Try to recompile cURL with the new version of OpenSSL and after that
recompile your PHP. I use mod_ssl with Apache and everything works well.
Eugene.
----- Original Message -----
From: "Stephen Amadei" <amadei_at_dandy.net>
To: <curl-and-php_at_lists.sourceforge.net>
Sent: Tuesday, June 10, 2003 2:46 PM
Subject: OpenSSL + PHP4 + cURL + Apache = HTTPS:\\*BOOM*

>
> Hey guys.
>
> I have a particular problem with cURL and libcurl.
>
> I have used cURL and libcurl for quite some time with
> my OpenSSL/PHP4/Apache webservers. Actually, I us the
> ApacheToolBox with some custom bits to compile my webserver.
> Anyway, as newer versions of OpenSSL and PHP4 (and cURL) come out,
> I've had more and more problems getting OpenSSL to function. Since my
> internal systems _only_ run HTTPS, this is a problem.
>
> With the latest OpenSSL 0.9.7b, PHP 4.3.2, Apache 1.3.27
> and cURL 7.10.5, I am completely unable to run HTTPS on my webserver.
> I slowly went through the mods and add-ons and finally narrowed it
> down to cURL, which is normally compiled into my PHP4 before PHP4 gets
> compiled into Apache.
>
> The compile goes well, but when I run my webserver, it can't dish out
> HTTPS pages... but it can run non-SSL. In my ssl_engine_log, I get
>
> SSL handshake failed (server Canopus.dandy.net:443, client 209.128.224.6)
> (OpenSSL library error follows)
> [error] OpenSSL: error:1409D08A:SSL routines:func(157):reason(138)
>
> The OpenSSL error is "SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable".
>
> If I do the _exact_ same compile with libcurl deleted from my system,
> OpenSSL works perfectly.
>
> My system is Slackware 8.1 with a reasonably new kernel... 2.4.19-grsec
> I have gone on a all-out extermination before reinstalling the
> lastest versions of PHP4, OpenSSL and cURL, so I know that it isn't
> leftover include files or libraries.
>
> Interestingly enough, every thing seemed to work fine under older versions
> of cURL... I think the last one was 7.8.x. Also, everything works find on
> my Slackware 9.0 system using the same code.
>
> I'm just baffled. To be honest, I'm not expecting anyone here to be able
> to solve the problem, but I wanted to see if anyone has any idea what cURL
> could be doing to upset my house of cards.
>
> While I don't _need_ cURL on my internal systems, I am afraid I might need
> it on my production servers, so I _would_ like to come up with a fix.
>
> Thanks in advance.
>
> ----Steve
> Stephen Amadei
> Dandy.NET! CTO
> Atlantic City, NJ
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The best
> thread debugger on the planet. Designed with thread debugging features
> you've never dreamed of, try TotalView 6 free at www.etnus.com.
>
>

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
Received on 2003-06-10