[sr-dev] massive TLS crashes

Klaus Darilion klaus.mailinglists at pernau.at
Tue Feb 23 09:15:37 CET 2010 

Some analysis ...

Am 22.02.2010 22:21, schrieb Andrei Pelinescu-Onciul:
> Note that another very strange thing is the version number.
>  From your log:
>   INFO: tls [tls_init.c:486]: tls: _init_tls_h:  compiled  with  openssl
>   version "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008" (0x0090802f), kerberos
>                   ^^^^^^^                          ^^^^^^^^^^
>
> 0x0090802f means openssl 0.9.8b (release) and not 0.9.8e.
> It looks like OPENSSL_VERSION_NUMBER is different from
> OPENSSL_VERSION_TEXT in you include/openssl/opensslv.h. Out o curiosity
> could you verify that that's the case?

# cat /etc/redhat-release
CentOS release 5.4 (Final)

# rpm -qa|grep ssl
openssl-devel-0.9.8e-12.el5_4.1
openssl-0.9.8e-12.el5_4.1

extract from /usr/include/openssl/opensslv.h:

#define OPENSSL_VERSION_NUMBER  0x0090802fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"
#else
#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8e-rhel5 01 Jul 2008"
#endif
#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT

really strange. I downloaded and extracted RH 
openssl-0.9.8e-12.el5_4.1.src.rpm and greped for "OPENSSL_VERSION":

openssl-fips-0.9.8e-abi.patch:-#define OPENSSL_VERSION_NUMBER   0x00908060L
openssl-fips-0.9.8e-abi.patch:+#define OPENSSL_VERSION_NUMBER   0x0090802fL
openssl-fips-0.9.8e-abi.patch:-#define OPENSSL_VERSION_TEXT     "OpenSSL 
0.9.8f-fips-dev xx XXXX xxxx"
openssl-fips-0.9.8e-abi.patch:+#define OPENSSL_VERSION_TEXT     "OpenSSL 
0.9.8e-fips-rhel5 01 Jul 2008"

Further the SRPM contains openssl-fips-0.9.8e-usa.tar.bz2 which contains 
a opensslv.h with:

#define OPENSSL_VERSION_NUMBER  0x00908060L
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8f-fips-dev xx XXXX xxxx"
#else
#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8f-dev xx XXXX xxxx"
#endif
#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT

Looks like RH is using a 0.9.8f-dev version, which is named 0.9.8e, and 
numbered like 0.9.8b - maybe for compatibility reasons with earlier 
RHEL5 releases.

regards
klaus

More information about the sr-dev mailing list