git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mod_ssl and openssl 1.0.2 initialization


Something fishy reported in https://bz.apache.org/bugzilla/show_bug.cgi?id=62552

Which points to a problem with CRYPTO_THREADID and crypto locks and initialization oder in OpenSSL 1.0.2. (I believe OpenSSL 1.1.x eleminated that).

During the analysis of the bug, there seem to be 3 modules in play that use openssl: mod_ssl, mod_md and mod_authn_dbd (mysql). Depending on configuration and load order the server works or crashes. Generally, the rule seems to be:

- without mod_authn_dbd (and directive for mysql driver), all is well
- with it, crash in mod_md md_crypto_init (which calls RAND_status(), which crashes)
- *unless* mod_ssl is loaded before the others.

This seems a bit nasty. Does someone of our mod_ssl experts agree to this analysis and that crypto locking is the issue?

If so, what can we do about it?

-Stefan


( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-developers/msg04307.html on line 83
Call Stack
#TimeMemoryFunctionLocation
10.0006363544{main}( ).../msg04307.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-developers/msg04307.html on line 83
Call Stack
#TimeMemoryFunctionLocation
10.0006363544{main}( ).../msg04307.html:0