Thank you all for your kind help. I noticed the lack of the trace option with 1.0.1e. Is there some way for me to check out a copy of 1.0.2 development, to see if it exhibits the same problem - and if it does, to capture a trace?
I have not been able to progress much on this, because of other responsibilities, but I will say that I got httpd to work purely as a fluke: I forced it to use the static OpenSSL libraries (as well as a static mod_ssl module) to enable simpler debugging via GDB, and much to my chagrin, the httpd system started working - I could serve up web pages on port 443! I recompiled again, using shared objects, and it failed again. Back to static, and it worked. Since my goal is a running system with no known security vulnerabilities (my wife's server, so I feel a personal motivation to make this 'just work'), I am now going to put httpd on the table temporarily, and move on to postfix, the next program the seems to fail with OpenSSL 1.0.1e, and see what if anything I can do about that. Once I get a functional system with 1.0.1e (if I can get there), I will go back as I can to try to find out why shared libraries fail, and static libraries work in my environment for httpd. Postfix always uses static libraries, so that trick won't work here. I have a habit of wanting to use the 'latest everything' as I check versions of software on my server once every few weeks. This upgrade-early habit does run me into problems of compatibility. In December, 2011, I ran into a problem with httpd again, tihs time it was in the Apache Portable Runtime, and was caused by a new GCC compiler and a bug in its optimization techniques. It was a devil of a time getting to the root of that. Is anyone else using GCC 4.7.3 and BinUtils 2.23.1? If anyone is curious as to the software versions I run on my server, just go to http://www.thesiblingrevelry.net/sources.html - that output is from my custom package manager. On Tue, February 19, 2013 4:20 am, Dr. Stephen Henson wrote: > On Tue, Feb 19, 2013, Eisenacher, Patrick wrote: > > >> >> Additionally, try invoke s_client with the -trace and -state options to >> get more human readable output. But as Dave has already pointed out, >> your client's write to the socket fails, because the underlying >> connection was closed down and you should enable maximum lovlevel in >> your server and check its logfile for any hints. >> > > Note: trace is only supported by the unreleased OpenSSL 1.0.2 and > requires that you configure OpenSSL with "enable-ssl-trace". > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
