Re: Apache 2.2.16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Aug 6, 2010 at 10:57 AM,  <james@xxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> I've recently upgraded to 2.2.16 and am encountering some issues. I've noticed the addition of SSLFIPS, however, I did not see any mention of this in the release notes. I did, however, see mention of it in the release notes for 2.3.6, interesting. I've compiled against OpenSSL 0.9.8o-fips (FIPS 1.2 module from openssl.org).
>
> I have a web application that uses OpenLDAP and SSH to add/check resources, such as users. Going through HTTPS and testing the LDAP server configuration (manually entered settings) to verify that I can communicate with the server properly, the Apache child process segfaults. The OpenLDAP version is 2.4.23.
>
> [Fri Aug 06 09:17:54 2010] [notice] child pid 15419 exit signal Segmentation fault (11)
>
> Has anyone encountered this issue before?
>
> My other issue is when adding an user over HTTPS and having PHP exec() the system's ssh command to connect to the remote machine and perform a few minor operations. The error message I am getting is:
>
> digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored
> [Fri Aug 06 09:32:27 2010] [notice] child pid 29661 exit signal Aborted (6)
>
> After researching that error message a bit, it appears to be caused by an MD5 checksum and MD5 is one of the forbidden algorithms in FIPS.
>
> The above mentioned functionality worked flawlessly in 2.2.15 and below.

Did you use the same OpenSSL build with 2.2.15 and below?

My suggestion:

Find out what symptoms are specific to the use of FIPS-enabled OpenSSL
Get backtraces for any crashes (SIGSEGV, SIGABRT) you're seeing
Open bugs with the appropriate component(s) -- httpd, PHP, apr,
OpenLDAP, etc. -- depending on what code crashes or is implicated in
misusing some other component.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux