On 9/12/21 07:55, Bernard Spil wrote: > ERR_GET_FUNC was blocking this for me on FreeBSD 13 with OpenSSL 3.0 from > ports. > Warning in build logs, but failure at runtime > > ssl_engine_init.c:1375:22: warning: implicit declaration of function > 'ERR_GET_FUNC' is invalid in C99 [-Wimplicit-function-declaration] > && (ERR_GET_FUNC(ERR_peek_last_error()) > > and the fix is https://svn.apache.org/viewvc?view=revision&revision=1891138 > as noted above. > > All seems well with that r1891138 fix and OpenSSL 3.0.0 on FreeBSD > 13.0-p4 amd64 / clang 11.0.1 > > [Sun Sep 12 11:48:50.820341 2021] [mpm_event:notice] [pid 80970:tid > 34372395008] AH00489: Apache/2.4.49 (FreeBSD) OpenSSL/3.0.0 configured > -- resuming normal operations >
Thank you for the top-post reply. I am still of the opinion that "-1 There's trouble in paradise." due to the fact that the 2.4.49-rc1 tarball will not work out of the box with the production release of OpenSSL 3.0.0. There needs to be a fix here such that it "just works"(tm) with the latest OpenSSL. > On Sun, Sep 12, 2021 at 7:02 AM Dennis Clarke <dcla...@blastwave.org> wrote: >> >> On 9/12/21 02:36, Dennis Clarke wrote: >>> On 9/10/21 11:23, ste...@eissing.org wrote: >>>> Hi, all; >>>> Please find below the proposed release tarball and signatures: >>>> https://dist.apache.org/repos/dist/dev/httpd/ >>>> >>>> I would like to call a VOTE over the next few days to release >>>> this candidate tarball httpd-2.4.49-rc1 as 2.4.49: >>>> [ ] +1: It's not just good, it's good enough! >>>> [ ] +0: Let's have a talk. >>>> [ ] -1: There's trouble in paradise. Here's what's wrong. >>>> >> >> * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * * >> >> >> Reply to self here ... >> >> I discovered in the OpenSSL 3.0.0 release notes: >> >> >> * The ERR_GET_FUNC() function was removed. With the loss >> of meaningful function codes, this function can only >> cause problems for calling applications. >> >> Paul Dale >> >> >> Thus ERR_GET_FUNC() was removed, but it looks like httpd is still >> trying to use it, which explains the error I'm seeing. What I see >> is : >> >> >> >> beta # >> beta # /opt/bw/bin/httpd -V >> Server version: Apache/2.4.49 (Unix) >> Server built: Sep 12 2021 03:54:11 >> Server's Module Magic Number: 20120211:116 >> Server loaded: APR 1.7.0, APR-UTIL 1.6.1 >> Compiled using: APR 1.7.0, APR-UTIL 1.6.1 >> Architecture: 64-bit >> Server MPM: event >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_PROC_PTHREAD_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=256 >> -D HTTPD_ROOT="/opt/bw" >> -D SUEXEC_BIN="/opt/bw/bin/suexec" >> -D DEFAULT_PIDLOG="var/apache/httpd/logs/httpd.pid" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="etc/apache/httpd/mime.types" >> -D SERVER_CONFIG_FILE="etc/apache/httpd/httpd.conf" >> beta # >> beta # >> beta # /opt/bw/bin/apachectl start >> httpd: Syntax error on line 75 of /opt/bw/etc/apache/httpd/httpd.conf: >> Cannot load modules/mod_ssl.so into server: ld.so.1: httpd: fatal: >> relocation error: file /opt/bw/modules/mod_ssl.so: symbol ERR_GET_FUNC: >> referenced symbol not found >> beta # >> >> We see https://github.com/apache/httpd/pull/258 exists however I am >> only now looking at how to patch 2.4.49 based on those changes in >> trunk. I will take a close look at the patch links : https://svn.apache.org/viewvc?view=revision&revision=1891138 At first glance there are many changes to modules/ssl/ssl_engine_init.c so this is not just a three line change. However it may work .... /opt/bw/build-1/libtool --silent --mode=compile \ /opt/developerstudio12.6/bin/cc -I/opt/bw/include \ -std=iso9899:2011 -m64 -xarch=sparc -xO0 -g -errfmt=error \ -erroff=%none -errshort=full -xstrconst -xildoff \ -xmemalign=8s -xnolibmil -xcode=pic32 -xregs=no%appl \ -xlibmieee -mc -ftrap=%none -xbuiltin=%none -xunroll=1 -Qy \ -xdebugformat=dwarf -DSOLARIS2=10 -D_REENTRANT \ -I/opt/bw/include \ -D_POSIX_PTHREAD_SEMANTICS -D_LARGEFILE64_SOURCE -D_TS_ERRNO \ -D_X_OPEN_SOURCE=600 \ -I. \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/os/unix \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/include \ -I/opt/bw/include/apr-1 -I/opt/bw/include \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/aaa \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/cache \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/core \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/database \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/filters \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ldap \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/server \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/loggers \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/lua \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/proxy \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/http2 \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/session \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ssl \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/test \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/server \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/md \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/arch/unix \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/dav/main \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/generators \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/mappers \ -prefer-pic -c ssl_engine_init.c && touch ssl_engine_init.slo "ssl_engine_init.c", line 300: error: undefined struct/union member: vhost_md5 "ssl_engine_init.c", line 300: warning: improper pointer/integer combination: op "=" "ssl_engine_init.c", line 1502: warning: improper pointer/integer combination: op "!=" "ssl_engine_init.c", line 1511: error: undefined struct/union member: retained "ssl_engine_init.c", line 1511: error: undefined struct/union member: privkeys "ssl_engine_init.c", line 1511: error: left operand of "->" must be pointer to struct/union "ssl_engine_init.c", line 1511: warning: improper pointer/integer combination: arg #1 "ssl_engine_init.c", line 1681: error: undefined struct/union member: mac_params "ssl_engine_init.c", line 1681: error: cannot dereference non-pointer type "ssl_engine_init.c", line 1682: error: undefined symbol: OSSL_MAC_PARAM_KEY "ssl_engine_init.c", line 1682: warning: improper pointer/integer combination: arg #1 "ssl_engine_init.c", line 1681: error: assignment type mismatch: int "=" struct ossl_param_st {pointer to const char key, unsigned int data_type, pointer to void data, unsigned long data_size, unsigned long return_size} "ssl_engine_init.c", line 1684: error: improper member use: mac_params "ssl_engine_init.c", line 1684: error: cannot dereference non-pointer type "ssl_engine_init.c", line 1685: error: undefined symbol: OSSL_MAC_PARAM_DIGEST "ssl_engine_init.c", line 1685: warning: improper pointer/integer combination: arg #1 "ssl_engine_init.c", line 1684: error: assignment type mismatch: int "=" struct ossl_param_st {pointer to const char key, unsigned int data_type, pointer to void data, unsigned long data_size, unsigned long return_size} "ssl_engine_init.c", line 1686: error: improper member use: mac_params "ssl_engine_init.c", line 1686: error: cannot dereference non-pointer type "ssl_engine_init.c", line 1686: error: assignment type mismatch: int "=" struct ossl_param_st {pointer to const char key, unsigned int data_type, pointer to void data, unsigned long data_size, unsigned long return_size} "ssl_engine_init.c", line 1689: warning: argument #2 is incompatible with prototype: prototype: pointer to function(pointer to struct ssl_st {}, pointer to unsigned char, pointer to unsigned char, pointer to struct evp_cipher_ctx_st {}, pointer to struct evp_mac_ctx_st {}, int) returning int : "/opt/bw/include/openssl/tls1.h", line 333 argument : pointer to function(pointer to struct ssl_st {}, pointer to unsigned char, pointer to unsigned char, pointer to struct evp_cipher_ctx_st {}, pointer to struct hmac_ctx_st {}, int) returning int cc: acomp failed for ssl_engine_init.c gmake[4]: *** [/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:212: ssl_engine_init.slo] Error 1 gmake[4]: Leaving directory '/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ssl' gmake[3]: *** [/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:117: shared-build-recursive] Error 1 gmake[3]: Leaving directory '/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ssl' gmake[2]: *** [/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:117: shared-build-recursive] Error 1 gmake[2]: Leaving directory '/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules' gmake[1]: *** [/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:117: shared-build-recursive] Error 1 gmake[1]: Leaving directory '/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003' gmake: *** [/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:75: all-recursive] Error 1 Nope. Not exactly a drop in replacement. I will dig around and see if there is a way to deal with the above. So I guess the question should be will httpd 2.4.49 work with OpenSSL 3? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional
