Re: mod_ssl for apache 1.3.39
I patched the EAPI patch to apply cleanly to 1.3.39. This should work until a version is rolled for 1.3.39. Cheers, Doug diff -PurN mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch mod_ssl-2.8.28-1.3.39/pkg.eapi/eapi.patch --- mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch 2007-09-10 13:31:38.0 -0400 +++ mod_ssl-2.8.28-1.3.39/pkg.eapi/eapi.patch 2007-09-10 13:36:27.0 -0400 @@ -1132,7 +1132,7 @@ /* * The max child slot ever assigned, preserved across restarts. Necessary -@@ -436,6 +439,30 @@ +@@ -471,6 +474,30 @@ } } @@ -1163,7 +1163,7 @@ #ifndef NETWARE static APACHE_TLS int volatile exit_after_unblock = 0; #endif -@@ -1551,6 +1578,9 @@ +@@ -1588,6 +1615,9 @@ } ap_bsetflag(save_req-connection-client, B_EOUT, 1); @@ -1173,7 +1173,7 @@ ap_bclose(save_req-connection-client); if (!ap_standalone) -@@ -1559,6 +1589,9 @@ +@@ -1596,6 +1626,9 @@ } else {/* abort the connection */ ap_bsetflag(current_conn-client, B_EOUT, 1); @@ -1183,7 +1183,7 @@ ap_bclose(current_conn-client); current_conn-aborted = 1; } -@@ -1880,10 +1913,16 @@ +@@ -1915,10 +1948,16 @@ /* Send any leftover data to the client, but never try to again */ if (ap_bflush(r-connection-client) == -1) { @@ -1200,7 +1200,7 @@ ap_bsetflag(r-connection-client, B_EOUT, 1); /* Close our half of the connection --- send the client a FIN */ -@@ -2582,6 +2621,9 @@ +@@ -2617,6 +2656,9 @@ /* Clear the pool - including any registered cleanups */ ap_destroy_pool(pglobal); #endif @@ -1210,7 +1210,7 @@ exit(code); } -@@ -3655,6 +3697,24 @@ +@@ -3711,6 +3753,24 @@ conn-remote_addr = *remaddr; conn-remote_ip = ap_pstrdup(conn-pool, inet_ntoa(conn-remote_addr.sin_addr)); @@ -1235,7 +1235,7 @@ return conn; } -@@ -4165,6 +4225,15 @@ +@@ -4221,6 +4281,15 @@ printf(Server's Module Magic Number: %u:%u\n, MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR); printf(Server compiled with\n); @@ -1251,10 +1251,10 @@ #ifdef TPF show_os_specific_compile_settings(); #endif -@@ -4339,6 +4408,22 @@ - ap_server_pre_read_config = ap_make_array(pcommands, 1, sizeof(char *)); +@@ -4396,6 +4465,22 @@ ap_server_post_read_config = ap_make_array(pcommands, 1, sizeof(char *)); ap_server_config_defines = ap_make_array(pcommands, 1, sizeof(char *)); + pid_table = ap_make_table(pglobal, HARD_SERVER_LIMIT); + +#ifdef EAPI +ap_hook_init(); @@ -1274,7 +1274,7 @@ } #ifndef MULTITHREAD -@@ -4835,6 +4920,9 @@ +@@ -4892,6 +4977,9 @@ ap_sync_scoreboard_image(); if (ap_scoreboard_image-global.running_generation != ap_my_generation) { @@ -1284,7 +1284,7 @@ ap_bclose(conn_io); clean_child_exit(0); } -@@ -4863,6 +4951,9 @@ +@@ -4920,6 +5008,9 @@ */ #ifdef NO_LINGCLOSE @@ -1294,7 +1294,7 @@ ap_bclose(conn_io); /* just close it */ #else if (r r-connection -@@ -4873,6 +4964,9 @@ +@@ -4930,6 +5021,9 @@ lingering_close(r); } else { @@ -1304,7 +1304,7 @@ ap_bsetflag(conn_io, B_EOUT, 1); ap_bclose(conn_io); } -@@ -5656,16 +5750,31 @@ +@@ -5730,16 +5824,31 @@ usage(argv[0]); } } @@ -1336,7 +1336,7 @@ } child_timeouts = !ap_standalone || one_process; -@@ -5813,6 +5922,10 @@ +@@ -5887,6 +5996,10 @@ ap_destroy_pool(r-pool); } @@ -1347,7 +1347,7 @@ ap_bclose(cio); } exit(0); -@@ -6189,6 +6302,9 @@ +@@ -6263,6 +6376,9 @@ ap_kill_cleanups_for_socket(ptrans, csd); #ifdef NO_LINGCLOSE @@ -1357,7 +1357,7 @@ ap_bclose(conn_io); /* just close it */ #else if (r r-connection -@@ -6199,6 +6315,9 @@ +@@ -6273,6 +6389,9 @@ lingering_close(r); } else { @@ -1367,7 +1367,7 @@ ap_bsetflag(conn_io, B_EOUT, 1); ap_bclose(conn_io); } -@@ -7774,6 +7893,10 @@ +@@ -7848,6 +7967,10 @@ if (!conf_specified) ap_cpystrn(ap_server_confname, SERVER_CONFIG_FILE, sizeof(ap_server_confname)); @@ -1378,7 +1378,7 @@ if (!ap_os_is_path_absolute(ap_server_confname)) ap_cpystrn(ap_server_confname, ap_server_root_relative(pcommands, ap_server_confname), -@@ -7814,6 +7937,9 @@ +@@ -7888,6 +8011,9 @@ #else /* ndef WIN32 */ server_conf = ap_read_config(pconf, ptrans, ap_server_confname); #endif @@ -1598,26 +1598,29 @@ Index: src/modules/standard/mod_status.c --- src/modules/standard/mod_status.c 28 Jul 2006 13:55:27 - 1.1.1.17 +++ src/modules/standard/mod_status.c 28 Jul 2006 13:56:29 - 1.14 -@@ -652,12 +678,23 @@ +@@ -653,6 +653,18 @@ ap_rprintf(r,
Fwd: Tracking down mod_ssl/OpenSSL bug
- Begin forwarded message - Ralf, I have been doing some code-walking to track down a problem we've been having since last November with Apache child processes getting segmentation faults periodically, and it appears to boil down to something with mod_ssl and/or OpenSSL. I was hoping you could help shed some light on this, and/or suggest where to next extend my search. Here are the details thus far: - Running Apache 1.3.27 and mod_ssl 2.8.14 with OpenSSL 0.9.7b (also tried with the 0.9.6 line with the same results) gdb backtrace (attached) shows the segmentation fault being generated by ssl3_write_pending(). This happens when a timeout occurs during ap_send_fd() or ap_send_mmap(). The Apache timeout() handler is invoked by the SIGALRM handler, which closes the connection and frees the SSL context. When the signal handler finishes and returns to the stack (where we were in the middle of a write operation somewhere inside of ssl3_write_pending()), ssl3_write_pending() segfaults when it tries to access the non-existent context. I'm not sure if this would be considered a deficiency in how mod_ssl closes the connection, in how OpenSSL's ssl3_write_pending() checks for a valid context after BIO_write(), or something else entirely. Any direction you can provide would be greatly appreciated. I'd be more than happy to provide any additional info or debugging/troubleshooting steps. Many thanks, Doug This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 8.0), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free.[EMAIL PROTECTED] ~]# gdb -x /tmp/gdb.cmd httpd GNU gdb Red Hat Linux (5.2-2) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-redhat-linux... Breakpoint 1 at 0x80bd764: file http_main.c, line 1499. [New Thread 1024 (LWP 10906)] Processing config directory: /etc/httpd/conf/httpd.conf Processing config file: /etc/httpd/conf/httpd.conf/apache.conf [Switching to Thread 1024 (LWP 10906)] Breakpoint 1, timeout (sig=14) at http_main.c:1499 1499if (alarms_blocked) { (gdb) bt #0 timeout (sig=14) at http_main.c:1499 #1 0x080ba0fb in alrm_handler (sig=14) at http_main.c:1628 #2 0x400275eb in pthread_sighandler (signo=14, ctx= {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 0, edi = 137328728, esi = 8221, ebp = 3221206440, esp = 3221206392, ebx = 7, edx = 8221, ecx = 137328728, eax = 7146, trapno = 1, err = 0, eip = 1075341236, cs = 35, __csh = 0, eflags = 642, esp_at_signal = 3221206392, ss = 43, __ssh = 0, fpstate = 0xbfffb2f8, oldmask = 2147483648, cr2 = 0}) at signals.c:97 #3 signal handler called #4 0x401867b4 in __libc_write () at __libc_write:-1 #5 0x40032efc in __DTOR_END__ () from /lib/libpthread.so.0 #6 0x0810aff9 in sock_write (b=0x82e9990, in=0x82f7858 \027\003\001 \030b¹W{ýø¾\016?èÁ\016³\217d)\027ýèP\b ñÉ\002°\eѪ¸\237\003\205G\b Ð\231\031w³\027ÈW\rÈ\006ÔL!uL+$\177EKõ]ÓL/»ÖæÉû\022¨\217^\235ÝýI\232\002η\035]Ùô\212ê\017\004B¬LÇ\200\t=8ã-)É\232»{\025ß÷\023ZN]Ú¶ú\227T\034\210h\037k\237:¾È\234à\177\237í\2209Ü\220Å\210ÎBÞ\177bg\234ø¾F¡èª+\201é\203:Ýf[EMAIL PROTECTED])AÚµNËí\225,®..., inl=8221) at bss_sock.c:157 #7 0x08109326 in BIO_write (b=0x82e9990, in=0x82f7858, inl=8221) at bio_lib.c:201 #8 0x080fd855 in ssl3_write_pending (s=0x82e7530, type=23, buf=0xbfffb8b0 -Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin erforderlich sein.\n\n, '=' repeats 76 times, \nHILFE ANFORNDERN\n\nZugriff über das Web ht..., len=8192) at s3_pkt.c:740 #9 0x080fd769 in do_ssl3_write (s=0x82e7530, type=23, buf=0xbfffb8b0 -Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin erforderlich sein.\n\n, '=' repeats 76 times, \nHILFE ANFORNDERN\n\nZugriff über das Web ht..., len=8192, create_empty_fragment=0) at s3_pkt.c:713 #10 0x080fd362 in ssl3_write_bytes (s=0x82e7530, type=23, buf_=0xbfffb8b0, len=8192) at s3_pkt.c:542 #11 0x080fb186 in ssl3_write (s=0x82e7530, buf=0xbfffb8b0, len=8192) at s3_lib.c:1718 #12 0x080e4e0d in SSL_write (s=0x82e7530, buf=0xbfffb8b0, num=8192) at ssl_lib.c:873 #13 0x08085181 in ssl_io_hook_write (fb=0x824f8c0, buf=0xbfffb8b0 -Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin erforderlich sein.\n\n, '=' repeats 76 times, \nHILFE ANFORNDERN\n\nZugriff über das Web ht..., len=8192) at ssl_engine_io.c:384 #14 0x080d3521 in ap_hook_call_func (ap=0xbfffb774, he=0x8234a38, hf=0x8237c40) at ap_hook.c:649 #15 0x080d312c in ap_hook_call (hook=0x81ec1d5
CVS repository / Maintainers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Who is currently maintaining mod_ssl for Apache 1.3.x? I've been tracking down a bug and wanted to check the latest mod_ssl repository code against 2.8.14 (current release) to see if anything has changed that might address this bug. All the old links I've found that dealt with the repository and bug database at modssl.org are dead... Many thanks, Doug -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBPwnZTZ938qfSpraDEQLi8gCg64z0ifDQ8w+99Ii7yoCfvUidf5YAoK4a aCKvtN0S20v/YjkwcJLK5WXs =Cpk7 -END PGP SIGNATURE- This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 8.0), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]