Date: Thu, 23 Dec 2010 12:09:05 -0500 From: Adam Langley <agl@chromium.org> To: apache@freebsd.org Subject: Mismatched OpenSSL versions causing crashes Message-ID: <AANLkTi=pATkC0NqStOXO8%2Bkn9HqYPoHjvGh718KVAY1b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi there, I'm a developer on Google Chrome and we've seen some reports recently that Chrome isn't working with some HTTPS sites. Getting details has been tough, but I have one example of a site which is reporting these strings: FreeBSD iden2334.securesites.net 6.4-RELEASE-p8 FreeBSD 6.4-RELEASE-p8 #1 r101746: Mon Aug 30 10:34:40 MDT 2010 root@fc:/usr/src/sys/i386/compile/VKERN i386 Apache/2.2.15 (Unix) PHP/5.2.9 with Suhosin-Patch mod_ssl/2.2.15 OpenSSL/1.0.0a mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7 The interesting bit is that, on the PHP info page it includes: OpenSSL Version OpenSSL 0.9.8m 25 Feb 2010 I suspect that the Apache binary has been compiled against OpenSSL 0.9.8 headers, but is run-time linking against libcrypto.so from 1.0.0a. Chrome negotiates DEFLATE compression and this appears to be triggering crashes. (0.9.8 and 1.0.0 are not ABI compatible, although they are close enough that it might appear to mostly work.) I'm afraid that I don't know enough about FreeBSD to know if this is a package issue or an administrator error. However, I thought that I would bring it to your attention. If these folks have messed up something with their systems I'd be happy to pass on a message to them in the future. Cheers AGL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=pATkC0NqStOXO8%2Bkn9HqYPoHjvGh718KVAY1b>