AC openssl library version mismatch in apache

Bug #1659252 reported by Konrad Rzepecki on 2017-01-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
PLD Linux
Medium
Elan Ruusamäe

Bug Description

In AC Apache binary and mod_ssl have different openssl library compiled in causing SSL vhost to stop working. Any "SSLEngine On" directive causes following error "Unable to initialize TLS servername extension callback (incompatible OpenSSL version?)" and prevent apache to start.

/usr/sbin/httpd.prefork -v
Server version: Apache/2.2.32 (PLD/Linux)
Server built: Jan 16 2017 17:14:55

ldd /usr/sbin/httpd.prefork | grep ssl
        libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7c9b000)

ldd /usr/lib/apache/mod_ssl.so | grep ssl
        libssl.so.1.0.0 => /lib/libssl.so.1.0.0 (0xb7eeb000)

Apache should be recompiled using 1.0.2 openssl

Elan Ruusamäe (glen666) wrote :

apache doesn't link with openssl. this is pristine install with apache only:

bash-3.2# ldd /usr/sbin/httpd.prefork
        libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f84be254000)
        libaprutil-1.so.0 => /usr/lib64/libaprutil-1.so.0 (0x00007f84be033000)
        libapr-1.so.0 => /usr/lib64/libapr-1.so.0 (0x00007f84bde08000)
        libpthread.so.0 => /lib64/tls/libpthread.so.0 (0x00007f84bdcf3000)
        libc.so.6 => /lib64/tls/libc.so.6 (0x00007f84bdacd000)
        libexpat.so.0 => /usr/lib64/libexpat.so.0 (0x00007f84bd9aa000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f84bd873000)
        libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f84bd66f000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f84bd56c000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f84be487000)
bash-3.2#

even installing apache-mod_ssl does not make apache binary link with openssl (it's dynamically loaded module)

bash-3.2# rpm -q apache-mod_ssl
apache-mod_ssl-2.2.32-1.amd64
bash-3.2# ldd /usr/sbin/httpd.prefork |grep ssl
bash-3.2# ldd /usr/sbin/httpd.prefork |grep -c ssl
0
bash-3.2#

what other apache packages you have installed?
$ rpm -qa '*apache*'

or or maybe nss configuration affects?
$ cat /etc/nsswitch.conf

also post objdump output to see what is httpd binary directly linking against:

$ objdump -p /usr/sbin/httpd.prefork

Konrad Rzepecki (labinnah) wrote :

Thanks for hints.

I've done some deeper search and found that is was caused by older openldap-libs or/and apr-util. For some reason older apr-util have been compiled with ldap. Upgrading both fix the problem.

I don't know if this problem require any work from you, but from my point of view this bug can be closed. Sorry for wasting your time.

Elan Ruusamäe (glen666) wrote :

solved with dist upgrade

Changed in pld-linux:
assignee: nobody → Elan Ruusamäe (glen666)
importance: Undecided → Medium
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers