[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

build problem replacing libssl.so -- please read!



Hello to all,

I apologize for posting this message a second time, but it's been
twenty-one hours, and no responses.  I ask that people please
read this message and give me some feedback, as this issue has
me boggled.  And if I haven't given enough information or shown
enough effort to merit help, could someone at the very least give
me a nudge in the proper direction?  It'd be really appreciated.

I've got a production machine running FreeBSD 4.8-RELEASE, and I
need to upgrade it to fix the SSL, procfs issues that have come up
lately.  The machine's root partition lacks the space to accomodate
world source and object files, so I have two symlinks for /usr/src
and /usr/obj:

    /usr/src --> /usr/local/world_src
	 /usr/obj --> /usr/local/world_obj

I should also note that the apache13-modssl port is installed on 
this server.

I cvsupped RELENG_4_8 (with "*default prefix=/usr" in the supfile)
successfully.  

I cd'd to /usr/src, issued the "make buildworld" command, and waited
until the build finished.  I then cd'd to '/usr/obj/' and took a
look around.  In there I found a directory hierarchy of
"usr/local/world_src", and within that were the nice shiny new
files.

One of my aims was to replace libssl.so.3 with a fixed version, so
(after making a backup copy of the current /usr/lib/libssl.so.3) I
placed /usr/obj/usr/local/world_src/secure/lib/libssl/libssl.so.3
into /usr/lib and then attempted an https connection to the server.
(Apache's libssl.so module was dynamically linked against libssl.so.3).
I found that my connection did not really work properly, creating
errors such as these in the httpd error log:

  [Wed Oct  8 16:01:04 2003] [error] [client W.X.Y.Z] Invalid method in request \x80C\x01\x03
  [Wed Oct  8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03
  [Wed Oct  8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03

Clearly, I did something wrong, for when I put the original libssl.so.3
back in place, those errors went no longer occurred.

I was totally confused at this point, and so I wrote up  a problem description which
I posted to freebsd-questions yesterday afternoon.  It's been almost twenty hours 
since that posting, so I contacted my old boss, and asked him to read the letter,
giving me any feedback he could.

We made a few determinations:

1) The httpd binary itself is not linked against any ssl library.
It's linked dynamically against only libcrypt, libc, libm, libutil.

2) mod_ssl is not compiled into the httpd binary.  It is loaded via
httpd.conf 'AddModule' and 'LoadModule' directives.

3) '/usr/local/libexec/apache/libssl.so' appears to be the SSL
module, as there is no 'mod_ssl' file in /usr/local/libexec/apache.
This file is linked dynamically against libssl.so.3 and libcrypto.so.3.

My old boss suggested replacing libcrypto.so.3 with the new version, 
in addition to replacing libssl.so.3.  I did this, but it only made
matters worse:

   * The httpd problem still existed

   * SSHD broke - my terminal windows to that host vanished 
   in a fraction of a second and no new connections were
   allowed.

I put the old libraries back into place, and reported failure to my
ex-boss.  He then suggested that perhaps my installation was 
sufficiently old that an entirely new world was required.

I told him that the system was running (from unmame) "4.8-RELEASE
#0: Thu Apr  3 ", and the the world I had just built was 4.8p13,
and he was no longer so certain that my installation was so old
that it had to have an all new world, and suggested that I write
all this up and post it to freebsd-stable, which  I am doing right
now!

I hope that I have described the problem clearly, and that someone
will be able to shed some light on this matter.

Thank you very much,



-John
--
+---------------------------------------------------------------------------+
| John Fox <jjf @ mind.net>     |    System Administrator   | InfoStructure   |
+---------------------------------------------------------------------------+
|        Gideon: I thought you said don't hold a grudge.                    |
|         Galen: I don't. I have no surviving enemies...at all.             |
|             -- "Crusdade", _Racing the Night_                             |
+---------------------------------------------------------------------------+

----- End forwarded message -----




-John
--
+---------------------------------------------------------------------------+
| John Fox <jjf_(_at_)_mind_(_dot_)_net>     |    System Administrator   | InfoStructure   |
+---------------------------------------------------------------------------+
|        Gideon: I thought you said don't hold a grudge.                    |
|         Galen: I don't. I have no surviving enemies...at all.             |
|             -- "Crusdade", _Racing the Night_                             |
+---------------------------------------------------------------------------+