mod_ssl, Apache2 and Leopard with patch -- doesn't work

Tabitha McNerney tabithamc at gmail.com
Mon Jan 7 03:07:09 PST 2008


Hello Guido and all others interested ...

I have amended Ticket numbers: 13182 and 11755 per this thread.

Thanks,

T.M.

On 1/6/08, Tabitha McNerney <tabithamc at gmail.com> wrote:
>
> Guido,
>
> I can confirm that your solution that you eloquently described
> aforementioned works perfectly -- the namespace error when running Apache2
> with mod_ssl.so loaded on Leopard Server (10.5.1 Server) with MacPorts
> 1.6.0 apache version 2.2.6 is alleviated completely. I think ticket #
> 13182 should be updated per your solution.
>
> However, please note that I have not yet tried to do anything over SSL
> with certificates, etc. Also, I am not sure if this will alleviate the
> perhaps related problem with Subversion when communicating with Subversion
> over SSL with Apache (or there is also the option to communicate with
> Subversion over SSL independent of Apache's mod_dav_svn.so module):
>
> http://subversion.tigris.org/faq.html#ssl-negotiation-error
>
> When performing Subversion operations involving a lot of data over SSL, I
> > get the error SSL negotiation failed: SSL error: decryption failed or bad
> > record mac.
> > This can occur due to a problem with OpenSSL 0.9.8. Downgrading to an
> > older version (or possibly upgrading to a newer version) is known to fix
> > this issue.
> >
>
> So maybe for now its best to treat the SSL / Subversion problem separate
> from Apache-with-SSL-and-Subversion.
>
> I have some additional tickets to contribute information to later today so
> I will add your fix to ticket 13182 unless you prefer to do this.
>
> Thanks,
>
> T.M.
>
> On 1/6/08, Guido Soranzio <guido.soranzio at gmail.com> wrote:
> >
> > On Jan 6, 2008, at 8:24 PM, Tabitha McNerney wrote:
> >
> > > I just had an idea. Why not use Apple's libssl.so that comes with
> > > Leopard Server
> >
> >
> > Because the goal of the MacPorts project is the contrary of that:
> > we should mess with the sources provided by third parties, not with
> > the binaries distributed by Apple!
> >
> > I have tried to apply the rough workaround I suggested you; these
> > are the simple steps I followed:
> >
> >
> > * extract the sources of Apache with "sudo port extract apache2"
> >
> >
> > * search where in the sources the option "-export-simbol-regex"
> >    is defined with:
> >
> >    grep -r "-export-symbols-regex" /opt/local/var/macports/build/
> > _opt_local_var_macports_sources_rsync
> > .macports.org_release_ports_www_apache2
> >
> > ==>
> >
> > [...]
> > [...] /httpd-2.2.6/configure:    test "x$silent" != "xyes" && echo "
> > setting MOD_SSL_LDADD to \"-export-symbols-regex ssl_module\""
> > [...]/ httpd-2.2.6/configure:    MOD_SSL_LDADD="-export-symbols-regex
> > ssl_module"
> > [...] /httpd-2.2.6/configure:    apr_addto_bugger="-export-symbols-
> > regex ssl_module"
> > [...]
> >
> >
> > * as suspected, the option is used to build the ssl_module...
> >
> >
> > * let's edit the apache2 Portfile with "sudo port edit apache2" and
> >    add our patch to the configure script in the Leopard section:
> >
> >    platform darwin 9 {
> >        depends_build-append port:gawk
> >         post-extract {
> >             reinplace "s|-export-symbols-regex ssl_module||g" $
> > {worksrcpath}/configure
> >         }
> > }
> >
> >
> > * after cleaning the apache2 port and compiling it, let's test it:
> >
> >    sudo apachectl start
> >
> >
> > * no message errors about missing symbols: we got it!
> >
> >
> > --
> > Guido
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20080107/01b60113/attachment.html


More information about the macports-users mailing list