https://bz.apache.org/bugzilla/show_bug.cgi?id=69942
Bug ID: 69942
Summary: httpd 2.4.66 crashes with SIGSEGV in libssl.so.3
3.5.5
Product: Apache httpd-2
Version: 2.4.66
Hardware: Sun
OS: Solaris
Status: NEW
Severity: critical
Priority: P2
Component: Core
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I compiled openssl 3.5.5 and http server 2.4.66 for Solaris 11.4 Sparc, httpd
immediately crashes with core. I backed out 3.5.5 and recompiled with
openssl 3.0.18 and all is well. Is http server 2.4.66 compatable with openssl
3.5???
Core was generated by `/usr/local/apache/bin/httpd -d /usr/local/apache -f
/usr/local/apache/conf/http'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fff9d178918 in ssl3_get_cipher_by_char ()
from /usr/local/apache/ssl/lib/libssl.so.3
(gdb)
(gdb) bt
#0 0x00007fff9d178918 in ssl3_get_cipher_by_char ()
from /usr/local/apache/ssl/lib/libssl.so.3
#1 0x00007fffd1554b2c in ssl_create_cipher_list ()
from /usr/lib/sparcv9/libssl.so.1.0.0
#2 0x00007fffd154d558 in SSL_CTX_new () from /usr/lib/sparcv9/libssl.so.1.0.0
#3 0x00007fffccd28064 in ssl_init_ctx_protocol ()
from /usr/local/apache/modules/mod_ssl.so
#4 0x00007fffccd29e30 in ssl_init_ctx ()
from /usr/local/apache/modules/mod_ssl.so
#5 0x00007fffccd2cdf8 in ssl_init_server_ctx ()
from /usr/local/apache/modules/mod_ssl.so
#6 0x00007fffccd2d7dc in ssl_init_ConfigureServer ()
from /usr/local/apache/modules/mod_ssl.so
#7 0x00007fffccd26a74 in ssl_init_Module ()
from /usr/local/apache/modules/mod_ssl.so
#8 0x0000000100098ab8 in ap_run_post_config ()
#9 0x000000010004d348 in main ()
rzac@yoda:/usr/local/apache$ httpd -V
Server version: Apache/2.4.66 (Unix)
Server built: Jan 27 2026 14:24:44
Server's Module Magic Number: 20120211:141
Server loaded: APR 1.7.6, APR-UTIL 1.6.3, PCRE 10.40 2022-04-14
Compiled using: APR 1.7.6, APR-UTIL 1.6.3, PCRE 10.44 2024-06-07
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_PROC_PTHREAD_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/usr/local/apache"
-D SUEXEC_BIN="/usr/local/apache/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
my configure
./configure --prefix=$apache_dir --with-mpm=prefork --enable-so
--enable-ssl --enable-module=so --enable-rule=SHARED_CORE
--enable-module=shared --enable-rewrite --with-ssl=$apache_dir/ssl
--with-apr=$apache_dir --with-apr-util=$apache_dir
ldd /usr/local/apache/modules/mod_ssl.so
libssl.so.3 => /usr/local/apache/ssl/lib/libssl.so.3
libcrypto.so.3 => /usr/local/apache/ssl/lib/libcrypto.so.3
I built openssl 3.5.5, apr 1.7.6 apr util 1.6.3 , and httpd 2.6.6 right after
each other on same day. builds were clean. httpd crashes immediately as
indicated with core above.
Is openssl 3.5.x not yet supported?
If so, I would stay on openssl 3.0.18 which works. I rebuilt with openssl
3.0.18 and all is well,
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
