SSL_CTX_load_verify_locations dumps core (Apache/Solaris 8)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

SSL_CTX_load_verify_locations dumps core (Apache/Solaris 8)

Marko Asplund

I'm having problems with Apache 2.0.55 mod_ssl + OpenSSL on Solaris 8  
(sparc, 64-bit). When I start Apache with SSL enabled the process  
dumps core during initialization when client certificate verification  
has been configured with a certain certificate bundle file. The can't  
be reproduced on Red Hat Enterprise Linux 3 and 4 (ia32, 32-bit) or  
HP-UX 11i v1 (pa-risc, 64-bit).

Where should I report this issue? It's related to Apache but the  
interesting thing is that it doesn't happen with all OpenSSL versions.

The issue appears at least with the following OpenSSL versions
- OpenSSL 0.9.8a
- OpenSSL 0.9.7i
- OpenSSL 0.9.7g

but for example not with
- OpenSSL 0.9.7e
- OpenSSL 0.9.7d

The issue can be reproduced by setting up Apache with SSL and adding  
the following config directives:

        SSLCACertificatePath /home/aspa/tmp/h2/conf/ssl.crt
        SSLCACertificateFile /home/aspa/tmp/h2/conf/ssl.crt/ca-bundle.crt

It seems to be triggered by a certain certificate bundle file, not all.

The core dump seems to be resulting from a  
SSL_CTX_load_verify_locations() call in ssl_engine_init() in Apache.

Here's the exact procedure used for building Apache:

# set build path
export PATH=/opt/local/gcc/4.0/bin:$PATH:/usr/ccs/bin:/opt/sfw/bin

# build OpenSSL
perl Configure solaris64-sparcv9-gcc31 no-idea no-shared -fPIC \
gmake depend
gmake test
gmake install

# build Apache 2.0.55
CC="gcc -static-libgcc -g"  CFLAGS="-mcpu=v9 -m64" \
    ./configure --prefix=/home/aspa/tmp/h2 \
    --enable-ssl --with-ssl=/home/aspa/tmp/openssl097f
gmake install

br. aspa

OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]