I changed the subject ( was Re: svn commit: r1748461 - in
/httpd/httpd/branches/2.2.x: ./ CHANGES support/ab.c)
William A Rowe Jr wrote: ...mod_php or other weirdness ....
What do you mean by weirdness ? Google translate shows it can be a bad word.
I never talked about a mod-php, as pointed before applink is needed for
phpXapache2_4.dll. The Microsoft PHP team asked (and still) me to use
the sim, they had some serious reports. Quote PHP team: Yeah, now it
turned out, that the SPKI functionality in PHP requires this shim to be
in. The functionality is available since PHP 5.6 and coupled with Apache
could result an unexpected process exit without the solution mentioned
in the OpenSSL FAQ compiled in.
I mentioned already back in 2016, so I cannot stipulate enough to you
that applink sim is needed. Of course no reports on AL, because applink
is in for years.
An other example:
mod_md errors when no applink sim, in the past AL has also reports of
the issue.
Just tested again with AH httpd-2.4.35 with Openssl 110i, and no
surprise, is does not even start, see below. Replacing the httpd.exe
from AL with the sim all fine. Looks like a module using ssl needs the sim.
And for abs.exe, leave it in, does not harm and we are on the save side.
Regards,
Steffen
run with AH: httpd-2.4.35-o110i-x64-vc14.zip, Apache does not start
[Mon Oct 15 15:05:01.883939 2018] [md:debug] [pid 6796:tid 464]
mod_md.c(1012): AH10070: initializing post config dry run
[Mon Oct 15 15:05:01.883939 2018] [md:debug] [pid 6796:tid 464]
mod_md.c(357): AH10037: server seems not reachable via http: (port
80->80) and reachable via https: (port 443->443)
[Mon Oct 15 15:05:01.883939 2018] [md:warn] [pid 6796:tid 464] AH10045:
No VirtualHost matches Managed Domain vosadministraties.nl
[Mon Oct 15 15:05:01.883939 2018] [md:debug] [pid 6796:tid 464]
mod_md.c(389): AH10039: Completed MD[vosadministraties.nl,
CA=https://acme-v01.api.letsencrypt.org/directory, Proto=ACME,
Agreement=(null), Drive=1, renew=2134720512]
[Mon Oct 15 15:05:01.883939 2018] [md:debug] [pid 6796:tid 464]
md_reg.c(706): sync: found 1 mds in store
[Mon Oct 15 15:05:01.883939 2018] [md:debug] [pid 6796:tid 464]
md_reg.c(793): apachelounge.nl: update renew norm=2109194240,
window=2134720512
OPENSSL_Uplink(00007FFB73F334C8,08): no OPENSSL_Applink
On 17-10-18 18:17, William A Rowe Jr wrote:
On Fri, Oct 12, 2018 at 4:54 PM William A Rowe Jr <wr...@rowe-clan.net
<mailto:wr...@rowe-clan.net>> wrote:
Great, I'll proceed with changing ab.c to remove the hack, since
it is unneeded when ab.c is compiled by the same toolchain as
libcrypto.dll, isn't available in non-openssl distributions, and
was deprecated in 1.1.1 again.
Note, I'll only proceed to remove the hack from trunk. I see no reason
to make any cosmetic or build changes to 2.4.x branch. Any fallout to
the trunk change will be uncovered in alpha/beta review. If we are
unwilling to support the feature in httpd.exe we should not do so for
ab.c either. (IIRC there was some subtle lingering BIO usage from
mod_ssl for the initialization phase.)
Anyone who wants to enable the applink stub logic for mod_php or other
weirdness is welcome to patch that either by 1) adding the applink.c
to abs.exe and/or httpd.exe linkage, or the main() source file can
#include that "<include/openssl/applink.c>".
Anyone interested can proceed to patch both and provision
applink.c when working with OpenSSL 1.1.1, so I don't need to
raise a ticket at that project.
Regression #7396 <https://github.com/openssl/openssl/issues/7396> was
fixed with 92ebf6c
<https://github.com/openssl/openssl/commit/92ebf6c4c21ff4b41ba1fd69af74b2039e138114> for
OpenSSL 1.1.1a. The oversight of dropping applink.c appears to have
been unintended.
Thanks to you all for your review and re-evaluation of the past and
current situations with OpenSSL.
