DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16630>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16630 SSL Session data not stored to the session cache Summary: SSL Session data not stored to the session cache Product: Apache httpd-2.0 Version: 2.0.44 Platform: HP OS/Version: HP-UX Status: NEW Severity: Normal Priority: Other Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] 1. For each downloaded document from https server with client authentication, a browser (IE 5.5, IE 6.0, Mozilla-1.2.1) ask for a private key password. On server side, I tested next combinations: - openssl-0.9.6g openssl-0.9.7 - Apache httpd-2.0.40 Apache httpd-2.0.44 - build-in sdbm gdbm 1.8.0 - CA cert uses 2048-bits - server and user certs use 1024-bits - HP-UX 11.00: HP-UX mailhub2 B.11.00 U 9000/800 154C.... I increase LogLevel to debug and next lines shows, that the session is not stored in dbm (sdbm or gdbm): [Fri Jan 31 08:26:20 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process Session Cache: request=SET status=BAD id=04547FF214...59BCE46 timeout=294s (session caching) [Fri Jan 31 08:26:20 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process Session Cache: request=GET status=MISSED id=04547FF214...59E159BCE46 (session renewal) [Fri Jan 31 08:26:22 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process Session Cache: request=SET status=BAD id=7A1E667FF...39E175C275EE timeout=298s (session caching) [Fri Jan 31 08:26:47 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process Session Cache: request=GET status=MISSED id=7A1E667FF3...39E175C275EE (session renewal) [Fri Jan 31 08:26:49 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process Session Cache: request=SET status=BAD id=3B83F5CB51...AB44344 timeout=298s (session caching) [Fri Jan 31 08:26:55 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process Session Cache: request=GET status=MISSED id=3B83F5CB51...AB44344 (session renewal) I add some debuging code to the modules/ssl/ssl_scache_dbm.c:ssl_scache_dbm_store which shows, that idlen is 32 bytes, nData(i2d_SSL_SESSION(sess, NULL)) is 1387 bytes, together 1419 bytes, that is more then 950 bytes (default dbm limit in modules/ssl/ssl_scache_dbm.c:ssl_scache_dbm_store). As workaround, I change - modules/ssl/ssl_scache_dbm.c:ssl_scache_dbm_store from if ((idlen + nData) >= 950 /* at least less than approx. 1KB */) return FALSE; to # Additional debuging code # char logstr[501]; # snprintf(logstr,500,"Dbm pairsize: idlen: %d, nData: %d, sum: %d, limit: less then 2000",idlen,nData,idlen+nData); # ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, logstr); if ((idlen + nData) >= 2000 return FALSE; - srclib/apr-util/dbm/sdbm/sdbm_private.h from #define DBLKSIZ 4096 #define PBLKSIZ 1024 #define PAIRMAX 1008 /* arbitrary on PBLKSIZ-N */ to #define DBLKSIZ 16384 #define PBLKSIZ 8192 #define PAIRMAX 8008 /* arbitrary on PBLKSIZ-N */ 2. Not a bug, just for information At the upgrade from openssl-0.9.6g to openssl-0.9.7 I noticed that the serial number atribute name in env. variable SSL_CLIENT_S_DN changed from SN=... to serialNumber=... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
