Re: [VOTE] Release Apache httpd 2.4.8 as GA

Tue, 11 Mar 2014 14:47:34 -0700 

On 3/11/2014 1:29 PM, Rainer Jung wrote:

On 11.03.2014 17:34, Jim Jagielski wrote:

The pre-release test tarballs for Apache httpd 2.4.8 can be found
at the usual place:

        http://httpd.apache.org/dev/dist/

I'm calling a VOTE on releasing these as Apache httpd 2.4.8 GA.

[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.

Vote will last the normal 72 hrs.

NOTE: The *-deps are only there for convenience.

I get a segfault during startup init on www.apache.org when using SSL.
This didn't happen for r1570851. Candidate is r1573360.


I'm seeing this with OpenSSL 0.9.8y on Windows.


That server currently uses OpenSSL 1.0.1e.

GDB:

Program terminated with signal 11, Segmentation fault.
#0  0x000000010287a19a in ssl_set_cert_masks () from
/usr/local/lib/libssl.so.8
(gdb) bt full
#0  0x000000010287a19a in ssl_set_cert_masks () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#1  0x000000010287a6f6 in ssl_get_server_send_pkey () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#2  0x000000010287a7a9 in ssl_get_server_send_cert () from
/usr/local/lib/libssl.so.8
No symbol table info available.
#3  0x0000000102616d2a in ssl_init_server_certs (pphrases=0x10226ab58,
mctx=0x10227d938, ptemp=<optimized out>, p=<optimized out>, s=<optimized
out>) at ssl_engine_init.c:959
No locals.
#4  ssl_init_server_ctx (pphrases=<optimized out>, sc=<optimized out>,
ptemp=<optimized out>, p=<optimized out>, s=<optimized out>) at
ssl_engine_init.c:1287
No locals.
#5  ssl_init_ConfigureServer (s=0x102277350, p=0x102023028,
ptemp=0x102051028, sc=0x10227d7d8, pphrases=<optimized out>) at
ssl_engine_init.c:1378
         rv =<optimized out>
#6  0x0000000102617cfc in ssl_init_Module (p=0x102023028,
plog=<optimized out>, ptemp=0x102051028, base_server=0x10204dbe8) at
ssl_engine_init.c:228
         mc =<optimized out>
         sc =<optimized out>
         s = 0x102277350
         rv = 0
         pphrases = 0x10226ab58
#7  0x000000000044965c in ap_run_post_config (pconf=0x102023028,
plog=0x10204f028, ptemp=0x102051028, s=0x10204dbe8) at config.c:103
         n = 4
         rv =<optimized out>
#8  0x000000000042afd7 in main (argc=9, argv=0x7fffffffd8c0) at main.c:696
         c = 68 'D'
         showcompile = 0
         showdirectives = 0
         confname = 0x7fffffffdbb7 "/.../conf/httpd.conf"
         def_server_root = 0x4655c0 "/..."
         temp_error_log = 0x0
         error =<optimized out>
         process = 0x102021118
         pconf = 0x102023028
         plog = 0x10204f028
         ptemp = 0x102051028
         pcommands = 0x102045028
         opt = 0x102045118
         rv =<optimized out>
         opt_arg = 0x7fffffffdbfa "SSL"

...

#3  0x0000000102616d2a in ssl_init_server_certs (pphrases=0x10226ab58,
mctx=0x10227d938, ptemp=<optimized out>, p=<optimized out>, s=<optimized
out>) at ssl_engine_init.c:959
959             if (!(ssl = SSL_new(mctx->ssl_ctx)) ||

(gdb) print *pphrases
$1 = {pool = 0x102051028, elt_size = 8, nelts = 0, nalloc = 2, elts =
0x10226ab78 ""}

(gdb) print *mctx
$2 = {sc = 0x10227d7d8, ssl_ctx = 0x102185600, pks = 0x10227da20, pkp =
0x0, ticket_key = 0x10227dab0, protocol = 6, pphrase_dialog_type =
SSL_PPTYPE_BUILTIN,
   pphrase_dialog_path = 0x0, cert_chain = 0x1022784c0 "/....crt",
crl_path = 0x0, crl_file = 0x0,
   crl_check_mode = SSL_CRLCHECK_UNSET, stapling_enabled = 0,
stapling_resptime_skew = -1, stapling_resp_maxage = -1,
stapling_cache_timeout = -1,
   stapling_return_errors = 4294967295, stapling_fake_trylater =
4294967295, stapling_errcache_timeout = -1, stapling_responder_timeout =
-1, stapling_force_url = 0x0,
   srp_vfile = 0x0, srp_unknown_user_seed = 0x0, srp_vbase = 0x0, auth =
{ca_cert_path = 0x0, ca_cert_file = 0x0,
     cipher_suite = 0x102108d18 "...", verify_depth = 1, verify_mode =
SSL_CVERIFY_NONE},
   ocsp_enabled = 0, ocsp_force_default = 0, ocsp_responder = 0x0,
ocsp_resptime_skew = -1, ocsp_resp_maxage = -1, ocsp_responder_timeout = -1}

Config structure is roughly:

<VirtualHost _default_:443>
     ServerName ...
     DocumentRoot ...
     SSLEngine on
     SSLCACertificateFile ....pem
     SSLCertificateFile ....crt
     SSLCertificateKeyFile ....key
     SSLCertificateChainFile ....pem
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile ....crt
    SSLCertificateKeyFile ....key
    SSLCertificateChainFile ....crt

    DocumentRoot ...
    ServerName ...
    ServerAlias ...
    UseCanonicalName On

    non-ssl config items
</VirtualHost>

<VirtualHost *:443>
    ServerName ...
    UseCanonicalName Off
    VirtualDocumentRoot ...
    VirtualScriptAlias ...
    ServerAlias ...

    SSLEngine on
    SSLCertificateFile ....crt
    SSLCertificateKeyFile ....key
    SSLCertificateChainFile ....crt

    non-ssl config items
</VirtualHost>

The certificates etc. in the three blocks are three different ones.

I'll have a look what I can find out, just an early heads-up.

Regards,

Rainer

Reply via email to