build problem replacing libssl.so -- please read!

From: John Fox (jjf_at_NO_SPAMmind.net)
Date: 10/10/03

  • Next message: Makoto Matsushita: "Re: firewire load failure bug" 
    Date: Fri, 10 Oct 2003 09:13:12 -0700
To: freebsd-stable@freebsd.org

    Hello to all,

    I apologize for posting this message a second time, but it's been
    twenty-one hours, and no responses. I ask that people please
    read this message and give me some feedback, as this issue has
    me boggled. And if I haven't given enough information or shown
    enough effort to merit help, could someone at the very least give
    me a nudge in the proper direction? It'd be really appreciated.

    I've got a production machine running FreeBSD 4.8-RELEASE, and I
    need to upgrade it to fix the SSL, procfs issues that have come up
    lately. The machine's root partition lacks the space to accomodate
    world source and object files, so I have two symlinks for /usr/src
    and /usr/obj:

        /usr/src --> /usr/local/world_src
             /usr/obj --> /usr/local/world_obj

    I should also note that the apache13-modssl port is installed on
    this server.

    I cvsupped RELENG_4_8 (with "*default prefix=/usr" in the supfile)
    successfully.

    I cd'd to /usr/src, issued the "make buildworld" command, and waited
    until the build finished. I then cd'd to '/usr/obj/' and took a
    look around. In there I found a directory hierarchy of
    "usr/local/world_src", and within that were the nice shiny new
    files.

    One of my aims was to replace libssl.so.3 with a fixed version, so
    (after making a backup copy of the current /usr/lib/libssl.so.3) I
    placed /usr/obj/usr/local/world_src/secure/lib/libssl/libssl.so.3
    into /usr/lib and then attempted an https connection to the server.
    (Apache's libssl.so module was dynamically linked against libssl.so.3).
    I found that my connection did not really work properly, creating
    errors such as these in the httpd error log:

      [Wed Oct 8 16:01:04 2003] [error] [client W.X.Y.Z] Invalid method in request \x80C\x01\x03
      [Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03
      [Wed Oct 8 16:02:48 2003] [error] [client W.X.Y.Z] Invalid method in request \x16\x03

    Clearly, I did something wrong, for when I put the original libssl.so.3
    back in place, those errors went no longer occurred.

    I was totally confused at this point, and so I wrote up a problem description which
    I posted to freebsd-questions yesterday afternoon. It's been almost twenty hours
    since that posting, so I contacted my old boss, and asked him to read the letter,
    giving me any feedback he could.

    We made a few determinations:

    1) The httpd binary itself is not linked against any ssl library.
    It's linked dynamically against only libcrypt, libc, libm, libutil.

    2) mod_ssl is not compiled into the httpd binary. It is loaded via
    httpd.conf 'AddModule' and 'LoadModule' directives.

    3) '/usr/local/libexec/apache/libssl.so' appears to be the SSL
    module, as there is no 'mod_ssl' file in /usr/local/libexec/apache.
    This file is linked dynamically against libssl.so.3 and libcrypto.so.3.

    My old boss suggested replacing libcrypto.so.3 with the new version,
    in addition to replacing libssl.so.3. I did this, but it only made
    matters worse:

       * The httpd problem still existed

       * SSHD broke - my terminal windows to that host vanished
       in a fraction of a second and no new connections were
       allowed.

    I put the old libraries back into place, and reported failure to my
    ex-boss. He then suggested that perhaps my installation was
    sufficiently old that an entirely new world was required.

    I told him that the system was running (from unmame) "4.8-RELEASE
    #0: Thu Apr 3 ", and the the world I had just built was 4.8p13,
    and he was no longer so certain that my installation was so old
    that it had to have an all new world, and suggested that I write
    all this up and post it to freebsd-stable, which I am doing right
    now!

    I hope that I have described the problem clearly, and that someone
    will be able to shed some light on this matter.

    Thank you very much,

    -John 

    --
+---------------------------------------------------------------------------+
| John Fox <jjf @ mind.net>     |    System Administrator   | InfoStructure   |
+---------------------------------------------------------------------------+
|        Gideon: I thought you said don't hold a grudge.                    |
|         Galen: I don't. I have no surviving enemies...at all.             |
|             -- "Crusdade", _Racing the Night_                             |
+---------------------------------------------------------------------------+
----- End forwarded message -----
-John
--
+---------------------------------------------------------------------------+
| John Fox <jjf@mind.net>     |    System Administrator   | InfoStructure   |
+---------------------------------------------------------------------------+
|        Gideon: I thought you said don't hold a grudge.                    |
|         Galen: I don't. I have no surviving enemies...at all.             |
|             -- "Crusdade", _Racing the Night_                             |
+---------------------------------------------------------------------------+
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
  • Next message: Makoto Matsushita: "Re: firewire load failure bug"