Date: Fri, 10 Oct 2003 09:13:12 -0700 From: John Fox <jjf@NO_SPAMmind.net> To: freebsd-stable@freebsd.org Subject: build problem replacing libssl.so -- please read! Message-ID: <20031010161312.GA3288@mind.net>
next in thread | raw e-mail | index | archive | help
Hello to all,
I apologize for posting this message a second time, but it's been
twenty-one hours, and no responses. I ask that people please
read this message and give me some feedback, as this issue has
me boggled. And if I haven't given enough information or shown
enough effort to merit help, could someone at the very least give
me a nudge in the proper direction? It'd be really appreciated.
I've got a production machine running FreeBSD 4.8-RELEASE, and I
need to upgrade it to fix the SSL, procfs issues that have come up
lately. The machine's root partition lacks the space to accomodate
world source and object files, so I have two symlinks for /usr/src
and /usr/obj:
/usr/src --> /usr/local/world_src
/usr/obj --> /usr/local/world_obj
I should also note that the apache13-modssl port is installed on
this server.
I cvsupped RELENG_4_8 (with "*default prefix=/usr" in the supfile)
successfully.
I cd'd to /usr/src, issued the "make buildworld" command, and waited
until the build finished. I then cd'd to '/usr/obj/' and took a
look around. In there I found a directory hierarchy of
"usr/local/world_src", and within that were the nice shiny new
files.
One of my aims was to replace libssl.so.3 with a fixed version, so
(after making a backup copy of the current /usr/lib/libssl.so.3) I
placed /usr/obj/usr/local/world_src/secure/lib/libssl/libssl.so.3
into /usr/lib and then attempted an https connection to the server.
(Apache's libssl.so module was dynamically linked against libssl.so.3).
I found that my connection did not really work properly, creating
errors such as these in the httpd error log:
[Wed Oct 8 16:01:04 2003] [error] [client W.X.Y.Z] Invalid method in request \x80C\x01\x03
[Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03
[Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03
Clearly, I did something wrong, for when I put the original libssl.so.3
back in place, those errors went no longer occurred.
I was totally confused at this point, and so I wrote up a problem description which
I posted to freebsd-questions yesterday afternoon. It's been almost twenty hours
since that posting, so I contacted my old boss, and asked him to read the letter,
giving me any feedback he could.
We made a few determinations:
1) The httpd binary itself is not linked against any ssl library.
It's linked dynamically against only libcrypt, libc, libm, libutil.
2) mod_ssl is not compiled into the httpd binary. It is loaded via
httpd.conf 'AddModule' and 'LoadModule' directives.
3) '/usr/local/libexec/apache/libssl.so' appears to be the SSL
module, as there is no 'mod_ssl' file in /usr/local/libexec/apache.
This file is linked dynamically against libssl.so.3 and libcrypto.so.3.
My old boss suggested replacing libcrypto.so.3 with the new version,
in addition to replacing libssl.so.3. I did this, but it only made
matters worse:
* The httpd problem still existed
* SSHD broke - my terminal windows to that host vanished
in a fraction of a second and no new connections were
allowed.
I put the old libraries back into place, and reported failure to my
ex-boss. He then suggested that perhaps my installation was
sufficiently old that an entirely new world was required.
I told him that the system was running (from unmame) "4.8-RELEASE
#0: Thu Apr 3 ", and the the world I had just built was 4.8p13,
and he was no longer so certain that my installation was so old
that it had to have an all new world, and suggested that I write
all this up and post it to freebsd-stable, which I am doing right
now!
I hope that I have described the problem clearly, and that someone
will be able to shed some light on this matter.
Thank you very much,
-John
--
+---------------------------------------------------------------------------+
| John Fox <jjf @ mind.net> | System Administrator | InfoStructure |
+---------------------------------------------------------------------------+
| Gideon: I thought you said don't hold a grudge. |
| Galen: I don't. I have no surviving enemies...at all. |
| -- "Crusdade", _Racing the Night_ |
+---------------------------------------------------------------------------+
----- End forwarded message -----
-John
--
+---------------------------------------------------------------------------+
| John Fox <jjf@mind.net> | System Administrator | InfoStructure |
+---------------------------------------------------------------------------+
| Gideon: I thought you said don't hold a grudge. |
| Galen: I don't. I have no surviving enemies...at all. |
| -- "Crusdade", _Racing the Night_ |
+---------------------------------------------------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031010161312.GA3288>