From owner-freebsd-stable@FreeBSD.ORG Thu Oct 9 12:36:56 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D521116A4B3 for ; Thu, 9 Oct 2003 12:36:56 -0700 (PDT) Received: from morpheus.mind.net (morpheus.mind.net [69.9.130.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF62643FE5 for ; Thu, 9 Oct 2003 12:36:51 -0700 (PDT) (envelope-from jfox@morpheus.mind.net) Received: from morpheus.mind.net (localhost [127.0.0.1]) by morpheus.mind.net (8.12.6/8.12.6) with ESMTP id h99Japdt017637 for ; Thu, 9 Oct 2003 12:36:51 -0700 (PDT) (envelope-from jfox@morpheus.mind.net) Received: (from jfox@localhost) by morpheus.mind.net (8.12.6/8.12.6/Submit) id h99JapRi017636 for freebsd-stable@freebsd.org; Thu, 9 Oct 2003 12:36:51 -0700 (PDT) Date: Thu, 9 Oct 2003 12:36:50 -0700 From: John Fox To: freebsd-stable@freebsd.org Message-ID: <20031009193650.GJ9849@mind.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Quip: Fly the white flag of war! Subject: build problem replacing libssl.so.3 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 19:36:57 -0000 Hello to all, I've got a production machine running FreeBSD 4.8-RELEASE, and I need to upgrade it to fix the SSL, procfs issues that have come up lately. The machine's root partition lacks the space to accomodate world source and object files, so I have two symlinks for /usr/src and /usr/obj: /usr/src --> /usr/local/world_src /usr/obj --> /usr/local/world_obj I should also note that the apache13-modssl port is installed on this server. I cvsupped RELENG_4_8 (with "*default prefix=/usr" in the supfile) successfully. I cd'd to /usr/src, issued the "make buildworld" command, and waited until the build finished. I then cd'd to '/usr/obj/' and took a look around. In there I found a directory hierarchy of "usr/local/world_src", and within that were the nice shiny new files. One of my aims was to replace libssl.so.3 with a fixed version, so (after making a backup copy of the current /usr/lib/libssl.so.3) I placed /usr/obj/usr/local/world_src/secure/lib/libssl/libssl.so.3 into /usr/lib and then attempted an https connection to the server. (Apache's libssl.so module was dynamically linked against libssl.so.3). I found that my connection did not really work properly, creating errors such as these in the httpd error log: [Wed Oct 8 16:01:04 2003] [error] [client W.X.Y.Z] Invalid method in request \x80C\x01\x03 [Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03 [Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03 Clearly, I did something wrong, for when I put the original libssl.so.3 back in place, those errors went no longer occurred. I was totally confused at this point, and so I wrote up a problem description which I posted to freebsd-questions yesterday afternoon. It's been almost twenty hours since that posting, so I contacted my old boss, and asked him to read the letter, giving me any feedback he could. We made a few determinations: 1) The httpd binary itself is not linked against any ssl library. It's linked dynamically against only libcrypt, libc, libm, libutil. 2) mod_ssl is not compiled into the httpd binary. It is loaded via httpd.conf 'AddModule' and 'LoadModule' directives. 3) '/usr/local/libexec/apache/libssl.so' appears to be the SSL module, as there is no 'mod_ssl' file in /usr/local/libexec/apache. This file is linked dynamically against libssl.so.3 and libcrypto.so.3. My old boss suggested replacing libcrypto.so.3 with the new version, in addition to replacing libssl.so.3. I did this, but it only made matters worse: * The httpd problem still existed * SSHD broke - my terminal windows to that host vanished in a fraction of a second and no new connections were allowed. I put the old libraries back into place, and reported failure to my ex-boss. He then suggested that perhaps my installation was sufficiently old that an entirely new world was required. I told him that the system was running (from unmame) "4.8-RELEASE #0: Thu Apr 3 ", and the the world I had just built was 4.8p13, and he was no longer so certain that my installation was so old that it had to have an all new world, and suggested that I write all this up and post it to freebsd-stable, which I am doing right now! I hope that I have described the problem clearly, and that someone will be able to shed some light on this matter. Thank you very much, -John -- +---------------------------------------------------------------------------+ | John Fox | System Administrator | InfoStructure | +---------------------------------------------------------------------------+ | Gideon: I thought you said don't hold a grudge. | | Galen: I don't. I have no surviving enemies...at all. | | -- "Crusdade", _Racing the Night_ | +---------------------------------------------------------------------------+