Bug 43708 - mod_ssl version string corrupted
Summary: mod_ssl version string corrupted
Status: RESOLVED DUPLICATE of bug 43334
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2.6
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-26 08:40 UTC by Wolfgang Breyha
Modified: 2007-10-26 09:23 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Breyha 2007-10-26 08:40:15 UTC 
I built httpd-2.2.6 on fc5 with openssl 0.9.8e and g. On both versions the
Server identification in HTTP responses got corrupted.

eg:
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 . mod_fastcgi/2.4.2
instead of:
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8g mod_fastcgi/2.4.2

it was ok with 2.2.4.

I did some research and found that changing...
--------------
--- ssl_engine_vars.c.orig      2007-10-26 17:32:40.000000000 +0200
+++ ssl_engine_vars.c   2007-10-26 17:02:38.000000000 +0200
@@ -637,7 +637,7 @@
 {
     static char interface[] = "mod_ssl/" MOD_SSL_VERSION;
     static char library_interface[] = SSL_LIBRARY_TEXT;
-    static char *library = NULL;
+    char *library = NULL;
     char *result;

     if (!library) {
----------
...helps. it seems that the string returned in
   library = apr_pstrdup(p, SSL_LIBRARY_DYNTEXT);
some lines later gets overwritten somehow.

Regards, Wolfgang Breyha
Comment 1 Takashi Sato 2007-10-26 09:23:37 UTC 
This bug was already fixed on 2.2 development branch.
Try to apply this patch:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_
vars.c?r1=575284&r2=575283&pathrev=575284&view=patch

or wait for 2.2.7.

*** This bug has been marked as a duplicate of 43334 ***