Re: Apache 2.4.37 SSL_CTX_set_post_handshake_auth error

Mon, 05 Nov 2018 08:02:05 -0800 

Hi Stuart,

Thanks however with the those fixes mentioned in ssl_engine_init.c I hit the
following error when compiling, any ideas?

/usr/bin/libtool --silent --mode=compile cc -pthread -D_POSIX_THREADS
-DAPR_POOL_DEBUG=1 -I.
-I/root/openbsd64_distsrv_install/httpd-2.4.37/os/unix
-I/root/openbsd64_distsrv_install/httpd-2.4.37/include
-I/usr/local/include/apr-1/ -I/usr/local/include -I/usr/local/include/db4
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/aaa
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/cache
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/core
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/database
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/filters
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ldap
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/loggers
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/lua
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/proxy
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/http2
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/session
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ssl
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/test
-I/root/openbsd64_distsrv_install/httpd-2.4.37/server
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/md
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/arch/unix
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/dav/main
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/generators
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/mappers -prefer-pic
-c ssl_engine_init.c && touch ssl_engine_init.slo
ssl_engine_init.c:1495:45: error: expected value in expression
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL &&
                                            ^
1 error generated.
Error while executing cc -pthread -D_POSIX_THREADS -DAPR_POOL_DEBUG=1 -I.
-I/root/openbsd64_distsrv_install/httpd-2.4.37/os/unix -
I/root/openbsd64_distsrv_install/httpd-2.4.37/include
-I/usr/local/include/apr-1/ -I/usr/local/include -I/usr/local/include/db4 -I
/root/openbsd64_distsrv_install/httpd-2.4.37/modules/aaa
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/cache
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/core
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/database
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/filters
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ldap
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/loggers
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/lua
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/proxy
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/http2
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/session
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ssl
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/test
-I/root/openbsd64_distsrv_install/httpd-2.4.37/server
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/md
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/arch/unix
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/dav/main
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/generators
-I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/mappers -c
ssl_engine_init.c -fPIC -DPIC -o .libs/ssl_engine_init.o
*** Error 1 in modules/ssl
(/root/openbsd64_distsrv_install/httpd-2.4.37/build/rules.mk:212
'ssl_engine_init.slo')
*** Error 1 in modules/ssl
(/root/openbsd64_distsrv_install/httpd-2.4.37/build/rules.mk:140
'shared-build-recursive')
*** Error 1 in modules
(/root/openbsd64_distsrv_install/httpd-2.4.37/build/rules.mk:140
'shared-build-recursive')
*** Error 1 in . (build/rules.mk:140 'shared-build-recursive')
*** Error 1 in /root/openbsd64_distsrv_install/httpd-2.4.37
(build/rules.mk:93 'all-recursive')

Thanks Again,
Helmut Kiessling

-----Original Message-----
From: Stuart Henderson <[email protected]> 
Sent: 01 November 2018 18:06
To: [email protected]
Cc: [email protected]
Subject: Re: Apache 2.4.37 SSL_CTX_set_post_handshake_auth error

On 2018/11/01 12:58, [email protected] wrote:
> Hi,
> 
>  
> 
> I hit the following error after building Apache 2.4.37 in OpenBSD 6.4 
> and trying to start it:
> 
> httpd:/usr/local/apache2/modules/mod_ssl.so: undefined symbol 
> 'SSL_CTX_set_post_handshake_auth'
> 
> No problems with Apache 2.4.33 in the same environment.
> 
>  
> 
> Do you guys have any ideas where I should try to find a solution for it?
> 
>  
> 
> Many Thanks,
> 
> Helmut Kiessling
> 

The patch below is needed, I've just committed a fix to ports.

Index: modules/ssl/ssl_engine_init.c
--- modules/ssl/ssl_engine_init.c.orig
+++ modules/ssl/ssl_engine_init.c
@@ -1492,7 +1492,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s
     X509_STORE_CTX *sctx;
     X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && 
+!defined(LIBRESSL_VERSION_NUMBER)
     /* For OpenSSL >=1.1.1, turn on client cert support which is
      * otherwise turned off by default (by design).
      * https://github.com/openssl/openssl/issues/6933 */

Reply via email to