cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

RE: PHP CLI segfault using curl for https

From: Martin McConnell <martin_at_rsm2000.co.uk>
Date: Mon, 25 Jun 2007 09:31:21 +0100

# rpm -qi openssl
Name : openssl Relocations: (not relocatable)
Version : 0.9.7a Vendor: CentOS
Release : 43.16 Build Date: Sat 05 May 2007
08:58:00 BST
Install Date: Wed 20 Jun 2007 18:11:49 BST Build Host: builder6
Group : System Environment/Libraries Source RPM:
openssl-0.9.7a-43.16.src.rpm
Size : 2568755 License: BSDish
Signature : DSA/SHA1, Sat 05 May 2007 14:33:43 BST, Key ID
a53d0bab443e1821
URL : http://www.openssl.org/
Summary : The OpenSSL toolkit.

# rpm -qi curl
Name : curl Relocations: (not relocatable)
Version : 7.12.1 Vendor: CentOS
Release : 11.el4 Build Date: Wed 02 May 2007
22:29:25 BST
Install Date: Wed 20 Jun 2007 18:13:47 BST Build Host:
builder7.centos.org
Group : Applications/Internet Source RPM:
curl-7.12.1-11.el4.src.rpm
Size : 445356 License: MPL
Signature : DSA/SHA1, Sat 05 May 2007 14:31:58 BST, Key ID
a53d0bab443e1821
URL : http://curl.haxx.se/
Summary : A utility for getting files from remote servers (FTP, HTTP,
and others).

They are the most recent versions available from CentOS via yum. Any
bugs/security fixes should have been backported and as you can see these
releases were only built last month.
As I explained I have another server with the same versions of openssl,
curl, php, apache etc, and that one runs fine.

-----Original Message-----
From: curl-and-php-bounces_at_cool.haxx.se
[mailto:curl-and-php-bounces_at_cool.haxx.se]On Behalf Of Daniel Stenberg
Sent: 22 June 2007 21:07
To: curl with PHP
Subject: Re: PHP CLI segfault using curl for https

On Fri, 22 Jun 2007, Martin McConnell wrote:

> curl 7.12.1 (x86_64-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a

Both the curl and OpenSSL versions are ancient, insecure and have numerous
(known) bugs.

> #4 0x0000003eccd693b6 in free () from /lib64/tls/libc.so.6
> #5 0x0000003d2294d8f9 in CRYPTO_free () from /lib64/libcrypto.so.4
> #6 0x0000003d229b2d67 in ASN1_STRING_free () from /lib64/libcrypto.so.4

... that's within OpenSSL.

> If anyone could give me some pointers as to what to try next or where to
> look for clues I'd be very grateful as I'm now out of my depth. If I've
> missed any info out let me know.

Upgrade curl and OpenSSL!

--
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php

Received on 2007-06-25

This message: [ Message body ]
Next message: Daniel Stenberg: "RE: PHP CLI segfault using curl for https"
Previous message: Daniel Stenberg: "Re: PHP CLI segfault using curl for https"
In reply to: Daniel Stenberg: "Re: PHP CLI segfault using curl for https"
Next in thread: Daniel Stenberg: "RE: PHP CLI segfault using curl for https"
Reply: Daniel Stenberg: "RE: PHP CLI segfault using curl for https"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]