Apache+mod_ssl + mod_php segfault (culprit found!)

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Sep 19 03:48:11 PDT 2004 

On Sun, Sep 19, 2004 at 12:07:38AM -0500, Kevin D. Kinsey, DaleCo, S.P. wrote:
> 
> Matthew Seaman wrote:
> 
> >This sounds to me very much like you've got the mod_php loadable
> >object linked against an incompatible version of a shlib which
> >apach+mod_ssl is also linked to.  At a guess:
> >
> >   i) I'd finger the OpenSSL libs as a prime suspect: particularly if
> >      you've also installed OpenSSL from ports.  It's not necessary
> >      to install OpenSSL from ports as the version in the base system
> >      is perfectly OK.
> >
> > 
> >
> <snip other good stuff>
> 
> It certainly seems that you are right as usual, Matthew.
> Removing "openssl.so" from /usr/local/lib/php/20020429
> and restarting Apache works (no core dump!) ... albeit
> PHP doesn't have OpenSSL support in it now, I guess ...
> 
> After checking with ldd(1) as you suggested ... how should
> we fix this if we want PHP to have support for OpenSSL?
> It's not that critical in my case ... but PHP is ;-)

Hmmm... Well, it works for me.  Let's see:
    
    % ldd /usr/local/lib/php/20020429/openssl.so 
    /usr/local/lib/php/20020429/openssl.so:
            libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x28116000)
            libssl.so.3 => /usr/lib/libssl.so.3 (0x28213000)
    
    % ldd /usr/local/libexec/apache/libssl.so 
    /usr/local/libexec/apache/libssl.so:
            libssl.so.3 => /usr/lib/libssl.so.3 (0x28132000)
            libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x28161000)
    
I guess that so long as the shlib version numbers and entry points are
the same in both cases, you won't have a problem.  You do know that
apache13+mod_ssl involves a lot of patching to the apache part, and
that modules compiled for that combination aren't suitable for use
with plain apache13, and vice versa?

Try setting APACHE_PORT=www/apache13-modssl in your /etc/make.conf or
in the ENV[] section in /usr/local/etc/pkgtools.conf and recompiling
PHP and any PHP extensions.

Note that there's an unresolved bug to do with SSL support in PHP4 --
if you load SSL support as a module, you don't get all of the
functionality you do when SSL is compiled into PHP directly.  One
package that is adversely affected is Squirrelmail, which is prevented
from using the encrypted version of IMAP.  There's been several posts
about the problem around the FreeBSD lists, including instructions on
how to fudge the new PHP ports structure to get a compiled-in SSL
extension.

The bug doesn't affect PHP5, but then again, a log of PHP applications
don't work under PHP5 yet either.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040919/07d49c1c/attachment.bin

More information about the freebsd-questions mailing list