https://bz.apache.org/bugzilla/show_bug.cgi?id=66036
Alex Ciobotaru <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #2 from Alex Ciobotaru <[email protected]> --- > I'm not sure what you mean by "no worker context shall issue a C_Login" - do > you mean that is what you observed (nothing did a C_Login) Correct. Doing reload does not yield any C_Login(), but the new reloaded context considers the application already initialized/logged and just does the C_Sing() call yielding CKR_USER_NOT_LOGGED_IN. So it seems there is a difference between restarting and reloading logic the httpd service and I'm suspecting it has to do with pkcs#11 engine fork detection when reloading versus restarting. From: https://httpd.apache.org/docs/2.4/stopping.html - Graceful Restart section it seems that the post-reload children forget to C_Login(). For example, starting the httpd as a Type=oneshot service yields the same result (i.e. CKR_USER_NOT_LOGGED_IN) but as Type=forking it works. > Interesting. mod_ssl does not speak PKCS#11 directly, OpenSSL handles that Correct, but a forking NGINX for example handles this correctly. True. For differential diagnosis I compared the same openssl/libp11 infrastructure with NGINX with SSL/TLS graceful reload mechanism and it works as expected - re-issue the C_Login() Is this in the wrong component category? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
