Date: Tue, 2 Jun 2015 11:07:02 -0400 From: Ryan Steinmetz <zi@freebsd.org> To: Adam McDougall <mcdouga9@egr.msu.edu> Cc: Bryan Drewery <bdrewery@FreeBSD.org>, ports@freebsd.org Subject: Re: Fwd: Re: svn commit: r386904 - in head/www/apache22: . files Message-ID: <20150602150702.GB62387@exodus.zi0r.com> In-Reply-To: <556DC53D.8000208@egr.msu.edu> References: <20150531132958.GB1034@egr.msu.edu> <556CB6C8.2070103@FreeBSD.org> <20150602115116.GA62387@exodus.zi0r.com> <556DC53D.8000208@egr.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam, Does this work for you with openssl? I'm unable to re-create this on my side, but I'm also not testing with libressl. It isn't simply renaming them. There's a perl script that gets called at build time that generates everything. During the build phase, you should see a pair of messages indicating that it is generating the two DH param files. It should take a few minutes. The reason for the "rename" is to allow the search/replace magic in the perl to search/replace. Please send me the full build log. -r On (06/02/15 11:01), Adam McDougall wrote: >It still didn't work. Cannot load >/usr/local/libexec/apache22/mod_ssl.so into server: >/usr/local/libexec/apache22/mod_ssl.so: Undefined symbol "get_dh2048" > >Additionally I'm concerned about the validity of renaming small primes >and using them as if they were for much larger dh. When I do google >searches for dh3072_p and dh2048_p I find larger sets of numbers. >Renaming the existing primes doesn't feel right and worries me. > >On 06/02/2015 07:51, Ryan Steinmetz wrote: >> Adam, >> >> Please test the following patch. It should be placed in the files >> directory and should resolve the error you saw. >> >> https://people.freebsd.org/~zi/patch-modules_ssl_ssl__engine__dh.c >> >> You can then build the build as usual after running a 'make clean' >> >> -r >> >> On (06/01/15 14:47), Bryan Drewery wrote: >>> On 5/31/2015 8:29 AM, Adam McDougall wrote: >>>> Is anyone else getting this issue? I had to revert the change on my >>>> systems. >>>> Thanks. >>>> >>> >>> Yes it looks incomplete. Nothing is providing get_dh2048. >>> >>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH *get_dh512(void) >>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH >>>> *get_dh1024(void) >>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c: dh = get_dh2048(); >>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c: dh = get_dh3072(); >>>> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c: dh = get_dh3072(); >>> >>> The module is only providing 512 and 1024 but not 2048 and 3072 symbols. >>> >>> >>> -- >>> Regards, >>> Bryan Drewery >>> >> >> >> > -- Ryan Steinmetz PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150602150702.GB62387>