hi
I'm having problems with Apache 2.0.55 mod_ssl + OpenSSL on Solaris 8
(sparc, 64-bit). When I start Apache with SSL enabled the process
dumps core during initialization when client certificate verification
has been configured with a certain certificate bundle file. The can't
be reproduced on Red Hat Enterprise Linux 3 and 4 (ia32, 32-bit) or
HP-UX 11i v1 (pa-risc, 64-bit).
Where should I report this issue? It's related to Apache but the
interesting thing is that it doesn't happen with all OpenSSL versions.
The issue appears at least with the following OpenSSL versions
- OpenSSL 0.9.8a
- OpenSSL 0.9.7i
- OpenSSL 0.9.7g
but for example not with
- OpenSSL 0.9.7e
- OpenSSL 0.9.7d
The issue can be reproduced by setting up Apache with SSL and adding
the following config directives:
SSLCACertificatePath /home/aspa/tmp/h2/conf/ssl.crt
SSLCACertificateFile /home/aspa/tmp/h2/conf/ssl.crt/ca-bundle.crt
It seems to be triggered by a certain certificate bundle file, not all.
The core dump seems to be resulting from a
SSL_CTX_load_verify_locations() call in ssl_engine_init() in Apache.
Here's the exact procedure used for building Apache:
# set build path
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin
# build OpenSSL
perl Configure solaris64-sparcv9-gcc31 no-idea no-shared -fPIC \
--prefix=/home/aspa/tmp/openssl097f
gmake depend
gmake
gmake test
gmake install
# build Apache 2.0.55
CC="gcc -static-libgcc -g" CFLAGS="-mcpu=v9 -m64" \
./configure --prefix=/home/aspa/tmp/h2 \
--enable-ssl --with-ssl=/home/aspa/tmp/openssl097f
gmake
gmake install
br. aspa
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
