RE: [BugDB] Staticly linked mod_ssl on Linux core dumps on SIGUSR1 (PR#444)

David Rees Thu, 31 Aug 2000 16:49:05 -0700
This is fixed in mod_ssl 2.6.6.

> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, August 31, 2000 4:44 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: [BugDB] Staticly linked mod_ssl on Linux core dumps on SIGUSR1
> (PR#444)
> 
> 
> Full_Name: Andrej Czapszys
> Version: 2.6.5-1.3.12
> OS: Linux
> Submission from: (NULL) (208.26.192.4)
> 
> 
> I noticed that apache dumps core on a sigusr1 with mod_ssl staticly
> linked under Linux.  I do not get the same effect under Solaris
> or if I use mod_ssl as a DSO.
> GDB output is:
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libm.so.6...done.
> Reading symbols from /lib/libcrypt.so.1...done.
> Reading symbols from /lib/libdb.so.3...done.
> Reading symbols from /lib/libnsl.so.1...done.
> Reading symbols from /lib/libdl.so.2...done.
> Reading symbols from /lib/libc.so.6...done.
> Reading symbols from /lib/ld-linux.so.2...done.
> Reading symbols from /lib/libnss_files.so.2...done.
> Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
> #0  0x8131b65 in SSL_CTX_ctrl ()
> (gdb) bt
> #0  0x8131b65 in SSL_CTX_ctrl ()
> #1  0x808f180 in ssl_init_Module ()
> #2  0x808f4a7 in ssl_init_Module ()
> #3  0x80eb6e9 in ap_init_modules ()
> #4  0x80f5175 in standalone_main ()
> #5  0x80f5993 in main ()
> #6  0x400d09cb in __libc_start_main (main=0x80f563c <main>, argc=2,
>     argv=0xbffffb94, init=0x807db74 <_init>, fini=0x81fad2c <_fini>,
>     rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffb8c)
>     at ../sysdeps/generic/libc-start.c:92
> 
> I went poking through the sources and made the following changes in 
> ssl_engine_init.c, which (the upper part) resolved the problem
> (the lower part detected the problem):
> 
> *** ssl_engine_init.c   2000/08/31 23:27:26     1.1
> --- ssl_engine_init.c   2000/08/31 23:28:53
> ***************
> *** 230,246 ****
>        *  Ok, now try to solve this totally ugly situation...
>        */
> 
> - #ifdef SHARED_MODULE
>       ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
>               mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
>       ssl_init_SSLLibrary();
> ! #else
> !     if (mc->nInitCount <= 2) {
> !         ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
> !                 mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
> !         ssl_init_SSLLibrary();
> !     }
> ! #endif
>       if (mc->nInitCount == 1) {
>           ssl_pphrase_Handle(s, p);
>           ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);
> --- 230,239 ----
>        *  Ok, now try to solve this totally ugly situation...
>        */
>  
>       ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
>               mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
>       ssl_init_SSLLibrary();
> !
>       if (mc->nInitCount == 1) {
>           ssl_pphrase_Handle(s, p);
>           ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);
> ***************
> *** 530,535 ****
> --- 523,535 ----
>           ctx = SSL_CTX_new(SSLv2_server_method());  /* only 
> SSLv2 is left */
>       else
>           ctx = SSL_CTX_new(SSLv23_server_method()); /* be more 
> flexible */
> +
> +     if ( ctx == NULL ) {
> +       ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
> +               "Init: Unable to create new SSL_CTX");
> +       ssl_die();
> +     }
> +
>       SSL_CTX_set_options(ctx, SSL_OP_ALL);
>       if (!(sc->nProtocol & SSL_PROTOCOL_SSLV2))
>           SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
> 
> My guess is that unlike under Solaris, under Linux, global state is 
> not saved after the detach.  This brings up the question, is it 
> harmful to reinitialize state during a graceful restart when global 
> state IS maintained?  My guess would be that the worst that could 
> occur would be a small memory leak on each restart.  This change 
> didn't have any notable effect under Solaris.
> 
> Also, my error handling code did not put out a reasonable error 
> (and I'm not
> sure why):
> 
> [31/Aug/2000 14:26:33 09880] [error] OpenSSL: 
> error:140A90F1::lib(20) :func(169)
> :reason(241)  
> 
> Looking at the source, I expected it to look more like this:
> [31/Aug/2000 14:26:33 09880] [error] OpenSSL: error:140A90F1::lib(SSL)
> :func(SSL_CTX_new) :reason(Unable to load SSL2-MD5 routine)  
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE: [BugDB] Staticly linked mod_ssl on Linux core dumps on SIGUSR1 (PR#444)

Reply via email to
