Bug 706457

Summary: httpd no longer resolves SSL_connect
Product: Red Hat Enterprise Linux 6 Reporter: Brian Wheeler <bdwheele>
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED CANTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.1CC: prc
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-09 13:41:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Brian Wheeler 2011-05-20 16:33:16 UTC 
Description of problem:

I have a module which was inherited from RHEL5 which worked just fine in the base RHEL6.  When I upgraded to RHEL 6.1 this morning the module wouldn't load.



Version-Release number of selected component (if applicable):

httpd-2.2.15-9.el6.x86_64

  
Actual results:

Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 2 of /etc/httpd/conf.d/dlp.conf: Syntax error on line 61 of /srv/www/common/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_cas.so into server: /etc/httpd/modules/mod_cas.so: undefined symbol: SSL_connect


Additional info:

rebuilding the module and linking it to libssl solved this, but it is weird that the symbol disappeared within a stable release series.
Comment 2 Joe Orton 2011-05-20 20:22:49 UTC 
Nothing specific here was changed in 6.1 that I'm aware of, but in general if your module worked before it was by chance rather than by design; httpd itself does not link against libssl.  Did you change the set of loaded modules?
Comment 3 Brian Wheeler 2011-05-20 20:33:49 UTC 
Nope, no changes to configuration.  I did the upgrade, and the httpd restart failed.
Comment 4 Joe Orton 2011-06-09 13:41:32 UTC 
I'm sorry that this has caused inconvenience.

I think the likely cause is that OpenLDAP (which is likely linked in to your httpd indirectly) changed from using OpenSSL to Mozilla NSS in 6.1, so libssl would not get pulled in by httpd.

I don't see any appropriate remedy to this; the third-party "mod_cas" should have been linked against -lssl already and the fact that it happened to work previously was by luck rather than design.  Closing out on this basis.