Date: Fri, 10 Oct 2003 20:14:30 -0700 (PDT) From: Doug White <dwhite@gumbysoft.com> To: John Fox <jjf@NOCANNEDSPAMmind.net> Cc: freebsd-stable@freebsd.org Subject: Re: build problem replacing libssl.so.3 Message-ID: <20031010200745.P70199@carver.gumbysoft.com> In-Reply-To: <20031009193650.GJ9849@mind.net> References: <20031009193650.GJ9849@mind.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Oct 2003, John Fox wrote: > One of my aims was to replace libssl.so.3 with a fixed version, so > (after making a backup copy of the current /usr/lib/libssl.so.3) I > placed /usr/obj/usr/local/world_src/secure/lib/libssl/libssl.so.3 > into /usr/lib and then attempted an https connection to the server. > (Apache's libssl.so module was dynamically linked against libssl.so.3). > I found that my connection did not really work properly, creating > errors such as these in the httpd error log: > > [Wed Oct 8 16:01:04 2003] [error] [client W.X.Y.Z] Invalid method in request \x80C\x01\x03 > [Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03 > [Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03 Yeah, this is the wrong way. You've now corrupted the in-memory copy of the library, which is why all your programs crashed. When replacing files that are in use, use install(8). It arranges to move the old file out of the way first so you don't corrupt it. Programs with libraries open mmap(2) them, so if you update the on-disk copy they instantly change the in memory versions. Moving symbols around in a library when its being used causes problems :) UNIX type operating systems have a neat semantic that if you (re)move a file in use, it doesn't actually go away, everything with it open will still have access to the file until it's closed. install(8) exploits this. Also, you just had to do this to upgrade the openssl libraries: cd /usr/src/crypto/openssl make && make install Next time you restart your applications, they'll pick up the change. > 1) The httpd binary itself is not linked against any ssl library. > It's linked dynamically against only libcrypt, libc, libm, libutil. > > 2) mod_ssl is not compiled into the httpd binary. It is loaded via > httpd.conf 'AddModule' and 'LoadModule' directives. I think mod_ssl uses dlopen() to grab the library, which won't show up in ldd. -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031010200745.P70199>