42806 – mod_ssl needs to be remerged after openssl upgrade

Bug 42806 - mod_ssl needs to be remerged after openssl upgrade

Summary: mod_ssl needs to be remerged after openssl upgrade

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Web Application Packages Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-02-24 14:21 UTC by Corvus
Modified:	2004-03-10 13:01 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Corvus 2004-02-24 14:21:37 UTC

well this sounds obvious, but unfortunately its much more complicated.

on 2 of my dedicated servers running with net-www/apache-1.3.29-r1 and net-www/mod_ssl-2.8.16 one of the last update world's i did updated openssl to 0.9.7c-r1 while I dont know the version which was installed during compilation of mod_ssl anymore, probably the version being actual during the last stable update of mod_ssl itself.

however the strange thing is, mod_ssl runs with the new openssl, and everything seems normal, no unresolved symbols, everything runs fine,
but when accessing those https servers with some browsers,
(most reproduces with konqueror of kde 3.2 , some with firefox-0.8, while with lynx everything worked fine every time without bug occurence) the connection unexpectedly drops during http header exchange (before the actual data) with no sign on the server of anything unusual except a client that dropped connection.

I already fixed a bug for konqueror (since with lynx it worked fine, and i had the bug on both https server i tried (well both gentoo)) before i realized that it actually IS the servers fault, and the bug doesnt occur with most 3rd party https systems.

re emerging mod_ssl to build with the current openssl worked fine and seems to have fixed the problem.

Reproducible: Sometimes
Steps to Reproduce:
1. update openssl without re-emerging mod_ssl
2. run your server as normal
3. try to access the server via https with konqueror of kde 3.2, the bug occurs not every time, but between 1 of 5 times and 4 of 5 times depending on system load, server system load, bandwidth, moon phase, time since last request, ..., ...

Actual Results:  
ssl connection between server and client drops during early data exchange
leading to a browser error-message-pop-up but no obvious log-entry on the server

Expected Results:  
no such crap ;)

i dont have much additional info, someone might need to reproduce the issue, but
its also possible that noone in the world can reproduce the same behaviour. also
re-emerging mod_ssl on the servers fixed the error, so my actual system
configuration isnt the error configuration anymore.

However i had the conn-loss errors with browsers from 2 different gentoo systems
on 2 almost identical gentoo servers with this issue, so maybe someone is (un)lucky.

maybe openssl could print an additional message that mod_ssl might have to be
remerged, there is a hint about using revdep-rebuild, but revdep-rebuild doesnt
detect THIS inconsistency (i did run revdep-rebuild, mod_ssl was not listed as
"thing with unresolved symbols" by them)

Comment 1 Martin Holzer (RETIRED) gentoo-dev

2004-03-10 13:01:21 UTC

                einfo "You can now re-compile all packages that are linked again
st"
                einfo "OpenSSL 0.9.6 by using revdep-rebuild from gentoolkit:"
                einfo "# revdep-rebuild --soname libssl.so.0.9.6"
                einfo "# revdep-rebuild --soname libcrypto.so.0.9.6"
                einfo "After this, you can delete /usr/lib/libssl.so.0.9.6 and /
usr/lib/libcrypto.so.0.9.6"