mod_ssl, Apache2 and Leopard with patch -- doesn't work
Tabitha McNerney
tabithamc at gmail.com
Sun Jan 6 20:17:36 PST 2008
Guido,
I can confirm that your solution that you eloquently described
aforementioned works perfectly -- the namespace error when running Apache2
with mod_ssl.so loaded on Leopard Server (10.5.1 Server) with MacPorts
1.6.0apache version
2.2.6 is alleviated completely. I think ticket # 13182 should be updated per
your solution.
However, please note that I have not yet tried to do anything over SSL with
certificates, etc. Also, I am not sure if this will alleviate the perhaps
related problem with Subversion when communicating with Subversion over SSL
with Apache (or there is also the option to communicate with Subversion over
SSL independent of Apache's mod_dav_svn.so module):
http://subversion.tigris.org/faq.html#ssl-negotiation-error
When performing Subversion operations involving a lot of data over SSL, I
> get the error SSL negotiation failed: SSL error: decryption failed or bad
> record mac.
> This can occur due to a problem with OpenSSL 0.9.8. Downgrading to an
> older version (or possibly upgrading to a newer version) is known to fix
> this issue.
>
So maybe for now its best to treat the SSL / Subversion problem separate
from Apache-with-SSL-and-Subversion.
I have some additional tickets to contribute information to later today so I
will add your fix to ticket 13182 unless you prefer to do this.
Thanks,
T.M.
On 1/6/08, Guido Soranzio <guido.soranzio at gmail.com> wrote:
>
> On Jan 6, 2008, at 8:24 PM, Tabitha McNerney wrote:
>
> > I just had an idea. Why not use Apple's libssl.so that comes with
> > Leopard Server
>
>
> Because the goal of the MacPorts project is the contrary of that:
> we should mess with the sources provided by third parties, not with
> the binaries distributed by Apple!
>
> I have tried to apply the rough workaround I suggested you; these
> are the simple steps I followed:
>
>
> * extract the sources of Apache with "sudo port extract apache2"
>
>
> * search where in the sources the option "-export-simbol-regex"
> is defined with:
>
> grep -r "-export-symbols-regex" /opt/local/var/macports/build/
> _opt_local_var_macports_sources_rsync
> .macports.org_release_ports_www_apache2
>
> ==>
>
> [...]
> [...] /httpd-2.2.6/configure: test "x$silent" != "xyes" && echo "
> setting MOD_SSL_LDADD to \"-export-symbols-regex ssl_module\""
> [...]/ httpd-2.2.6/configure: MOD_SSL_LDADD="-export-symbols-regex
> ssl_module"
> [...] /httpd-2.2.6/configure: apr_addto_bugger="-export-symbols-
> regex ssl_module"
> [...]
>
>
> * as suspected, the option is used to build the ssl_module...
>
>
> * let's edit the apache2 Portfile with "sudo port edit apache2" and
> add our patch to the configure script in the Leopard section:
>
> platform darwin 9 {
> depends_build-append port:gawk
> post-extract {
> reinplace "s|-export-symbols-regex ssl_module||g" $
> {worksrcpath}/configure
> }
> }
>
>
> * after cleaning the apache2 port and compiling it, let's test it:
>
> sudo apachectl start
>
>
> * no message errors about missing symbols: we got it!
>
>
> --
> Guido
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20080106/6115b4c2/attachment.html
More information about the macports-users
mailing list