Mismatched OpenSSL versions causing crashes
Adam Langley
agl at chromium.org
Thu Dec 23 17:25:29 UTC 2010
Hi there,
I'm a developer on Google Chrome and we've seen some reports recently
that Chrome isn't working with some HTTPS sites. Getting details has
been tough, but I have one example of a site which is reporting these
strings:
FreeBSD iden2334.securesites.net 6.4-RELEASE-p8 FreeBSD 6.4-RELEASE-p8
#1 r101746: Mon Aug 30 10:34:40 MDT 2010
root at fc:/usr/src/sys/i386/compile/VKERN i386
Apache/2.2.15 (Unix) PHP/5.2.9 with Suhosin-Patch mod_ssl/2.2.15
OpenSSL/1.0.0a mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
The interesting bit is that, on the PHP info page it includes:
OpenSSL Version OpenSSL 0.9.8m 25 Feb 2010
I suspect that the Apache binary has been compiled against OpenSSL
0.9.8 headers, but is run-time linking against libcrypto.so from
1.0.0a. Chrome negotiates DEFLATE compression and this appears to be
triggering crashes. (0.9.8 and 1.0.0 are not ABI compatible, although
they are close enough that it might appear to mostly work.)
I'm afraid that I don't know enough about FreeBSD to know if this is a
package issue or an administrator error. However, I thought that I
would bring it to your attention.
If these folks have messed up something with their systems I'd be
happy to pass on a message to them in the future.
Cheers
AGL
More information about the freebsd-apache
mailing list