On 3/11/2014 1:29 PM, Rainer Jung wrote:
On 11.03.2014 17:34, Jim Jagielski wrote:
The pre-release test tarballs for Apache httpd 2.4.8 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.8 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.
Vote will last the normal 72 hrs.
NOTE: The *-deps are only there for convenience.
I get a segfault during startup init on www.apache.org when using SSL.
This didn't happen for r1570851. Candidate is r1573360.
I'm seeing this with OpenSSL 0.9.8y on Windows.
That server currently uses OpenSSL 1.0.1e.
GDB:
Program terminated with signal 11, Segmentation fault.
#0 0x000000010287a19a in ssl_set_cert_masks () from
/usr/local/lib/libssl.so.8
(gdb) bt full
#0 0x000000010287a19a in ssl_set_cert_masks () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#1 0x000000010287a6f6 in ssl_get_server_send_pkey () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#2 0x000000010287a7a9 in ssl_get_server_send_cert () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#3 0x0000000102616d2a in ssl_init_server_certs (pphrases=0x10226ab58,
mctx=0x10227d938, ptemp=<optimized out>, p=<optimized out>, s=<optimized
out>) at ssl_engine_init.c:959
No locals.
#4 ssl_init_server_ctx (pphrases=<optimized out>, sc=<optimized out>,
ptemp=<optimized out>, p=<optimized out>, s=<optimized out>) at
ssl_engine_init.c:1287
No locals.
#5 ssl_init_ConfigureServer (s=0x102277350, p=0x102023028,
ptemp=0x102051028, sc=0x10227d7d8, pphrases=<optimized out>) at
ssl_engine_init.c:1378
rv =<optimized out>
#6 0x0000000102617cfc in ssl_init_Module (p=0x102023028,
plog=<optimized out>, ptemp=0x102051028, base_server=0x10204dbe8) at
ssl_engine_init.c:228
mc =<optimized out>
sc =<optimized out>
s = 0x102277350
rv = 0
pphrases = 0x10226ab58
#7 0x000000000044965c in ap_run_post_config (pconf=0x102023028,
plog=0x10204f028, ptemp=0x102051028, s=0x10204dbe8) at config.c:103
n = 4
rv =<optimized out>
#8 0x000000000042afd7 in main (argc=9, argv=0x7fffffffd8c0) at main.c:696
c = 68 'D'
showcompile = 0
showdirectives = 0
confname = 0x7fffffffdbb7 "/.../conf/httpd.conf"
def_server_root = 0x4655c0 "/..."
temp_error_log = 0x0
error =<optimized out>
process = 0x102021118
pconf = 0x102023028
plog = 0x10204f028
ptemp = 0x102051028
pcommands = 0x102045028
opt = 0x102045118
rv =<optimized out>
opt_arg = 0x7fffffffdbfa "SSL"
...
#3 0x0000000102616d2a in ssl_init_server_certs (pphrases=0x10226ab58,
mctx=0x10227d938, ptemp=<optimized out>, p=<optimized out>, s=<optimized
out>) at ssl_engine_init.c:959
959 if (!(ssl = SSL_new(mctx->ssl_ctx)) ||
(gdb) print *pphrases
$1 = {pool = 0x102051028, elt_size = 8, nelts = 0, nalloc = 2, elts =
0x10226ab78 ""}
(gdb) print *mctx
$2 = {sc = 0x10227d7d8, ssl_ctx = 0x102185600, pks = 0x10227da20, pkp =
0x0, ticket_key = 0x10227dab0, protocol = 6, pphrase_dialog_type =
SSL_PPTYPE_BUILTIN,
pphrase_dialog_path = 0x0, cert_chain = 0x1022784c0 "/....crt",
crl_path = 0x0, crl_file = 0x0,
crl_check_mode = SSL_CRLCHECK_UNSET, stapling_enabled = 0,
stapling_resptime_skew = -1, stapling_resp_maxage = -1,
stapling_cache_timeout = -1,
stapling_return_errors = 4294967295, stapling_fake_trylater =
4294967295, stapling_errcache_timeout = -1, stapling_responder_timeout =
-1, stapling_force_url = 0x0,
srp_vfile = 0x0, srp_unknown_user_seed = 0x0, srp_vbase = 0x0, auth =
{ca_cert_path = 0x0, ca_cert_file = 0x0,
cipher_suite = 0x102108d18 "...", verify_depth = 1, verify_mode =
SSL_CVERIFY_NONE},
ocsp_enabled = 0, ocsp_force_default = 0, ocsp_responder = 0x0,
ocsp_resptime_skew = -1, ocsp_resp_maxage = -1, ocsp_responder_timeout = -1}
Config structure is roughly:
<VirtualHost _default_:443>
ServerName ...
DocumentRoot ...
SSLEngine on
SSLCACertificateFile ....pem
SSLCertificateFile ....crt
SSLCertificateKeyFile ....key
SSLCertificateChainFile ....pem
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile ....crt
SSLCertificateKeyFile ....key
SSLCertificateChainFile ....crt
DocumentRoot ...
ServerName ...
ServerAlias ...
UseCanonicalName On
non-ssl config items
</VirtualHost>
<VirtualHost *:443>
ServerName ...
UseCanonicalName Off
VirtualDocumentRoot ...
VirtualScriptAlias ...
ServerAlias ...
SSLEngine on
SSLCertificateFile ....crt
SSLCertificateKeyFile ....key
SSLCertificateChainFile ....crt
non-ssl config items
</VirtualHost>
The certificates etc. in the three blocks are three different ones.
I'll have a look what I can find out, just an early heads-up.
Regards,
Rainer