On Tue, Feb 20, 2018 at 9:20 PM, Eric Covener <cove...@gmail.com> wrote: > On Tue, Jun 13, 2017 at 10:05 PM, Eric Covener <cove...@gmail.com> wrote: >> +1 AIX/xlc/ppc64 >> >> I have two quirks to record, both are openssl / openssl 1.1 related >> but given the state of my AIX system I am still +1 on the release. >> >> - proxy/ssl.t almost totally fails with handhsake errors between >> client and origin >> [Tue Jun 13 21:37:04.265062 2017] [ssl:info] [pid 15073386:tid 6169] >> SSL Library Error: error:14171105:SSL >> routines:tls_process_server_hello:wrong cipher returned >> >> - There is some kind of atexit()-like issue with unloaded openssl-1.1 >> that causes a SIGILL at shutdown (goes away w/o mod_ssl, is not >> related to signal handling thing) >> .() at 0x0 >> exit(??) at 0x9000000000550c0 >> destroy_and_exit_process(process = 0x000000011001eb28, >> process_exit_value = 0), line 266 in "main.c" >> main(argc = 4, argv = 0x0ffffffffffff7c8), line 685 in "main.c" > > (replying to old vote thread for posterity) > > TIL: > - linux calls atexit() callbacks when a library is unloaded, not just > at process exit > - AIX doesn't > - openssl 1.1 adds an atexit handler > - openssl 1.1 has some code to try to prevent the library from really > being unloaded by inflating the dlopen reference count so its atexit > will really be available at exit. > - https://github.com/openssl/openssl/pull/1693 > - apparently this isn't working on AIX > - openssl 1.1 doesn't seem to be provided by IBM or third parties on > AIX as of early 2018.
LoadFile of libcrypto.so.1.1 works around this by preventing libcrypto.so.1.1 from being unloaded when mod_ssl is loaded. Added a hint to https://wiki.apache.org/httpd/AIXPlatform > > > > > > > > > -- > Eric Covener > cove...@gmail.com -- Eric Covener cove...@gmail.com
