Am 17.10.2018 um 13:41 schrieb Daniel Ruggeri:
Hi, all;
With the fix for detected OpenSSL 1.1.1 issues now backported to 2.4.x,
I would like to tag the next version of our venerable server soon.
I have already successfully completed the test suite against my "latest
sources" docker environment and am watching for any smoke detected in
[1]. Feeling good about this one :-)
How about roughly 24 hours from now?
[1]
https://lists.apache.org/thread.html/48de97bd66ceabcf84a3719b36cd69274cb8c4b64d68c46696beb906@<dev.httpd.apache.org>
In the meantime most of my tests finished. The two small mod_ssl patches
applied this morning were not part of the testing but seem simple enough
to understand and should pose no risk.
My testing showed:
- t/ssl/ocsp.t fails in test 2 and 3 (lines 43 and 49) when the server
is build using OpenSSL 0.9.8zh:
Can't connect to localhost:8535 (SSL connect attempt failed because of
handshake problems error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure)
SSL connect attempt failed because of handshake problems
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure at
/shared/build/dev/httpd/install/Bundle-ApacheTest/20180911-0.9.8zh-1/rhel7.x86_64/lib/perl5/LWP/Protocol/http.pm
line 50.
I don't know whether that is expected for old OpenSSL, so can not judge
on criticality.
- t/modules/http2.t fails when the server is build using OpenSSL 0.9.8zh
with the "Bad plan. You planned 52 tests..." message indicating, that
h2 using TLS does not work. It happens on all platforms, but not if the
client also uses OpenSSL 0.9.8zh.
I don't know whether that is expected for old OpenSSL, so can not judge
on criticality.
- only once out of 68 runs on Solaris failure in t/modules/cgi.t test 54
in line 232. There log contents are checked and the file system is on
NFS. Might be, that this is a timing issue in the test. Not a
show-stopper for me.
- only once out of 68 runs on Solaris failure in t/ssl/proxy.t test 106
in line 131. /eat_post responds with a proxy error (502) instead of 200
with the posted content length as the response body. Need to investigate
but would also say not a show-stopper, because only on Solaris and only
once.
- some crashes on Solaris when building the server statically linked.
Only with event MPM and looks like always at the end of a process
lifetime, typically during shutdown. Maybe a problem with duplicate
OpenSSL unloading/cleanup (apr-util plus mod_ssl). I think its a known
problem, but no fix yet available. Since it should not happen to
processes which are in use I would say it is more of an annoyance and
not a show-stopper.
Regards,
Rainer
