Bug 1633152

Summary: mod_session missing apr-util-openssl
Product: Red Hat Enterprise Linux 7 Reporter: Branislav Náter <bnater>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Maryna Nalbandian <mnalband>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: danofsatx, jorton, luhliari
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1633260 1633973 (view as bug list) Environment:
Last Closed: 2020-03-31 20:03:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1630907, 1633260, 1633973    

Description Branislav Náter 2018-09-26 09:51:15 UTC 
Description of problem:
httpd is not able to start when mod_session is configured to use mod_session_crypto

Version-Release number of selected component (if applicable):
mod_session-2.4.6-80.el7_5.1

How reproducible:
always

Steps to Reproduce:
1. install mod_session
2. uncomment loading of mod_session_crypto in module config (/etc/httpd/conf.modules.d/01-session.conf)
3. start httpd

Actual results:
systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
kill[3455]: kill: cannot find process ""
systemd[1]: httpd.service: control process exited, code=exited status=1
systemd[1]: Failed to start The Apache HTTP Server.
systemd[1]: Unit httpd.service entered failed state.

httpd error_log:
[session_crypto:error] [pid 19768] (20019)DSO load failed: AH01845: The crypto library 'openssl' could not be loaded: /usr/lib64/apr-util-1/apr_crypto_openssl-1.so: cannot open shared object file: No such file or directory (apr_crypto_openssl-1.so: 0)

Expected results:
successful start of httpd

Additional info:
Installing apr-util-openssl fix this.
Comment 1 Joe Orton 2018-09-26 11:20:01 UTC 
The API design in apr-util is poor here.  Probably mod_session should Requires: apr-util-openssl, though

https://src.fedoraproject.org/rpms/apr-util/c/7def96255723f89df0831670d8bd9a6be5a979c3

is better/simpler than tracking each API consumer for the future.
Comment 7 Dan Mossor [danofsatx] 2019-08-13 16:02:45 UTC 
This is now affecting RHEL 7.6 production systems. We cannot enforce the RHEL 7 STIG without mod_session, and httpd will not start with apr-util-openssl missing.
Comment 11 errata-xmlrpc 2020-03-31 20:03:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1121