Project

General

Profile

Bug #2157

SSL_CTX_set_options() return value not checked properly

Added by mlcreech almost 8 years ago. Updated almost 8 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2010-01-28
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
Yes

Description

I updated my OpenSSL version to 1.0.0-rc5, and started getting the following error when trying to start Lighttpd:

$ ./lighttpd -f lighttpd.conf  -D
2010-01-28 10:21:07: (network.c.529) SSL: error:2507006C:DSO support routines:DSO_load:functionality not supported 

I hadn't needed DSO support in SSL before, but I re-enabled it anyway. This just changed the text of the error:

$ ./lighttpd -f lighttpd.conf  -D
2010-01-28 10:23:01: (network.c.529) SSL: error:00000000:lib(0):func(0):reason(0)

Looking at the line in question, it seems that Lighttpd is expecting the return value of SSL_CTX_set_options() to equal the option that was just passed in. This is only true if no other options are set; in 1.0.0-rc5, SSL_OP_LEGACY_SERVER_CONNECT is enabled by default, which causes this check to fail.

The attached patch makes Lighttpd only check to see that the option it requested was set, ignoring the rest of the mask.

08-ssl-retval-fix.patch (580 Bytes) 08-ssl-retval-fix.patch Patch to allow for multiple bits in option mask mlcreech, 2010-01-28 15:50

Related issues

Has duplicate Bug #2189: lighttpd-1.4.26 : Server fails to start with ssl enabledDuplicate2010-04-23

Associated revisions

Revision 34fb1258 (diff)
Added by stbuehler almost 8 years ago

Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2716 152afb58-edef-0310-8abb-c4023f1b3aa9

Revision 2716 (diff)
Added by stbuehler almost 8 years ago

Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)

Revision 2717 (diff)
Added by stbuehler almost 8 years ago

Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)

History

#1

Updated by stbuehler almost 8 years ago

  • Target version set to 1.4.27
  • Missing in 1.5.x changed from No to Yes
#2

Updated by stbuehler almost 8 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2716.

#3

Updated by hvdkamer almost 8 years ago

The r2716 is also needed when the latest OpenSSL version 0.9.8m is used.

Also available in: Atom