From owner-freebsd-ports@FreeBSD.ORG Thu May 27 09:04:42 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CED71065673 for ; Thu, 27 May 2010 09:04:42 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [76.96.27.243]) by mx1.freebsd.org (Postfix) with ESMTP id 5FB208FC18 for ; Thu, 27 May 2010 09:04:42 +0000 (UTC) Received: from omta23.emeryville.ca.mail.comcast.net ([76.96.30.90]) by qmta13.emeryville.ca.mail.comcast.net with comcast id NZ4i1e0041wfjNsADZ4iXh; Thu, 27 May 2010 09:04:42 +0000 Received: from koitsu.dyndns.org ([98.248.46.159]) by omta23.emeryville.ca.mail.comcast.net with comcast id NZ4i1e0023S48mS8jZ4iHg; Thu, 27 May 2010 09:04:42 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 5EC389B418; Thu, 27 May 2010 02:04:41 -0700 (PDT) Date: Thu, 27 May 2010 02:04:41 -0700 From: Jeremy Chadwick To: Kostik Belousov Message-ID: <20100527090441.GA33484@icarus.home.lan> References: <4BFE219E.1060508@zedat.fu-berlin.de> <20100527082919.GA33007@icarus.home.lan> <20100527083808.GJ83316@deviant.kiev.zoral.com.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100527083808.GJ83316@deviant.kiev.zoral.com.ua> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: FreeBSD Stable , "O. Hartmann" , freebsd-ports@freebsd.org Subject: Re: www/lighttpd: lighttpd won't start anymore after SSL Update in 8.1-PRERELEASE (2010-05-27 09:34:56: (network.c.529) SSL: error:00000000:lib(0):func(0):reason(0)) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 09:04:42 -0000 On Thu, May 27, 2010 at 11:38:08AM +0300, Kostik Belousov wrote: > On Thu, May 27, 2010 at 01:29:19AM -0700, Jeremy Chadwick wrote: > > On Thu, May 27, 2010 at 09:39:10AM +0200, O. Hartmann wrote: > > > Since I performed a make buildworld and installed everything and > > > after an update of the ports tree (with which lighttpd was updated > > > from lighttpd-1.4.26 to lighttpd-1.4.26_1 I receive this error when > > > trying to start lighttpd: > > > > > > 2010-05-27 09:34:56: (network.c.529) SSL: > > > error:00000000:lib(0):func(0):reason(0) > > > > > > Are there any suggestions/known issues/workaround or is this a > > > serious error and should be ready for a PR? > > > > I think you're correlating two things in correctly. The OpenSSL update > > was completely separate and unrelated to the update to > > ports/www/lighttpd. The version bump in ports/www/lighttpd was done for > > an unrelated reason (to add support for TCP_NODELAY): > > > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/lighttpd/Makefile > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/lighttpd/Makefile.diff?r1=1.77;r2=1.78;f=h > > > > Simply put: due to the OpenSSL upgrade, people should rebuild all ports > > that are dependent upon OpenSSL. If your problem persists after that, > Do you have any factual support for your statement ? > If it is, this is a show-stopper for the release. I believe > OpenSSL upgrade kept ABI. The OP's report isn't sufficient? My thoughts, in no particular order: The error looks to be formatted by ERR_error_string(), but who knows if it's being populated correctly or if there isn't a bug within OpenSSL 0.9.8n itself. One would have to review the code in network.c (and very likely the rest of the software) to determine if SSL_get_error() is being used correctly and the string buffer is being populated with the correct SSL struct. I do admit it's a little strange to see "error:00000000", but if an underlying API function changes operationally (such as previously returning void but now returns an int), and the software previously built against those include headers + shared library, anything is possible. This is completely different than a function name going away or disappearing from an object/library (which would be caught either during link-time or run-time). One would have to examine, in real-time, the stack arguments during the call. RELENG_8 moved from 0.9.8k to 0.9.8n. Meaning, "l" and "m" were both skipped, so we have to keep that in mind when reviewing the official ChangeLog: http://www.openssl.org/source/exp/CHANGES I do see some changes between 0.9.8k and 0.9.8n which could warrant a version bump. That's my opinion anyway, but I don't know how the FreeBSD base system maintainers for OpenSSL test things prior to committing. I'm betting they don't test every single FreeBSD port. Furthermore, this wouldn't be the first time something like this has happened with OpenSSL. Finally, 0.9.8n came out on March 24th. Five days later, 1.0.0 came out and is now the official stable release: http://www.openssl.org/source/ The ChangeLog entries between 0.9.8n and 1.0.0 are massive; a bug could have been fixed there, which maybe only happens with lighttpd. Who knows. I think the best choice of action would be for the OP to rebuild the port and see if the problem persists. Otherwise, spending tons of time trying to track down the source of the problem (requiring the OP to rebuild all of his system libraries with debugging, lighttpd with debugging, and gain familiarity with gdb) is pointless. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |