|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55470 Crash when calling openssl_sign under mod_php
Submitted: 2011-08-21 00:26 UTC Modified: 2011-10-03 15:15 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: douglas dot wright at pre-school dot org dot uk Assigned: pajoye (profile)
Status: Not a bug Package: Apache2 related
PHP Version: 5.3.7 OS: Windows Server 2008/Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: douglas dot wright at pre-school dot org dot uk
New email:
PHP Version: OS:


 [2011-08-21 00:26 UTC] douglas dot wright at pre-school dot org dot uk
Attempting to use openssl_sign() when running under mod_php causes a crash.

The test script works without problem when run from the command line.

Tested with the Apache Lounge build of Apache 2.2.19 (latest)

Test script:
//non-confidential test key
$key = <<<ENDKEY

openssl_sign('foo', $signature, $key);
echo base64_encode($signature);

Expected result:
Running the test script should output 1-2 lines of base64. 

Actual result:
Apache process terminates, no output is sent to browser.

The Apache error log contains the message: "Parent: child process exited with status 255 -- Restarting."

PHP's error log says nothing.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-30 08:10 UTC] ska-pig at gmx dot net
The problem is probably a wrong opensll library version. When PHP runs as an apache module it will use libeay32.dll and ssleay32.dll from the apache\bin directory rather than the ones in your php installation folder. Apache from apachelounge is built with openssl 1.0.0d but PHP with openssl 0.9.8r. Copying libeay32.dll and ssleay32.dll from the PHP folder to your apache bin directory will likely solve the problem, although this might cause problems with apache if you use SSL with apache as well.
 [2011-08-30 10:13 UTC] douglas dot wright at pre-school dot org dot uk
Having tested, I confirm that overwriting the Apache version of those two SSL files with PHP's stops the crash.

However as I do use HTTPS, it's not a fix I can put into production.

Surely PHP should be using it's own copy of openssl?
 [2011-08-30 10:37 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2011-08-30 10:37 UTC]
I think Windows' openssl lib should be updated.
 [2011-08-30 11:53 UTC]
-Status: Assigned +Status: Feedback
 [2011-08-30 11:53 UTC]
it is already 0.9.8r, which version do you need then?
 [2011-08-30 18:26 UTC]

So it is most likely due to this change and we can't update to 1.0.0 yet (for this 
exact reason). I will see if they can rollback this change.
 [2011-09-01 09:36 UTC]
-Status: Feedback +Status: Bogus
 [2011-09-01 09:36 UTC]
Actually not a php issue but yet another break in ABI between openssl versions. 
Apachelounge will restore 0.9.8r support. We will try to sync us to move to 1.x or 
provide two builds.
 [2011-10-03 14:57 UTC] paresy at gmx dot net
Has there been any progress on this one? ApacheLounge forums mentioned beta1 as a 
possible target for a move to 1.0, but that didn't happen. I would really 
appreciate if you could provide a second build with OpenSSL 1.0.
 [2011-10-03 15:02 UTC]
Yes, apachelounge is rolling openssl back to 0.9.x serie.
 [2011-10-03 15:06 UTC] paresy at gmx dot net
Does this mean, that you won't switch to OpenSSL 1.0 for the PHP 5.4 release? 
Can i build PHP by myself with OpenSSL 1.0 support?
 [2011-10-03 15:15 UTC]
Question: Why do you need openssl 1.0 in the 1st place?

And this bug is about 5.3.x which won't have 1.x ever, for compatibility reasons. 
This is not due to PHP but OpenSsl having versions incompatible with each other 
(happened even between patch releases).
 [2011-10-03 15:38 UTC] paresy at gmx dot net
My custom build webserver is using OpenSSL 1.0 with its new features. Therefore i 
can't go back to 0.9.8 and at the moment i am missing SSL support in PHP.

If there is any workaround available, or i can build PHP 5.4 for OpenSSL 1.0, i 
would give it a shot, if you say that OpenSSL 1.0 support is not coming for the 
PHP 5.4 release. (At least building PHP on Windows looked like a lot of work)

I will be glad to open a feature request for 5.4 if that fits in your workflow. I 
don't need it in 5.3.x.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Apr 16 01:01:28 2024 UTC