Hi, With the release of openssl-0.9.6k I recompiled and updated my apache installs to 1.3.28/modssl-2.8.15 from 1.3.27/modssl-2.8.12. I compiled up on Linux and Solaris. When running I randomly get a SIGBUS on Solaris and a SIGSEGV on linux. I'm using client certificates. I've a large number of servers (>50) running fine on 1.3.27/2.8.12.
The issue seems to be with the "SSLOptions +OptRenegotiate" option. When going from a non client cert location to a client cert location. The backtrace from dbx on solaris is [EMAIL PROTECTED] ([EMAIL PROTECTED]) signal BUS (invalid address alignment) in sk_value at 0xfebed534 0xfebed534: sk_value+0x0014: ld [%g3 + %g2], %o0 (/opt/SUNWspro/bin/../WS6/bin/sparcv9/dbx) where current thread: [EMAIL PROTECTED] =>[1] sk_value(0x132990, 0x0, 0x3, 0xfed27eb0, 0x260, 0x132980), at 0xfebed534 [2] X509_NAME_oneline(0x132980, 0x0, 0x0, 0x0, 0xc7, 0xffbef4d0), at 0xfec1e6dc [3] ssl_hook_Access(0xf0f30, 0xfed64cf4, 0xad400, 0x24bec, 0x0, 0xf26b8), at 0xfed65b74 [4] run_method(0xf0f30, 0x10, 0x1, 0x0, 0x0, 0xff00), at 0x2052c [5] ap_check_access(0xf0f30, 0x93460, 0x93400, 0x91659, 0x45, 0x65), at 0x20620 [6] process_request_internal(0xf0f30, 0x0, 0x16, 0xcd, 0xeffffc00, 0x1), at 0x40180 [7] ap_process_request(0xf0f30, 0xc8, 0xf0f30, 0xffbef8e0, 0xffbef8f0, 0x5), at 0x405ac [8] child_main(0x5, 0x31298, 0x31000, 0xff17b250, 0xff175980, 0xff16efe0), at 0x33284 [9] make_child(0xb0bf0, 0x5, 0x3f8154e3, 0xcd, 0xff23b1d4, 0xffbefa18), at 0x335fc [10] perform_idle_server_maintenance(0x0, 0xffbefb1c, 0x0, 0xb0bf0, 0x90ed8, 0x8fa80), at 0x33b10 [11] standalone_main(0x6, 0xffbefc4c, 0x0, 0x0, 0xff23b02c, 0x90ff0), at 0x34384 [12] main(0x6, 0xffbefc4c, 0xffbefc68, 0xadd98, 0x0, 0x0), at 0x34cc4 the cofiguration for a typical SSL server is ... SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /opt/apache_test/conf/ssl.crt/server.crt SSLCertificateKeyFile /opt/apache_test/conf/ssl.key/server.key SSLCACertificateFile /opt/apache_test/conf/ssl.crt/CA.crt SSLVerifyDepth 2 SSLOptions +StdEnvVars +ExportCertData SSLPassPhraseDialog builtin SSLSessionCache shmcb:/opt/apache_test/sites/debug.internal.net/logs/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex file:/opt/apache_test/sites/debug.internal.net/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /opt/apache_test/sites/debug.internal.net/logs/ssl_engine_log SSLLogLevel Warn <LocationMatch "/images/.*"> SSLVerifyClient optional SSLOptions +OptRenegotiate </LocationMatch> When entering the images directory some but not all of the httpd children die. I'm going to get a linux debug server running. Hopefully someone can replicate the issue? Or suggest a fix. Thanks Matt __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
