Re: The drive for 2.4.26

Thu, 20 Apr 2017 15:30:04 -0700 

Am 20.04.2017 um 21:23 schrieb Jacob Champion:

On 04/20/2017 07:31 AM, Gregg Smith wrote:

ABS doesn't work with openssl 1.1.0, on windows anyway. It builds
without warning yet doesn't work.

abs https://www.domain.com
just sits there forever and never completes or shows anything.

I cannot imagine this being a windows only problem.


I haven't tested Windows yet, but in Ubuntu, ab built with OpenSSL 1.1.0
hangs whether you're using HTTP or HTTPS.

We call OPENSSL_malloc_init(), which in 1.1.0 is documented to be
unnecessary except "in certain shared-library situations." (I haven't
found documented examples of these "situations" yet.) This is a macro
that just sets a bunch of malloc callbacks to their defaults.

Unfortunately on my machine, the "default" functions are actually
translated into PLT stubs for the linker -- it's a macro call, so it
uses the executable's addresses for the functions rather than the
library's. So CRYPTO_malloc calls the PLT stub which calls CRYPTO_malloc
which calls the PLT stub which recurses into madness. Configuring
OpenSSL with --debug turns the hang into a stack overflow like we'd expect.

On the one hand, it's arguably an API bug in OpenSSL, but I get the
feeling that we're not supposed to call most of these initialization
functions anymore as of 1.1.0.
Thanks for the analysis. So the following patch on trunk works for me when using OpenSSL 1.0.1e (on Solaris 10): 

Index: support/ab.c
===================================================================
--- support/ab.c        (revision 1792155)
+++ support/ab.c        (working copy)
@@ -2576,8 +2576,6 @@
 #else
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
     CRYPTO_malloc_init();
-#else
-    OPENSSL_malloc_init();
 #endif
 #endif
     SSL_load_error_strings();


The same fix should apply for 2.4.x.

In addition I noticed the following glitch:

Index: support/ab.c
===================================================================
--- support/ab.c        (revision 1792155)
+++ support/ab.c        (working copy)
@@ -2465,14 +2465,14 @@
             case 'B':
                 myhost = apr_pstrdup(cntxt, opt_arg);
                 break;
+            case 'm':
+                method = CUSTOM_METHOD;
+                method_str[CUSTOM_METHOD] = strdup(opt_arg);
+                break;
 #ifdef USE_SSL
             case 'Z':
                 ssl_cipher = strdup(opt_arg);
                 break;
-            case 'm':
-                method = CUSTOM_METHOD;
-                method_str[CUSTOM_METHOD] = strdup(opt_arg);
-                break;
             case 'f':
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
                 if (strncasecmp(opt_arg, "ALL", 3) == 0) {
The "-m" option is independent of SSL use and should be handled outside of "#ifdef USE_SSL". 

Will apply some time over the weekend if noone does it before.

Regards,

Rainer

Reply via email to