As Jan Wedekind <[EMAIL PROTECTED]> and others already discovered for
mod_ssl, SSLeay and OpenSSL dumps core on some platforms when used under a
Dynamic Shared Object (DSO) situation. For instance when you build
Apache+mod_ssl+OpenSSL where mod_ssl is a DSO and this DSO is linked against
libcrypto.a/libssl.a. This works fine on smart platforms like Linux or
FreeBSD, but dumps core when a connections is established under others like
Solaris 2.x. I've now traced it down myself, and the reason is that various
pointers (for my RSA_METHOD* in RSA_flags()) are out of memory bounds and so
cause the segfaults on dereferencing. It was clear that this isn't a bug in
SSLeay/OpenSSL, because the same code works fine on other platforms, of
course.
So, I've fiddled around yesterday myself testing various compiler versions
(I've initially thought perhaps my GCC 2.8.1 produces the bug on SPARC), but
then finally I got the essential idea: OpenSSL is always compiled for non-DSO
situations, i.e. without Position Independend Code (PIC). But it's liked to a
DSO which usually requires PIC! Ok, some x86 platforms like Linux and FreeBSD
are smart enough to not require PIC inside OpenSSL, but a SPARC platform like
my Solaris 2.6 horrible crashes without PIC in OpenSSL. So, I've just added
"-fPIC" to the solaris-sparc-gcc line in OpenSSL's Configure script,
recompiled my libssl.so (that's mod_ssl's DSO, not the ssl library of OpenSSL)
with the now PIC-aware libssl.a (that's OpenSSL's ssl library) and BINGO: All
works fine. No more core dumps on new SSL connections.
Seems like we should add a "pic" option to the Configure scripts which either
adds -fPIC (for GCC) or -KPIC (for SVR4), etc...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
