Bug#572031: lighttpd: fails to start with current OpenSSL

Sun, 28 Feb 2010 21:52:24 -0800 

Package: lighttpd
Version: 1.4.26-1
Severity: grave
Tags: patch
Justification: renders package unusable

Hi

after OpenSSL upgrade, lighttpd stopped working, giving not really helpful
error message:

(network.c.529) SSL: error:00000000:lib(0):func(0):reason(0)

the problem is known and fixed upstream:

http://redmine.lighttpd.net/issues/2157

Attaching patch which applies to 1.4.26-1 and fixes this issue.

-- 
        Michal Cihar | http://cihar.com | http://blog.cihar.com

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-vserver-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lighttpd depends on:
ii  libattr1                1:2.4.44-1       Extended attribute shared library
ii  libbz2-1.0              1.0.5-4          high-quality block-sorting file co
ii  libc6                   2.10.2-6         Embedded GNU C Library: Shared lib
ii  libfam0                 2.7.0-16.1       Client library to control the FAM 
ii  libldap-2.4-2           2.4.17-2.1       OpenLDAP libraries
ii  libpcre3                7.8-3            Perl 5 Compatible Regular Expressi
ii  libssl0.9.8             0.9.8m-2         SSL shared libraries
ii  libterm-readline-perl-p 1.0303-1         Perl implementation of Readline li
ii  lsb-base                3.2-23           Linux Standard Base 3.2 init scrip
ii  mime-support            3.48-1           MIME files 'mime.types' & 'mailcap
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages lighttpd recommends:
pn  spawn-fcgi                    <none>     (no description available)

Versions of packages lighttpd suggests:
ii  apache2-utils                 2.2.14-7   utility programs for webservers
ii  openssl                       0.9.8m-2   Secure Socket Layer (SSL) binary a
pn  rrdtool                       <none>     (no description available)

-- no debconf information

--- lighttpd-1.4.26.orig/src/network.c
+++ lighttpd-1.4.26/src/network.c
@@ -525,7 +525,7 @@
 
 		if (!s->ssl_use_sslv2) {
 			/* disable SSLv2 */
-			if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) {
+			if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
 						ERR_error_string(ERR_get_error(), NULL));
 				return -1;

Reply via email to