List Info

Thread: DO NOT REPLY New: - staticly compiled mod_ssl results in missreading OpenSSL version i
DO NOT REPLY New: - staticly compiled mod_ssl results in missreading OpenSSL version i
country flaguser name
United States		 2007-10-24 15:28:17 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43
695>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43695

           Summary: staticly compiled mod_ssl results in
missreading OpenSSL
                    version information when displaying
Server Tokens
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugshttpd.apache.org
        ReportedBy: c.hargrgmail.com


OS: Fedora Core 4
Platform: i386 (also reproduced in VMware)
OpenSSL v0.9.7f

compiling with
./configure --with-mpm=prefork --enable-ssl --disable-status
--disable-userdir
--enable-so

results in: (sorry if the character after mod_ssl does not
show - this is where
the openssl version should display - in this case it is
x01)
Apache/2.2.6 (Unix) mod_ssl/2.2.6 

In one request - apache reported back all the mime types.
Another time it just appended 'AddType'
Other times it displays a sequence of non-readable (and
against RFC) characters.

Screenshot from a header check is here:
http://img509.imageshack.us/img509/3249/sc
reenshothttphttpsheadre8.png

It appears as if it is referencing memory incorrectly.

As a temporary fix - ServerTokens Prod - does the job (which
we should be using
anyway).

If I set mod_ssl as shared object - this problem dissapears
- and the OpenSSL
version is properly displayed in the header.

Searching forums and such - I found some reports of this
problem - but no
responses or solutions.

-chris

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema
il
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
assignee.

------------------------------------------------------------
---------
To unsubscribe, e-mail: bugs-unsubscribehttpd.apache.org
For additional commands, e-mail: bugs-helphttpd.apache.org
DO NOT REPLY - static mod_ssl results in corrupt header response
country flaguser name
United States		 2007-10-24 16:15:09 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43
695>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43695


c.hargrgmail.com changed:

           What    |Removed                     |Added
------------------------------------------------------------
----------------
            Summary|staticly compiled mod_ssl   |static
mod_ssl results in
                   |results in missreading      |corrupt
header response
                   penSSL
version information |
                   |when displaying Server      |
                   |Tokens                      |




------- Additional Comments From c.hargrgmail.com
 2007-10-24 14:15 -------
Another response forwarded to us by a user (this instance
would have been a
redirect):

The font color was inserted by their proxy software - but
you see that the
mime.types are inserted following mod_ssl.

NOTE: I removed "Location:" section.

HTTP/1.1 302 Found Date: Thu, 18 Oct 2007 19:25:33 GMT
Server: Apache/2.2.6
(Unix) mod_ssl/2.2.6 v video/nv video/parityfec
video/pointer video/quicktime qt
mov video/raw video/rtp-enc-aescm128 video/rtx
video/smpte292m video/vc1
video/vnd.dlna.mpeg-tts video/vnd.fvt fvt
video/vnd.hns.video
video/vnd.motorola.video video/vnd.motorola.videop
video/vnd.mpegurl mxu m4u
video/vnd.nokia.interleaved-multimedia
video/vnd.nokia.videovoip
video/vnd.objectvideo video/vnd.sealed.mpeg1
video/vnd.sealed.mpeg4
video/vnd.sealed.swf video/vnd.sealedmedia.softseal.mov
video/vnd.vivo viv
video/x-fli fli video/x-ms-asf asf asx video/x-ms-wm wm
video/x-ms-wmv wmv
video/x-ms-wmx wmx video/x-ms-wvx wvx video/x-msvideo avi
video/x-sgi-movie
movie x-conference/x-cooltalk ice if btif image/prs.pti
image/svg+xml svg svgz
i&#572;font
color=red>377777776230610&#248239;nt
color=red>377777776230610?377777776230610&#
512;177 ?nt
color=red>37777777604 &#1596;font color=red>03
P3P: CP='NOI' Set-Cookie:
UPTCLICKTHRU=1046-282493-639a9cf1bd; expires=Sat, 26-Jan-08
19:25:35 GMT; path=/
Keep-Alive: timeout=30, max=100 Connection: Keep-Alive
Transfer-Encoding:
chunked Content-Type: text/html 0 


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema
il
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
assignee.

------------------------------------------------------------
---------
To unsubscribe, e-mail: bugs-unsubscribehttpd.apache.org
For additional commands, e-mail: bugs-helphttpd.apache.org
DO NOT REPLY - static mod_ssl results in corrupt header response
country flaguser name
United States		 2007-10-24 16:18:25 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43
695>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43695


c.hargrgmail.com changed:

           What    |Removed                     |Added
------------------------------------------------------------
----------------
           Severity|normal                      |major
         OS/Version|other                       |Linux




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema
il
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
assignee.

------------------------------------------------------------
---------
To unsubscribe, e-mail: bugs-unsubscribehttpd.apache.org
For additional commands, e-mail: bugs-helphttpd.apache.org
DO NOT REPLY - static mod_ssl results in corrupt header response
country flaguser name
United States		 2007-10-24 16:22:24 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43
695>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43695


c.hargrgmail.com changed:

           What    |Removed                     |Added
------------------------------------------------------------
----------------
           Platformther     
                 |PC
            Version|2.3-HEAD                    |2.2.6




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema
il
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
assignee.

------------------------------------------------------------
---------
To unsubscribe, e-mail: bugs-unsubscribehttpd.apache.org
For additional commands, e-mail: bugs-helphttpd.apache.org
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )