Project

General

Profile

Forums » Support »

[Solved] lighttpd cannot start after upgrade from 1.4.74 to 1.4.75

Added by Deweloper 9 months ago

Hi,

I upgraded lighttpd to latest version 1.4.75 and now I'm getting:

/usr/sbin/lighttpd: symbol 'mod_openssl_asn1_time_to_posix': can't resolve symbol in lib '/usr/lib/lighttpd/mod_openssl.so'.
2024-03-27 17:24:08: (plugin.c.221) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so Unable to resolve symbol
2024-03-27 17:24:08: (server.c.1649) loading plugins finally failed

/usr/lib/lighttpd/mod_openssl.so wants to import symbol mod_openssl_asn1_time_to_posix but nothing provides it.

So I rebuilt it and there was a warning:

/bin/sh ../libtool  --tag=CC   --mode=compile i686-buildroot-linux-uclibc-gcc -DHAVE_CONFIG_H -DHAVE_VERSIONSTAMP_H -DLIBRARY_DIR="\"/usr/lib/lighttpd\"" -DSBIN_DIR="\"/usr/sbin\"" -I. -I..   -D_REENTRANT -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES -D_DEFAULT_SOURCE   -march=i686 -Os -I/output/staging/usr/include -lz -pipe -Wall -W -Wshadow -pedantic -MT mod_openssl_la-mod_openssl.lo -MD -MP -MF .deps/mod_openssl_la-mod_openssl.Tpo -c -o mod_openssl_la-mod_openssl.lo `test -f 'mod_openssl.c' || echo './'`mod_openssl.c
libtool: compile:  i686-buildroot-linux-uclibc-gcc -DHAVE_CONFIG_H -DHAVE_VERSIONSTAMP_H -DLIBRARY_DIR=\"/usr/lib/lighttpd\" -DSBIN_DIR=\"/usr/sbin\" -I. -I.. -D_REENTRANT -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES -D_DEFAULT_SOURCE -march=i686 -Os -I/output/staging/usr/include -lz -pipe -Wall -W -Wshadow -pedantic -MT mod_openssl_la-mod_openssl.lo -MD -MP -MF .deps/mod_openssl_la-mod_openssl.Tpo -c mod_openssl.c  -fPIC -DPIC -o .libs/mod_openssl_la-mod_openssl.o
make[1]: 'busybox.links' jest aktualne.
mod_openssl.c:1390:1: warning: 'mod_openssl_asn1_time_to_posix' used but never defined
 1390 | mod_openssl_asn1_time_to_posix (const ASN1_TIME *asn1time);
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mv -f .deps/mod_openssl_la-mod_openssl.Tpo .deps/mod_openssl_la-mod_openssl.Plo
/bin/sh ../libtool  --tag=CC   --mode=link i686-buildroot-linux-uclibc-gcc   -march=i686 -Os -I/output/staging/usr/include -lz -pipe -Wall -W -Wshadow -pedantic -module -export-dynamic -avoid-version -L/output/staging/usr/lib -lz -o mod_openssl.la -rpath /usr/lib/lighttpd mod_openssl_la-mod_openssl.lo -lssl -lcrypto  
libtool: link: i686-buildroot-linux-uclibc-gcc -shared  -fPIC -DPIC  .libs/mod_openssl_la-mod_openssl.o   -L/output/staging/usr/lib -lz -lssl -lcrypto  -march=i686 -Os   -Wl,-soname -Wl,mod_openssl.so -o .libs/mod_openssl.so
/usr/local/cross/bin/../lib/gcc/i686-buildroot-linux-uclibc/13.2.0/../../../../i686-buildroot-linux-uclibc/bin/ld: .libs/mod_openssl_la-mod_openssl.o: warning: relocation against `mod_openssl_asn1_time_to_posix' in read-only section `.text'
/usr/local/cross/bin/../lib/gcc/i686-buildroot-linux-uclibc/13.2.0/../../../../i686-buildroot-linux-uclibc/bin/ld: warning: creating DT_TEXTREL in a shared object
libtool: link: ( cd ".libs" && rm -f "mod_openssl.la" && ln -s "../mod_openssl.la" "mod_openssl.la" )

So it looks like mod_openssl.c declares mod_openssl_asn1_time_to_posix but doesn't define it, what causes gcc to try to import that symbol. In runtime the symbol is missing so mod_openssl.so cannot be loaded and lighttpd dies due to missing plugin.
I have OpenSSL 3.2.1 and OPENSSL_NO_OCSP defined.
When I reverted just this change:
https://redmine.lighttpd.net/projects/lighttpd/repository/14/diff/src/mod_openssl.c?utf8=%E2%9C%93&rev=7adc0f65fb0459b33b75e2af57b41d27e4853925&rev_to=87b3a9cab8d964330aef12db9f78aae66eaf0968
lighttpd started properly and seems to be working.


Replies (1)

RE: lighttpd cannot start after upgrade from 1.4.74 to 1.4.75 - Added by gstrauss 9 months ago

I have OpenSSL 3.2.1 and OPENSSL_NO_OCSP defined.

You are correct that mod_openssl_asn1_time_to_posix is not defined when OPENSSL_NO_OCSP is defined, but needs to be for changes made in lighttpd 1.4.75.

Commit 7adc0f65f message explains why the change was made in lighttpd 1.4.75.

The following patch should fix that for you.

--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -1561,6 +1561,8 @@ mod_openssl_load_stapling_file (const char *file, log_error_st *errh, buffer *b)
   #endif
 }

+#endif /* OPENSSL_NO_OCSP */
+

 static unix_time64_t
 mod_openssl_asn1_time_to_posix (const ASN1_TIME *asn1time)
@@ -1678,6 +1680,8 @@ mod_openssl_asn1_time_to_posix (const ASN1_TIME *asn1time)
 }

+#ifndef OPENSSL_NO_OCSP
+
 static unix_time64_t
 mod_openssl_ocsp_next_update (plugin_cert *pc)
 {
    (1-1/1)