Summary: | www-servers/apache: fails to start mod_ssl with OpenSSL 3 (mod_ssl.so: undefined symbol: ERR_GET_FUNC) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sam James <sam> |
Component: | Current packages | Assignee: | Apache Team - Bugzilla Reports <apache-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, ole+gentoo, reuben-gentoo-bugzilla |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 797325 | ||
Attachments: | ssl_engine_init.c.patch |
Description
Sam James
2021-09-13 03:00:36 UTC
Created attachment 739075 [details, diff]
ssl_engine_init.c.patch
Notably, Fedora has a far larger patch: https://src.fedoraproject.org/rpms/httpd/c/aee92c2c6a96e3d21560bdd5de702534dd68e323?branch=rawhide, but this looks like it might fix a lot of deprecated usage rather than being _strictly_ necessary for now. (See https://github.com/apache/httpd/pull/258). I'm very hesitant to add patches like this. It is very easy to miss additional security issues this way and introduce an insecure version. I would strongly prefer that we follow the upstream httpd releases with this. The patch has been applied to apache 2.5 trunk only and not to 2.4 and we can't tell why that has not happened yet (e.g. because it would introduce other security-related issues). Apache 2.4.52 includes this patch and the changelog notes OpenSSL 3 compatibility: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1895868 (In reply to Craig Andrews from comment #4) > Apache 2.4.52 includes this patch and the changelog notes OpenSSL 3 > compatibility: > https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/ > CHANGES?view=markup&pathrev=1895868 Thanks! |