Interesting. Must be an Apache 2.2.X thing. The symbol definitely does not appear in 2.0.55.
Per Olausson wrote: > > Phil, > > Is it the way I am building Apache or is Linux or Solaris hiding this > symbol? I've checked this on a gentoo build, but on my machine the > module has no symbols. > > Details as below: > > Apache/2.2.3 > OpenSSL 0.9.8c > AIX 5200-09 > * > nm mod_ssl.so | grep SSL_get_shared_ciphers > .SSL_get_shared_ciphers T 269028692 > .SSL_get_shared_ciphers_139_116 t 269031772* > > nm(1): > > T Global text symbol. > t Local text symbol. > > Regards, > > > Per > > Phil Ehrens wrote: > >Per Olausson wrote: > > > >>>Phil Ehrens: > >>>I just checked a couple different versions and did not see that > >>>function. > >>> > >>I posted a question about this to the apache security mailbox, but > >>nobody responded. I guess that is inline with the policy for that > >>mailbox even if I find it somewhat unhelpful, considering that SSL isn't > >>completely a rarity when using Apache. > >> > >>The reason I am concerned is because mod_ssl indirectly references > >>SSL_get_shared_ciphers. It is in use. You can see this if you use > >>something like nm and grep for this function. > >> > >>So is mod_ssl vulnerable? Is the functionality insulated and not > >>possible to trigger from the mod_ssl user scenario, or is it? > >> > >>If anyone have any ideas please let me know! > >> > > > >The symbol is not defined in mod_ssl on any of my Linux or Solaris > >systems, all of which are running Apache-2.0.55. What version are > >you looking at? > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager [EMAIL PROTECTED] -- Phil Ehrens <[EMAIL PROTECTED]>| Fun stuff: The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org California Institute of Technology | http://www.trenchman.com 1200 East California Blvd. | http://www.tokyotosho.com Pasadena, CA 91125 USA | My gpg public key: Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
