198370 – dev-libs/openssl-0.9.8f causing 'Unusable short session_id provided' errors in Apache

Bug 198370 - dev-libs/openssl-0.9.8f causing 'Unusable short session_id provided' errors in Apache

Summary: dev-libs/openssl-0.9.8f causing 'Unusable short session_id provided' errors i...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo's Team for Core System packages

URL:	http://www.uno-code.com/?q=node/116
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-11-07 16:36 UTC by Tony Vroon (RETIRED)
Modified:	2008-01-10 09:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tony Vroon (RETIRED) gentoo-dev

2007-11-07 16:36:01 UTC

The message 'unusably short session_id provided (0 bytes)' is logged repeatedly when HTTPS sessions are in progress.

Reproducible: Always

Steps to Reproduce:
1. upgrade to dev-libs/openssl-0.9.8f
2. set up an apache vhost that accepts https:// connections
3. open connections 
Actual Results:  
[Wed Nov 07 16:14:08 2007] [error] unusably short session_id provided (0 bytes)
[Wed Nov 07 16:14:23 2007] [error] unusably short session_id provided (0 bytes)
[Wed Nov 07 16:14:51 2007] [error] unusably short session_id provided (0 bytes)


Expected Results:  
Content being served over HTTPS without frequent error messages, as it was before.

Comment 1 Tony Vroon (RETIRED) gentoo-dev

2007-11-07 16:37:21 UTC

Open bugs for this package, both by the same reporter: bug #196554 and bug #196555, suspect CFLAGS at fault in both cases, request to sidestep.

Comment 2 Tony Vroon (RETIRED) gentoo-dev

2007-11-07 16:39:40 UTC

Requesting stable keywords on this package for production servers running Apache and serving content over HTTPS (like mine are doing; AMD64).

Comment 3 Samuli Suominen (RETIRED) gentoo-dev

2007-11-07 16:42:48 UTC

Bad. I believe stabilizing openssl-0.9.8g should make it into release, assuming it's ready to go.

base-system?

Comment 4 Tony Vroon (RETIRED) gentoo-dev

2007-11-07 16:48:10 UTC

Base-system says: do it.

Comment 5 Ferris McCormick (RETIRED) gentoo-dev

2007-11-07 18:53:24 UTC

Sparc done (a couple weeks early) to help with release cycle.  On sparc it passes all tests as expected, and I can't duplicate either bug #196554 or bug #196555 (no problems on sparc or on amd64).  But then, I use /var/tmp/portage, not /tmp/portage, although I don't see why that should make a bit of difference.

Comment 6 Jurek Bartuszek (RETIRED) gentoo-dev

2007-11-07 19:10:40 UTC

x86 done

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2007-11-07 20:02:09 UTC

alpha/ia64 stable

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2007-11-07 20:52:14 UTC

ppc64 stable

Comment 9 Jeroen Roovers (RETIRED) gentoo-dev

2007-11-08 02:58:35 UTC

Stable for HPPA.

Comment 10 Timothy Redaelli (RETIRED) gentoo-dev

2007-11-09 08:20:16 UTC

As always bsd is NOT a stable keyword

Comment 11 Daniel Gryniewicz (RETIRED) gentoo-dev

2007-11-09 17:36:38 UTC

amd64 done.

Comment 12 Joshua Kinard gentoo-dev

2007-11-19 02:20:30 UTC

mips stable.

Comment 13 Brent Baude (RETIRED) gentoo-dev

2007-11-24 04:22:39 UTC

ppc stable