> > before we embark on a mission here :-) Any known issues building
> > Apache-SSL with SSLeay 0.9.0 on Linux-glibc6?
>
> Nope.
Hmm, I'm getting an error when the httpsd binary built with 0.9.0 (still
static) tries to read the cert, "error seting default verify locations".
Haven't run into this one before -- thoughts? There's no CA stuff set up
on the testing server . . . but this doesn't pose a problem with a binary
using 0.8.0.
The basic culprit appears to be this addition (crypto/x509/x509_d2.c:105):
if ((path == NULL) && (file == NULL))
return(0);
Formerly, a null path and a null file returned the default value of 1.
However, if you remove this check, you now get a complimentary SEGV upon
executing this call, free of charge :-) There appear to be some deeper
changes in the x509 stuff.
So, I guess the repair question is: should it be defined as a
misconfiguration to have no valid CA information in the configuration file
(and thus Apache-SSL could gripe and croak if the values were missing)
... or ...
should we detect the condition as an acceptable special-case
configuration, and feed SSLeay something acceptable as inputs to
SSL_CTX_load_verify_locations / SSL_CTX_set_default_verify_paths,
... or ...
whine to Eric about the change to 0.9.0's behavior :-)
- Rob