2
           Version: 2.4.18
          Hardware: Sun
                OS: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: k.j.cher...@gmail.com

Solaris 10/11 (SPARC) + Apache 2.4.18 + OpenSSL 1.0.2f; TLSv1+TLSv1.1+TLSv1.2
enabled.

After updating openssl used by mod_ssl to 1.0.2f I found some strange errors in
my error log:

[2016-02-02 05:55:15.321420] [ssl:info] [pid 14344:tid 56] [C:AA+aphxlm2M]
AH01992: SSL library error 1 reading data
[2016-02-02 05:55:15.321547] [ssl:info] [pid 14344:tid 56] SSL Library Error:
error:140C5042:SSL routines:ssl_undefined_function:called a function you should
not call
[2016-02-02 05:55:15.321613] [ssl:info] [pid 14344:tid 56] SSL Library Error:
error:140C5042:SSL routines:ssl_undefined_function:called a function you should
not call
[2016-02-02 05:55:15.321672] [ssl:info] [pid 14344:tid 56] SSL Library Error:
error:140C5042:SSL routines:ssl_undefined_function:called a function you should
not call
[2016-02-02 05:55:15.321736] [ssl:info] [pid 14344:tid 56] SSL Library Error:
error:140C5042:SSL routines:ssl_undefined_function:called a function you should
not call

I tried to dig a bit deeper into this, looking for what caused this errors, and
I found this commit in the OpenSSL:
https://github.com/openssl/openssl/commit/f73c737c7ac908c5d6407c419769123392a3b0a9

Looks like this was the part causing problems:
-    if ((s != NULL) && !SSL_in_init(s))
-        return (s->method->ssl_shutdown(s));
-    else
-        return (1);
+    return s->method->ssl_shutdown(s);

I rebuilt 1.0.2f adding this checks back in ssl_lib.c, and the errors is no
longer appearing. Looks like the code triggering this errors is in
mod_ssl/ssl_util_ssl.c (int modssl_smart_shutdown(SSL *ssl)).
The errors appear in different conditions -- there may be some successfull
requests served in keep-alive connection -- so no constant pattern here,
unfortunately.

I don't really know how this happens, since I was unable to reproduce such
errors in testing environments, and I'm not sure whether it is a bug in Apache
or in OpenSSL.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org