Hi David,
On Fri, 16 Jan 2009, David Justl wrote:
We are experiencing the following error intermittently when we create SSL
connections via PHP + cURL:
error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines
We're running Arch Linux, with Apache 2.2.10 and the latest Pacman modules
for PHP (5.2.7-2), cURL (7.19.2), and OpenSSL (0.9.8j).
These errors occur very regularly on one of our servers, but only once about
every 30 minutes on our much faster (and busier) server which runs Red Hat
Enterprise 5.
It looks like there's some sort of random problem where the
EVP_get_digestbyname call fails.
I think Apache and Postfix (for smtps connections) would also be using
libssl on these servers, but my understanding is that this shouldn't be
a problem with current versions of the applications.
If Apache and cURL are both using openssl in the same multithreaded
process, then they both need to use mutual exclusion primitives to protect
against other threads. Apache probably does this properly already, from
discussions I saw last month on the mailing list, but cURL may not be
designed to be multithreaded, or may not use those primitives in a way
that's compatible with being run inside Apache.
Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
