Fwd: Re: svn commit: r386904 - in head/www/apache22: . files

Ryan Steinmetz zi at freebsd.org
Tue Jun 2 15:07:06 UTC 2015


Does this work for you with openssl?  I'm unable to re-create this on my
side, but I'm also not testing with libressl.

It isn't simply renaming them.  There's a perl script that gets called
at build time that generates everything.  During the build phase, you
should see a pair of messages indicating that it is generating the two
DH param files.  It should take a few minutes.

The reason for the "rename" is to allow the search/replace magic in the
perl to search/replace.

Please send me the full build log.


On (06/02/15 11:01), Adam McDougall wrote:
>It still didn't work.  Cannot load
>/usr/local/libexec/apache22/mod_ssl.so into server:
>/usr/local/libexec/apache22/mod_ssl.so: Undefined symbol "get_dh2048"
>Additionally I'm concerned about the validity of renaming small primes
>and using them as if they were for much larger dh.  When I do google
>searches for dh3072_p and dh2048_p I find larger sets of numbers.
>Renaming the existing primes doesn't feel right and worries me.
>On 06/02/2015 07:51, Ryan Steinmetz wrote:
>> Adam,
>> Please test the following patch.  It should be placed in the files
>> directory and should resolve the error you saw.
>> https://people.freebsd.org/~zi/patch-modules_ssl_ssl__engine__dh.c
>> You can then build the build as usual after running a 'make clean'
>> -r
>> On (06/01/15 14:47), Bryan Drewery wrote:
>>> On 5/31/2015 8:29 AM, Adam McDougall wrote:
>>>> Is anyone else getting this issue?  I had to revert the change on my
>>>> systems.
>>>> Thanks.
>>> Yes it looks incomplete. Nothing is providing get_dh2048.
>>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH *get_dh512(void)
>>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH
>>>> *get_dh1024(void)
>>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:        dh = get_dh2048();
>>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:        dh = get_dh3072();
>>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:        dh = get_dh3072();
>>> The module is only providing 512 and 1024 but not 2048 and 3072 symbols.
>>> --
>>> Regards,
>>> Bryan Drewery

Ryan Steinmetz
PGP: 9079 51A3 34EF 0CD4 F228  EDC6 1EF8 BA6B D028 46D7

More information about the freebsd-ports mailing list