Steffen, thanks for the confirmation about SPKI (although why Windows users persist in using mod_php over the php-fcgi sapi is beyond me... sigh). Note that your hack only works when mod_php and those extensions are built with the same clib as httpd.exe.
I am concerned that some of the functions for reading/writing certificate CRL chains may require this in mod_ssl.so as well. A quick review of apr_crypto_openssl-1.dll suggests that none of the functions we use require this stub. It's also reassuring that others see the value of using this with all flavors of VC, and not simply the most problematic VS14/VS15 versions. In building httpd.exe, some users don't build and install openssl. It isn't going to be possible to simply #include <openssl/applink.c> without some conditional test. OpenSSL itself is partly the culprit, for not having an APPLINK_REQUIRED style macro conditional. But we can work around this in the cmake tests. I'll look at making this a standard bit of the httpd 2.4 build. We can likely add a user-toggled flag to the os/win32/os.h? ---------- Forwarded message ---------- From: Steffen <[email protected]> Date: Wed, Jun 15, 2016 at 4:39 AM Subject: Re: svn commit: r1748461 - in /httpd/httpd/branches/2.2.x: ./ CHANGES support/ab.c To: [email protected] I do not understand your conclusion. Background you find : https://www.openssl.org/docs/faq.html#PROG2 Also Apachelounge includes applink shim in http.exe with all (VC10/11/14), this is done in cooperation of the PHP dev's. Quote: Yeah, now it turned out, that the SPKI functionality in PHP requires this shim to be in. The functionality is available since PHP 5.6 and coupled with Apache could result an unexpected process exit without the solution mentioned in the OpenSSL FAQ compiled in. Steffen On Wednesday 15/06/2016 at 03:33, William A Rowe Jr wrote: Two quick observations... Every time OpenSSL was compiled against a different CRT, whether is was a release build of OpenSSL and a debug build of httpd/ab, or whether OpenSSL was built under Visual Studio 2012 and httpd/ab was built against VS 2015, this issue would occur without this patch. Visual Studio 2015 only magnified or brought this quirk to light. I'm curious, having seen reports of a Windows specific defect in local CRL validation, whether this is also required in httpd. Sadly, OpenSSL only looks for this symbol in the currently executing binary (recall Win32 is two-level namespace)... we bind libssl/libcrypto to libaprutil.dll and mod_ssl.so. Exporting this from httpd.exe isn't practical. If that is the root of the other CRL failure observation, I'm not sure that OpenSSL's hack is going to resolve it for our custom BIO implementation. Gregg, if you would vet the patch as applied to trunk/2.4/2.2, I'd appreciate it. On Jun 14, 2016 3:37 PM, <[email protected]> wrote: Author: wrowe Date: Tue Jun 14 20:37:52 2016 New Revision: 1748461 URL: http://svn.apache.org/viewvc?rev=1748461&view=rev Log: abs: Include OPENSSL_Applink when compiling on Windows, to resolve failures under Visual Studio 2015 and other mismatched MSVCRT flavors. PR: 59630 Submitted by: Jan Ehrhardt <phpdev ehrhardt.nl> Modified: httpd/httpd/branches/2.2.x/ (props changed) httpd/httpd/branches/2.2.x/CHANGES httpd/httpd/branches/2.2.x/support/ab.c Propchange: httpd/httpd/branches/2.2.x/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Jun 14 20:37:52 2016 @@ -1,2 +1,2 @@ /httpd/httpd/branches/2.4.x:1555538,1555559,1648845,1649003,1681034,1682929,1682939,1707123,1722573,1726087 -/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,1368131,136 8396,1369568,1395225,1398066,1400700,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621453,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,1680942,1681037,1682923,1682937,1684513,1685345,1685347,1685349-1685350,1688274, 1688536,1688538,1706989,1722572,1726086 +/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,1368131,136 8396,1369568,1395225,1398066,1400700,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621453,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,1680942,1681037,1682923,1682937,1684513,1685345,1685347,1685349-1685350,1688274, 1688536,1688538,1706989,1722572,1726086,1745767,1748448 Modified: httpd/httpd/branches/2.2.x/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1748461&r1=1748460&r2=1748461&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original) +++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Jun 14 20:37:52 2016 @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.32 + *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve + failures under Visual Studio 2015 and other mismatched MSVCRT flavors. + PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>] + *) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to use a different scoreboard slot then the original one. PR 58267. [Ruediger Pluem] Modified: httpd/httpd/branches/2.2.x/support/ab.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=1748461&r1=1748460&r2=1748461&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/support/ab.c (original) +++ httpd/httpd/branches/2.2.x/support/ab.c Tue Jun 14 20:37:52 2016 @@ -187,6 +187,14 @@ typedef STACK X509_STACK_TYPE; #define SK_VALUE(x,y) sk_X509_value(x,y) typedef STACK_OF(X509) X509_STACK_TYPE; +#if defined(_MSC_VER) +/* The following logic ensures we correctly glue FILE* within one CRT used + * by the OpenSSL library build to another CRT used by the ab.exe build. + * This became especially problematic with Visual Studio 2015. + */ +#include <openssl/applink.c> +#endif + #endif #if defined(USE_SSL)
