Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache crashes with SSLEngine on |
|
Author |
|
scpython
Joined: 07 Sep 2017 Posts: 1 Location: USA, New York City
|
Posted: Thu 07 Sep '17 18:13 Post subject: Apache crashes with SSLEngine on |
|
|
I was running Apache 2.43 on Fedora 25 (64bit) with alternative directory configuration 'SSLEngine on' and 'SSLEngine off' entries for each Vhost. Everything worked flawlessly until I upgraded the OS to Fedora 26. Now Apache crashes immediately with SSLEngine on - though it runs with SSLEngine off.
I have always compiled Apache, PHP, Openssl, etc from source, rather than use Fedora packages. Prior the OS upgrade these versions were Apache 2.4.23; Openssl-1.0.2h; Php-7.0.9.
In an attempt to fix the problem I upgraded those to Apache 2.4.27; Openssl-1.1.0f; php-7.1.9.
I have also checked the ssl certificates and they match and check out OK.
Here is the relevant section from the messages log when Apache is started with SSLEngine on:
systemd-coredump[21451]: Process 21449 (httpd) of user 0 dumped core.#012#012Stack trace of thread 21449:#012#0 0x00007fa21f2c2596 __GI_strcmp (libc.so.6)#012#1 0x00007fa21a33583d lh_insert (libcrypto.so.1.0.0)#012#2 0x00007fa21a280b2b OBJ_NAME_add (libcrypto.so.1.0.0)#012#3 0x00007fa213578781 ossl_init_ssl_base (libssl.so.1.1)#012#4 0x00007fa21f814787 __pthread_once_slow (libpthread.so.0)#012#5 0x00007fa213276379 CRYPTO_THREAD_run_once (libcrypto.so.1.1)#012#6 0x00007fa2135788bb OPENSSL_init_ssl (libssl.so.1.1)#012#7 0x00007fa21357bc6e SSL_CTX_new (libssl.so.1.1)#012#8 0x00007fa21a8f1ee3 ssl_init_ctx_protocol (mod_ssl.so)#012#9 0x00007fa21a8f3197 ssl_init_server_ctx (mod_ssl.so)#012#10 0x00007fa21a8f4400 ssl_init_Module (mod_ssl.so)#012#11 0x000000000044d693 ap_run_post_config (httpd)#012#12 0x000000000042ba3c main (httpd)#012#13 0x00007fa21f25050a __libc_start_main (libc.so.6)#012#14 0x000000000042bb5a _start (httpd)
I am completely stumped. The following is for possible relevance: /usr/lib64 libc.so.6 is symlinked to libc-2.25.so. The upgrade to Fedora 26 could only proceed if compat-gcc-34-c++ was removed and this cannot be reinstalled as it requires libstdc++ < 7.0.0.
Would greatly appreciate any advice or pointers. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
Posted: Tue 31 Oct '17 18:54 Post subject: |
|
|
It might be a mismatch between the compiled ssl version in mod_ssl and the share lib from current installed OpenSSL version. I often that those issue when I compiled my apache on debian.
that is why I compile an own version of OpenSSL and add that path to the compiler setting before runnung configure and make
e.g.
Code: | export LD_LIBRARY_PATH=~/apache24/httpd-${HTTPD_VERSION}/srclib/apr:$LD_LIBRARY_PATH
export LDFLAGS="-Wl,-rpath,/opt/openssl/lib" |
you can see the whole thing at https://github.com/JBlond/debian_build_apache24
there is also a redhad / fedora branch that isn't 100% up to dave ( version numbers) but it should compile if you change the version number the the current available ones. |
|
Back to top |
|
|
|
|
|
|