Bug 61206

Summary: mod_ssl fails to build with 2.4.26 if openssl was built with OPENSSL_NO_COMP
Product: Apache httpd-2 Reporter: Michael Schlenker <msc>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: FixedInTrunk, PatchAvailable
Priority: P2    
Version: 2.4.25   
Target Milestone: ---   
Hardware: PC   
OS: Windows NT   
Attachments: Patch for mod_ssl.c
Guard call with #ifndef OPENSSL_NO_COMP

Description Michael Schlenker 2017-06-21 15:06:42 UTC 
When openssl 1.0.2h was built without compression methods (e.g. OPENSSL_NO_COMP is defined) to mitigate CRIME attacks, the build of 2.4.26's mod_ssl fails due to unresolves symbols during linking.

The culprit is calling the cleanup function for compression functions.

SSL_COMP_free_compression_methods();

which is not exported when NO_COMP was used.
Comment 1 Michael Schlenker 2017-06-21 15:08:49 UTC 
Created attachment 35066 [details]
Patch for mod_ssl.c
Comment 2 Michael Schlenker 2017-06-21 15:11:04 UTC 
wrong patch, sorry...
Comment 3 Michael Schlenker 2017-06-21 15:13:12 UTC 
Created attachment 35067 [details]
Guard call with #ifndef OPENSSL_NO_COMP
Comment 4 Michael Schlenker 2017-06-21 15:15:46 UTC 
This is also fixed in the patch for 61184, as libressl seemt to always have NO_COMP these days.
Comment 5 Yann Ylavic 2017-07-29 23:36:00 UTC 
Committed to trunk in r1803392 and proposed for backport to 2.4.x.
Comment 6 Christophe JAILLET 2018-03-27 17:42:31 UTC 
This has been backported in 2.4.x in r1807734 and is part in 2.4.28