OpenSSL/SSLeay core dumps under DSO situations solved
As Jan Wedekind <[EMAIL PROTECTED]> and others already discovered for mod_ssl, SSLeay and OpenSSL dumps core on some platforms when used under a Dynamic Shared Object (DSO) situation. For instance when you build Apache+mod_ssl+OpenSSL where mod_ssl is a DSO and this DSO is linked against libcrypto.a/libssl.a. This works fine on smart platforms like Linux or FreeBSD, but dumps core when a connections is established under others like Solaris 2.x. I've now traced it down myself, and the reason is that various pointers (for my RSA_METHOD* in RSA_flags()) are out of memory bounds and so cause the segfaults on dereferencing. It was clear that this isn't a bug in SSLeay/OpenSSL, because the same code works fine on other platforms, of course. So, I've fiddled around yesterday myself testing various compiler versions (I've initially thought perhaps my GCC 2.8.1 produces the bug on SPARC), but then finally I got the essential idea: OpenSSL is always compiled for non-DSO situations, i.e. without Position Independend Code (PIC). But it's liked to a DSO which usually requires PIC! Ok, some x86 platforms like Linux and FreeBSD are smart enough to not require PIC inside OpenSSL, but a SPARC platform like my Solaris 2.6 horrible crashes without PIC in OpenSSL. So, I've just added "-fPIC" to the solaris-sparc-gcc line in OpenSSL's Configure script, recompiled my libssl.so (that's mod_ssl's DSO, not the ssl library of OpenSSL) with the now PIC-aware libssl.a (that's OpenSSL's ssl library) and BINGO: All works fine. No more core dumps on new SSL connections. Seems like we should add a "pic" option to the Configure scripts which either adds -fPIC (for GCC) or -KPIC (for SVR4), etc... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: A simple SSL question
On Sat, Jan 09, 1999, Andi Zain wrote: > I plan to develop a fully functional on-line mall equipped with SSL+ASP. > Is that true that all I have to do is placing the order form in a > secured directory? Yes. > and where should I place the *.ASP files? In the same directory, of course. They have to be secured, too. Or at least under the same virtual SSL-aware server. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
A simple SSL question
Hello All, I plan to develop a fully functional on-line mall equipped with SSL+ASP. Is that true that all I have to do is placing the order form in a secured directory? and where should I place the *.ASP files? Any advice and suggestions will be greatly appreciated.Thank you very much Regards, Andi Zain __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Digest Version of the mod-ssl mailing list query
On Sat, Jan 09, 1999, T. Freeland wrote: > Is there a digest version of the mod-ssl mailing list available? I've not configured Majordomo for supporting digests for sw-mod-ssl, but it should be possible, of course. Is there really interest in this? Because usually people who want to get digests are those who even better use one of the mailing list archive. There one can look at the stuff more nice and easy (you can search, have it threaded, etc.). But when people are interested in digests I can configure Majordomo to support his, of course. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Digest Version of the mod-ssl mailing list query
Is there a digest version of the mod-ssl mailing list available? Thanks, Travis. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]