Bug 253394

Summary: www/apache24: OpenSSL KTLS causes regression: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
Product: Ports & Packages Reporter: O. Hartmann <ohartmann>
Component: Individual Port(s)Assignee: Jochen Neumeister <joneum>
Status: Closed FIXED    
Severity: Affects Many People CC: fkr, jhb, joneum, ohartmann
Priority: --- Flags: bugzilla: maintainer-feedback? (apache)
Version: Latest   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253214
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251969

Description O. Hartmann 2021-02-10 05:49:05 UTC
After introduction and activation of KTLS in CURRENT, servers running the KTLS activated kernel and serving webservices via www/apache24 stopped working, please see similar bugs reported for the KTLS issue in PR 253135 , PR 253214 . The issue is severe, any connection to a server running KTLS kernel and non-patched www/apache24 seem to reject connection. Firefox is

reportingSSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
Comment 1 O. Hartmann 2021-02-13 19:15:48 UTC
As a temporary, preliminary workaround: The problem disappears by adding

WITHOUT_OPENSSL_KTLS

to /etc/src.conf
Comment 2 Felix Kronlage-Dammers 2021-02-26 17:50:58 UTC
jhb@ created this review for a fix (and this fixes the issue for me).

https://reviews.freebsd.org/D28932
Comment 3 John Baldwin freebsd_committer freebsd_triage 2021-02-26 23:45:15 UTC
*** Bug 253879 has been marked as a duplicate of this bug. ***
Comment 4 O. Hartmann 2021-02-28 17:13:57 UTC
(In reply to Felix Kronlage-Dammers from comment #2)

The patch referred to at

https://reviews.freebsd.org/D28932

solves at least for me the problem reported herein.

Regards
oh
Comment 5 Jochen Neumeister freebsd_committer 2021-03-10 21:32:31 UTC
after many positive messages here I am still testing the patch in Poudriere, and will release it the days
Comment 6 commit-hook freebsd_committer 2021-03-13 16:13:02 UTC
A commit references this bug:

Author: joneum
Date: Sat Mar 13 16:12:40 UTC 2021
New revision: 568256
URL: https://svnweb.freebsd.org/changeset/ports/568256

Log:
  fix OpenSSL KTLS causes regression: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT

  PR:		253394
  Reported by:	many
  Approved by:	apache (with hat)
  MFH:	2021Q1
  Sponsored by:	Netzkommune GmbH
  Differential Revision:	https://reviews.freebsd.org/D28932

Changes:
  head/www/apache24/Makefile
  head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c
Comment 7 commit-hook freebsd_committer 2021-03-13 16:16:04 UTC
A commit references this bug:

Author: joneum
Date: Sat Mar 13 16:15:32 UTC 2021
New revision: 568258
URL: https://svnweb.freebsd.org/changeset/ports/568258

Log:
  MFH: r568256

  fix OpenSSL KTLS causes regression: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT

  PR:		253394
  Reported by:	many
  Approved by:	apache (with hat)
  Sponsored by:	Netzkommune GmbH
  Differential Revision:	https://reviews.freebsd.org/D28932

Changes:
_U  branches/2021Q1/
  branches/2021Q1/www/apache24/Makefile
  branches/2021Q1/www/apache24/files/patch-modules_ssl_ssl__engine__io.c
Comment 8 Jochen Neumeister freebsd_committer 2021-03-13 16:19:15 UTC
Thx all for testing :-)