Mismatched OpenSSL versions causing crashes

Philip M. Gollucci pgollucci at p6m7g8.com
Thu Dec 23 21:21:44 UTC 2010 

On 12/23/10 17:09, Adam Langley wrote:
> Hi there,
> 
> I'm a developer on Google Chrome and we've seen some reports recently
> that Chrome isn't working with some HTTPS sites. Getting details has
> been tough, but I have one example of a site which is reporting these
> strings:
> 
> FreeBSD iden2334.securesites.net 6.4-RELEASE-p8 FreeBSD 6.4-RELEASE-p8
> #1 r101746: Mon Aug 30 10:34:40 MDT 2010
> root at fc:/usr/src/sys/i386/compile/VKERN i386
> 
> Apache/2.2.15 (Unix) PHP/5.2.9 with Suhosin-Patch mod_ssl/2.2.15
> OpenSSL/1.0.0a mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
> 
> The interesting bit is that, on the PHP info page it includes:
> 
> OpenSSL Version	OpenSSL 0.9.8m 25 Feb 2010
> 
> 
> I suspect that the Apache binary has been compiled against OpenSSL
> 0.9.8 headers, but is run-time linking against libcrypto.so from
> 1.0.0a. Chrome negotiates DEFLATE compression and this appears to be
> triggering crashes. (0.9.8 and 1.0.0 are not ABI compatible, although
> they are close enough that it might appear to mostly work.)
> 
> I'm afraid that I don't know enough about FreeBSD to know if this is a
> package issue or an administrator error. However, I thought that I
> would bring it to your attention.
Admin issue, quite a common one too.

see ports/Mk/bsd.openssl.mk
they have both the base system ssl at play and the ports version.

in this day in age you almost always want everything against the port
b/c of CVEs and timelyness.

WITH_OPENSSL_PORT=yes
in /etc/make.conf or other appropriate places will trigger the port.

Its so low in the dependency chain, that I'd recommend you re-install
all ports on the box to relink them all correctly.




-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
VP Apache Infrastructure; Member, Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. System Admin,                 Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 188 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-apache/attachments/20101223/9e23e2a6/signature.pgp

More information about the freebsd-apache mailing list