Interesting. Must be an Apache 2.2.X thing. The symbol
definitely does not appear in 2.0.55.
Per Olausson wrote:
>
> Phil,
>
> Is it the way I am building Apache or is Linux or Solaris hiding this
> symbol? I've checked this on a gentoo build, but on my machine the
> module has no symbols.
>
> Details as below:
>
> Apache/2.2.3
> OpenSSL 0.9.8c
> AIX 5200-09
> *
> nm mod_ssl.so | grep SSL_get_shared_ciphers
> .SSL_get_shared_ciphers T 269028692
> .SSL_get_shared_ciphers_139_116 t 269031772*
>
> nm(1):
>
> T Global text symbol.
> t Local text symbol.
>
> Regards,
>
>
> Per
>
> Phil Ehrens wrote:
> >Per Olausson wrote:
> >
> >>>Phil Ehrens:
> >>>I just checked a couple different versions and did not see that
> >>>function.
> >>>
> >>I posted a question about this to the apache security mailbox, but
> >>nobody responded. I guess that is inline with the policy for that
> >>mailbox even if I find it somewhat unhelpful, considering that SSL isn't
> >>completely a rarity when using Apache.
> >>
> >>The reason I am concerned is because mod_ssl indirectly references
> >>SSL_get_shared_ciphers. It is in use. You can see this if you use
> >>something like nm and grep for this function.
> >>
> >>So is mod_ssl vulnerable? Is the functionality insulated and not
> >>possible to trigger from the mod_ssl user scenario, or is it?
> >>
> >>If anyone have any ideas please let me know!
> >>
> >
> >The symbol is not defined in mod_ssl on any of my Linux or Solaris
> >systems, all of which are running Apache-2.0.55. What version are
> >you looking at?
> >__
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager[EMAIL PROTECTED]
> >
>
>
> __
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager[EMAIL PROTECTED]
--
Phil Ehrens <[EMAIL PROTECTED]>| Fun stuff:
The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org
California Institute of Technology| http://www.trenchman.com
1200 East California Blvd.| http://www.tokyotosho.com
Pasadena, CA 91125 USA| My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]