> [[email protected] - Tue Jul 13 10:42:32 2010]:
> 
> I think there is a bug in the openSSL initialization.
> 
> In (K)ubuntu my Apache was crashing when I accessed any SSL page (even
> static html) with
> segmentation fault (11) when the php5-curl module was enabled (just
> enabled, not used).
> 
> I've found this bug reported here:
> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/590639
> but noone seems to be working on it. So I tried to find the problem
> myself. I thought the bug is
> in php5-curl, but I found out that the program crashes when the
> ENGINE_load_builtin_engines()
> from the openssl library is called. When I commented out the
> ENGINE_load_aesni() initialization
> method, the apache stopped crashing.
> 
> This error is easy to reproduce: install latest (k)ubuntu lucid with
> apache + ssl + php5-curl,
> create a static page in the default ssl domain and access it via
> browser (no php in action) and
> the server crashes.
> 
> This is the call structure:
> 
> - php5-curl in interface.c line 819 calls
> curl_global_init(CURL_GLOBAL_SSL)
> - libcurl in lib/easy.c calls Curl_ssl_init
> - libcurl in lib/sslgen.c line 163 calls curlssl_init
> - libcurl in lib/ssluse.c line 632 calls ENGINE_load_builtin_engines()
> - openssl in crypto/engine/eng_all.c calls ENGINE_load_aesni (this is
> after the debian patch debian/patches/aesni.patch is applied)
> 
> When I commented out this aesni initialization the problem with
> segmentation was gone but curl wasn't able to fetch SSL pages.
> 
> 

This is OpenSSL with a load of non-standard patches AFAICS, something
could have been broken there.

The debugging traces in the debian report are not complete enough to see
what the problem is: there are no debugging symbols.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to