Bug 61206 - mod_ssl fails to build with 2.4.26 if openssl was built with OPENSSL_NO_COMP
Summary: mod_ssl fails to build with 2.4.26 if openssl was built with OPENSSL_NO_COMP
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.25
Hardware: PC Windows NT
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2017-06-21 15:06 UTC by Michael Schlenker
Modified: 2018-03-27 17:42 UTC (History)
0 users



Attachments
Patch for mod_ssl.c (9.92 KB, patch)
2017-06-21 15:08 UTC, Michael Schlenker
Details | Diff
Guard call with #ifndef OPENSSL_NO_COMP (629 bytes, patch)
2017-06-21 15:13 UTC, Michael Schlenker
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Schlenker 2017-06-21 15:06:42 UTC
When openssl 1.0.2h was built without compression methods (e.g. OPENSSL_NO_COMP is defined) to mitigate CRIME attacks, the build of 2.4.26's mod_ssl fails due to unresolves symbols during linking.

The culprit is calling the cleanup function for compression functions.

SSL_COMP_free_compression_methods();

which is not exported when NO_COMP was used.
Comment 1 Michael Schlenker 2017-06-21 15:08:49 UTC
Created attachment 35066 [details]
Patch for mod_ssl.c
Comment 2 Michael Schlenker 2017-06-21 15:11:04 UTC
wrong patch, sorry...
Comment 3 Michael Schlenker 2017-06-21 15:13:12 UTC
Created attachment 35067 [details]
Guard call with #ifndef OPENSSL_NO_COMP
Comment 4 Michael Schlenker 2017-06-21 15:15:46 UTC
This is also fixed in the patch for 61184, as libressl seemt to always have NO_COMP these days.
Comment 5 Yann Ylavic 2017-07-29 23:36:00 UTC
Committed to trunk in r1803392 and proposed for backport to 2.4.x.
Comment 6 Christophe JAILLET 2018-03-27 17:42:31 UTC
This has been backported in 2.4.x in r1807734 and is part in 2.4.28