On 9/12/21 07:55, Bernard Spil wrote:
> ERR_GET_FUNC was blocking this for me on FreeBSD 13 with OpenSSL 3.0 from ports.
> Warning in build logs, but failure at runtime
>
> ssl_engine_init.c:1375:22: warning: implicit declaration of function
> 'ERR_GET_FUNC' is invalid in C99 [-Wimplicit-function-declaration]
> && (ERR_GET_FUNC(ERR_peek_last_error())
>
> and the fix is https://svn.apache.org/viewvc?view=revision&revision=1891138
> as noted above.
>
> All seems well with that r1891138 fix and OpenSSL 3.0.0 on FreeBSD
> 13.0-p4 amd64 / clang 11.0.1
>
> [Sun Sep 12 11:48:50.820341 2021] [mpm_event:notice] [pid 80970:tid
> 34372395008] AH00489: Apache/2.4.49 (FreeBSD) OpenSSL/3.0.0 configured
> -- resuming normal operations
>
Thank you for the top-post reply.
I am still of the opinion that "-1 There's trouble in paradise." due to
the fact that the 2.4.49-rc1 tarball will not work out of the box with
the production release of OpenSSL 3.0.0. There needs to be a fix here
such that it "just works"(tm) with the latest OpenSSL.
> On Sun, Sep 12, 2021 at 7:02 AM Dennis Clarke <dclarke@blastwave.org> wrote:
>>
>> On 9/12/21 02:36, Dennis Clarke wrote:
>>> On 9/10/21 11:23, stefan@eissing.org wrote:
>>>> Hi, all;
>>>> Please find below the proposed release tarball and signatures:
>>>> https://dist.apache.org/repos/dist/dev/httpd/
>>>>
>>>> I would like to call a VOTE over the next few days to release
>>>> this candidate tarball httpd-2.4.49-rc1 as 2.4.49:
>>>> [ ] +1: It's not just good, it's good enough!
>>>> [ ] +0: Let's have a talk.
>>>> [ ] -1: There's trouble in paradise. Here's what's wrong.
>>>>
>>
>> * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * *
>>
>>
>> Reply to self here ...
>>
>> I discovered in the OpenSSL 3.0.0 release notes:
>>
>>
>> * The ERR_GET_FUNC() function was removed. With the loss
>> of meaningful function codes, this function can only
>> cause problems for calling applications.
>>
>> Paul Dale
>>
>>
>> Thus ERR_GET_FUNC() was removed, but it looks like httpd is still
>> trying to use it, which explains the error I'm seeing. What I see
>> is :
>>
>>
>>
>> beta #
>> beta # /opt/bw/bin/httpd -V
>> Server version: Apache/2.4.49 (Unix)
>> Server built: Sep 12 2021 03:54:11
>> Server's Module Magic Number: 20120211:116
>> Server loaded: APR 1.7.0, APR-UTIL 1.6.1
>> Compiled using: APR 1.7.0, APR-UTIL 1.6.1
>> Architecture: 64-bit
>> Server MPM: event
>> threaded: yes (fixed thread count)
>> forked: yes (variable process count)
>> Server compiled with....
>> -D APR_HAS_SENDFILE
>> -D APR_HAS_MMAP
>> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>> -D APR_USE_PROC_PTHREAD_SERIALIZE
>> -D APR_USE_PTHREAD_SERIALIZE
>> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>> -D APR_HAS_OTHER_CHILD
>> -D AP_HAVE_RELIABLE_PIPED_LOGS
>> -D DYNAMIC_MODULE_LIMIT=256
>> -D HTTPD_ROOT="/opt/bw"
>> -D SUEXEC_BIN="/opt/bw/bin/suexec"
>> -D DEFAULT_PIDLOG="var/apache/httpd/logs/httpd.pid"
>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>> -D DEFAULT_ERRORLOG="logs/error_log"
>> -D AP_TYPES_CONFIG_FILE="etc/apache/httpd/mime.types"
>> -D SERVER_CONFIG_FILE="etc/apache/httpd/httpd.conf"
>> beta #
>> beta #
>> beta # /opt/bw/bin/apachectl start
>> httpd: Syntax error on line 75 of /opt/bw/etc/apache/httpd/httpd.conf:
>> Cannot load modules/mod_ssl.so into server: ld.so.1: httpd: fatal:
>> relocation error: file /opt/bw/modules/mod_ssl.so: symbol ERR_GET_FUNC:
>> referenced symbol not found
>> beta #
>>
>> We see https://github.com/apache/httpd/pull/258 exists however I am
>> only now looking at how to patch 2.4.49 based on those changes in
>> trunk.
I will take a close look at the patch links :
https://svn.apache.org/viewvc?view=revision&revision=1891138 At first glance there are many changes to modules/ssl/ssl_engine_init.c
so this is not just a three line change.
However it may work ....
/opt/bw/build-1/libtool --silent --mode=compile \
/opt/developerstudio12.6/bin/cc -I/opt/bw/include \
-std=iso9899:2011 -m64 -xarch=sparc -xO0 -g -errfmt=error \
-erroff=%none -errshort=full -xstrconst -xildoff \
-xmemalign=8s -xnolibmil -xcode=pic32 -xregs=no%appl \
-xlibmieee -mc -ftrap=%none -xbuiltin=%none -xunroll=1 -Qy \
-xdebugformat=dwarf -DSOLARIS2=10 -D_REENTRANT \
-I/opt/bw/include \
-D_POSIX_PTHREAD_SEMANTICS -D_LARGEFILE64_SOURCE -D_TS_ERRNO \
-D_X_OPEN_SOURCE=600 \
-I. \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/os/unix \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/include \
-I/opt/bw/include/apr-1 -I/opt/bw/include \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/aaa \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/cache \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/core \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/database
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/filters
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ldap \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/server \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/loggers
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/lua \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/proxy \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/http2 \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/session
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ssl \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/test \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/server \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/md \
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/arch/unix
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/dav/main
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/generators
\
-I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/mappers
\
-prefer-pic -c ssl_engine_init.c && touch ssl_engine_init.slo
"ssl_engine_init.c", line 300: error: undefined struct/union member:
vhost_md5
"ssl_engine_init.c", line 300: warning: improper pointer/integer
combination: op "="
"ssl_engine_init.c", line 1502: warning: improper pointer/integer
combination: op "!="
"ssl_engine_init.c", line 1511: error: undefined struct/union member:
retained
"ssl_engine_init.c", line 1511: error: undefined struct/union member:
privkeys
"ssl_engine_init.c", line 1511: error: left operand of "->" must be
pointer to struct/union
"ssl_engine_init.c", line 1511: warning: improper pointer/integer
combination: arg #1
"ssl_engine_init.c", line 1681: error: undefined struct/union member:
mac_params
"ssl_engine_init.c", line 1681: error: cannot dereference non-pointer type
"ssl_engine_init.c", line 1682: error: undefined symbol: OSSL_MAC_PARAM_KEY
"ssl_engine_init.c", line 1682: warning: improper pointer/integer
combination: arg #1
"ssl_engine_init.c", line 1681: error: assignment type mismatch:
int "=" struct ossl_param_st {pointer to const char key,
unsigned int data_type, pointer to void data, unsigned long data_size,
unsigned long return_size}
"ssl_engine_init.c", line 1684: error: improper member use: mac_params
"ssl_engine_init.c", line 1684: error: cannot dereference non-pointer type
"ssl_engine_init.c", line 1685: error: undefined symbol:
OSSL_MAC_PARAM_DIGEST
"ssl_engine_init.c", line 1685: warning: improper pointer/integer
combination: arg #1
"ssl_engine_init.c", line 1684: error: assignment type mismatch:
int "=" struct ossl_param_st {pointer to const char key,
unsigned int data_type, pointer to void data, unsigned long data_size,
unsigned long return_size}
"ssl_engine_init.c", line 1686: error: improper member use: mac_params
"ssl_engine_init.c", line 1686: error: cannot dereference non-pointer type
"ssl_engine_init.c", line 1686: error: assignment type mismatch:
int "=" struct ossl_param_st {pointer to const char key,
unsigned int data_type, pointer to void data, unsigned long data_size,
unsigned long return_size}
"ssl_engine_init.c", line 1689: warning: argument #2 is incompatible
with prototype:
prototype: pointer to function(pointer to struct ssl_st {},
pointer to unsigned char, pointer to unsigned char, pointer to struct
evp_cipher_ctx_st {}, pointer to struct evp_mac_ctx_st {}, int)
returning int : "/opt/bw/include/openssl/tls1.h", line 333
argument : pointer to function(pointer to struct ssl_st {},
pointer to unsigned char, pointer to unsigned char, pointer to struct
evp_cipher_ctx_st {}, pointer to struct hmac_ctx_st {}, int) returning int
cc: acomp failed for ssl_engine_init.c
gmake[4]: ***
[/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:212:
ssl_engine_init.slo] Error 1
gmake[4]: Leaving directory
'/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ssl'
gmake[3]: ***
[/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:117:
shared-build-recursive] Error 1
gmake[3]: Leaving directory
'/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/ssl'
gmake[2]: ***
[/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:117:
shared-build-recursive] Error 1
gmake[2]: Leaving directory
'/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules'
gmake[1]: ***
[/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:117:
shared-build-recursive] Error 1
gmake[1]: Leaving directory
'/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003'
gmake: ***
[/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/build/rules.mk:75:
all-recursive] Error 1
Nope.
Not exactly a drop in replacement. I will dig around and see if there is
a way to deal with the above.
So I guess the question should be will httpd 2.4.49 work with OpenSSL 3?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional