Hi, Since the upgrade from 0.9.7g to 0.9.8a on Debian, we're getting alot of bug reports about applictions that give an error that they can't load zlib.so.
When calling SSL_library_init(), it will try to load zlib.so, which doesn't have to exist. It should try to open zlib.so.1 instead because that's the soname. The .so symlink is only present in the development package since it should only be needed for linking. So at this point it will call ERR_PUT_error(). Then goes on without indicating that there is an error, and sets the method to zlib_stateful_method. I don't think this will be a problem in itself, since the stubs in that case will return Z_MEM_ERROR. But then later, when for instance SSL_CTX_use_certificate_chain_file() is called, it calls ERR_peek_last_error(). At that point it gets back the error that it failed to open the zlib.so, and fails saying it couldn't open the certificate file, while there really wan't an error in the first place. So this looks like an error that doesn't get cleared, and I have to wonder who should clear it. I don't think COMP_zlib() should return that it was actually succesful in opening the library, so it should atleast return zlib_method_nozlib in case it's failing. And I think it would be best if it cleared the error at that time too. I've attached a patch which I think should solve it. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
