Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 739075 Details for
Bug 812859
www-servers/apache: fails to start mod_ssl with OpenSSL 3 (mod_ssl.so: undefined symbol: ERR_GET_FUNC)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
ssl_engine_init.c.patch
file_812859.txt (text/plain), 1.73 KB, created by
Sam James
on 2021-09-13 03:01:01 UTC
(
hide
)
Description:
ssl_engine_init.c.patch
Filename:
MIME Type:
Creator:
Sam James
Created:
2021-09-13 03:01:01 UTC
Size:
1.73 KB
patch
obsolete
>--- a/modules/ssl/ssl_engine_init.c 2021/06/29 09:30:24 1891137 >+++ b/modules/ssl/ssl_engine_init.c 2021/06/29 11:24:17 1891138 >@@ -1378,6 +1378,22 @@ > #endif > } > >+/* SSL_CTX_use_PrivateKey_file() can fail either because the private >+ * key was encrypted, or due to a mismatch between an already-loaded >+ * cert and the key - a common misconfiguration - from calling >+ * X509_check_private_key(). This macro is passed the last error code >+ * off the OpenSSL stack and evaluates to true only for the first >+ * case. With OpenSSL < 3 the second case is identifiable by the >+ * function code, but function codes are not used from 3.0. */ >+#if OPENSSL_VERSION_NUMBER < 0x30000000L >+#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_FUNC(ec) != X509_F_X509_CHECK_PRIVATE_KEY) >+#else >+#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_LIB != ERR_LIB_X509 \ >+ || (ERR_GET_REASON(ec) != X509_R_KEY_TYPE_MISMATCH \ >+ && ERR_GET_REASON(ec) != X509_R_KEY_VALUES_MISMATCH \ >+ && ERR_GET_REASON(ec) != X509_R_UNKNOWN_KEY_TYPE)) >+#endif >+ > static apr_status_t ssl_init_server_certs(server_rec *s, > apr_pool_t *p, > apr_pool_t *ptemp, >@@ -1483,8 +1499,7 @@ > } > else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, > SSL_FILETYPE_PEM) < 1) >- && (ERR_GET_FUNC(ERR_peek_last_error()) >- != X509_F_X509_CHECK_PRIVATE_KEY)) { >+ && CHECK_PRIVKEY_ERROR(ERR_peek_last_error())) { > ssl_asn1_t *asn1; > const unsigned char *ptr; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=739075">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 812859
: 739075
