LibreSSL 2.7.2's inclusion into the ports tree has created a bit of a rash of issues. Most are documented at https://wiki.freebsd.org/LibreSSL/2.7. Apache24 is listed as patched and does, in fact, build without glaring errors. And, after patching a few ports that don't have their patches integrated yet, I can rebuild all ports without fails https://forums.freebsd.org/threads/python27-problem-at-packaging-stage.51189/page-2#post-386195 However, in my environment (at least) it will not start - this is on every jail I have - Apache24 will not start: httpd: Syntax error on line 130 of /usr/local/etc/apache24/httpd.conf: Cannot load libexec/apache24/mod_ssl.so into server: /usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "OPENSSL_malloc_init" The following innocuous seeming error seems relevant --- mod_ssl.slo --- mod_ssl.c:404:5: warning: implicit declaration of function 'OPENSSL_malloc_init' is invalid in C99 [-Wimplicit-function-declaration] OPENSSL_malloc_init();
/* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ #if MODSSL_USE_OPENSSL_PRE_1_1_API (void)CRYPTO_malloc_init(); #else OPENSSL_malloc_init(); #endif ERR_load_crypto_strings(); SSL_load_error_strings(); SSL_library_init(); #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_load_builtin_engines(); #endif OpenSSL_add_all_algorithms(); OPENSSL_load_builtin_modules();
(In reply to gessel from comment #1) > /* We must register the library in full, to ensure our configuration > * code can successfully test the SSL environment. > */ > #if MODSSL_USE_OPENSSL_PRE_1_1_API > (void)CRYPTO_malloc_init(); Here, trunk uses: #if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) This change was part of TLSv1.3 integration (bug 62236), so the full bits may be r1828222 + r1830522.
It appears these changes are not fully integrated in the FreeBSD port Apache v2.4.33 As on my machine httpd/httpd/trunk/modules/ssl/ssl_engine_init.c:546-551 char *cp; int protocol = mctx->protocol; SSLSrvConfigRec *sc = mySrvConfig(s); #if OPENSSL_VERSION_NUMBER >= 0x10100000L int prot; #endif Revision 1830522 shows @@ -582,7 +582,8 @@ char *cp; int protocol = mctx->protocol; SSLSrvConfigRec *sc = mySrvConfig(s); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ + (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x20800000L) int prot; #endif and in httpd/httpd/trunk/modules/ssl/mod_ssl.c:398-404 /* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ #if MODSSL_USE_OPENSSL_PRE_1_1_API (void)CRYPTO_malloc_init(); #else OPENSSL_malloc_init(); Revision 1828222 shows @@ -407,7 +407,7 @@ /* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ -#if MODSSL_USE_OPENSSL_PRE_1_1_API +#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) (void)CRYPTO_malloc_init(); #else OPENSSL_malloc_init();
Failed attempt below: make clean && make distclean && make cd /var/ports/usr/ports/www/apache24/work/httpd-2.4.33/modules/ssl/ mv ssl_engine_init.c ssl_engine_init.c.orig mv mod_ssl.c mod_ssl.c.orig mv ssl_private.h ssl_private.h.orig wget -O ssl_engine_init.c 'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?revision=1830522&view=co&pathrev=1830522' wget -O mod_ssl.c 'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?revision=1828222&view=co&pathrev=1828222' wget -O ssl_private.h 'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1828222&view=co&pathrev=1828222' cd ../md/ mv md_crypt.c.orig md_crypt.c.pre-182822 mv md_crypt.c md_crypt.c.orig wget -O md_crypt.c 'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_crypt.c?revision=1828222&view=co&pathrev=1828222' cd /usr/ports/www/apache24 make makepatch make clean && make distclean portmaster yields --- ssl_engine_init.slo --- ssl_engine_init.c:54:12: error: static declaration of 'DH_set0_pqg' follows non-static declaration static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ^ /usr/local/include/openssl/dh.h:195:5: note: previous declaration is here int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ^ 1 error generated. *** [ssl_engine_init.slo] Error code 1 :(
Created attachment 35905 [details] Backport r1828222 + r1830522 How about this patch instead? Your method was quite rough to patch 2.4.33 :)
Thanks Yann, Yeah, crude and bumbling, but thanks for the new patch. modules/md/md_crypt.c already has the patch. The ones for modules/ssl/... succeeded. However, building with the patches yields: (I reverted the system and successfully test built - of course while the shipping version builds, it won't start due to the OPENSSL_malloc_init). --- ssl_engine_init.slo --- ssl_engine_init.c:54:12: error: static declaration of 'DH_set0_pqg' follows non-static declaration static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ^ /usr/local/include/openssl/dh.h:195:5: note: previous declaration is here int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ^ 1 error generated. *** [ssl_engine_init.slo] Error code 1 According to some helpful people on the libressl list, it may be sufficient to simply comment out the OPENSSL_malloc_init(); line. I'm going to revert and try that next.
FIXED. https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?r1=1828222&r2=1828221&pathrev=1828222 is sufficient and builds correctly.
Meanwhile, I've committed fixes to the FreeBSD port. The LibreSSL 2.7 patch I created has been imported in trunk, how do you deal with backporting to 2.4?