Project

General

Profile

Actions
Copy link

Bug #2189

closed

lighttpd-1.4.26 : Server fails to start with ssl enabled

Added by suzukikp over 14 years ago. Updated over 14 years ago.

Status:
Duplicate
Priority:
Normal
Category:
-
Target version:
-
ASK QUESTIONS IN Forums:

Description

The lighttpd server fails to start with ssl engine enabled, with openssl version- openssl-0.9.8h.

The following error message is displayed.

2010-04-20 13:47:22: (network.c.532) SSL:error:00000000:lib(0):func(0):reason(0)

Code explanation :

In network_init(), the lighttpd daemon tries to set SSL_OP_NO_SSLv2 flag in the
SSL context to avoid using SSLv2, using SSL_CTX_set_options().

SSL_CTX_set_options returns the current options bitmask after the options are
set. The lighttpd verifies, whether the
mask SSL_OP_NO_SSLv2

Which is wrong. With the openssl which we were running the options were set to SSL_OP_NO_TICKET by default in the openssl.

We should be checking if the Option bit is set or not.

Fix is as show below:

Index: lighttpd-1.4.26/src/network.c
=================================================================
--- lighttpd-1.4.26.orig/src/network.c 2010-04-23 02:12:45.000000000 -0500
+++ lighttpd-1.4.26/src/network.c 2010-04-23 05:54:06.000000000 -0500
@ -528,7 +528,7 @

if (!s->ssl_use_sslv2) {
                        /* disable SSLv2 */
-                       if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx,
SSL_OP_NO_SSLv2)) {
+                       if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx,
SSL_OP_NO_SSLv2))) {
                                log_error_write(srv, FILE, LINE, "ss",
"SSL:",

ERR_error_string(ERR_get_error(), NULL));
return -1;

Related issues 1 (0 open1 closed)

Is duplicate of Bug #2157: SSL_CTX_set_options() return value not checked properlyFixed2010-01-28Actions
Actions
Copy link
 #1

Updated by stbuehler over 14 years ago

  • Status changed from New to Duplicate
Actions
Copy link

Also available in: Atom