On 30/01/2012 23:43, Daniel Ruggeri wrote: > It's been hell lately - sorry for the sloooooow reply > > On 1/19/2012 1:13 AM, Sander Temme wrote: >> Interesting... which version of OpenSSL? Must be 0.9.7 or 0.9.8, because >> err_cmp() disappeared after that. And the signature doesn't match what >> we're seeing in the backtrace. >> >> And which platform? Solaris? SPARC or x86_64? > > I was building on Sparc - but I'll have to try with openssl 1.0.0. > >> >>> ... >> So the combination of directives causes some memory to be overwitten that >> ends up pointing outside httpd's allocated address space. Does the order of >> the directives matter? >> >> Which Engine if I may ask? A fix was applied to the CHIL Engine that >> removes a dangling cleanup function pointer which caused a segfault on >> startup on platforms that vary the address location in which libraries are >> loaded (RHEL 5 being a prime example). I don't remember off the top of my >> head which OpenSSL version got the fix. >> >> Can you reproduce with a non-optimized, debug/symbols enabled build of >> OpenSSL and Apache? With the latest versions of each? >> >> S. >> > > I'll try messing with the order and will let you know how I get on - the > chil engine is the one in use but this is a fairly recent openssl > (0.9.8r). I didn't explicitly enable optimization of either build but > did explicitly add "-g" which seemed to create a build of httpd with > debug symbols but a regular old build of openssl. I have some other > platforms available (RHEL being one of them) and will try soon to see > what I get there. >
The fix in 0.9.8r, the relevant patch is here: http://cvs.openssl.org/chngview?cn=19659 Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
