On 2/2/2012 1:02 PM, Daniel Ruggeri wrote: > Since this happens with every attempt to start, I suspect it has nothing > to do with the new directive and more to do with something I did on the > openssl build.
I was, indeed, doing something stupid. A build with openssl 1.0.0g replicates the behavior of 0.9.8g in that it fails when SSLProxyMachineCertificateChainFile is enabled. The annoying part is that (due to the error I get when running in dbx) I can get no useful information in a debug session from Solaris. ... so I've switched to RHEL and gdb and have interesting information. Under Linux, I get this error on init: [Fri Feb 03 10:56:21 2012] [error] Init: Failed to enable Crypto Device API `chil' [Fri Feb 03 10:56:21 2012] [error] SSL Library Error: 2164682852 error:81067064:CHIL engine:HWCRHK_INIT:already loaded [Fri Feb 03 10:56:21 2012] [error] SSL Library Error: 638287981 error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed This only happens when SSLProxyMachineCertificateChainFile is set.... With some quick debugging I see that the hwcrhk_finish DOES NOT get called during ssl_cleanup_pre_config... but DOES get called when the directive has been removed. To me, it looks like httpd has not registered the engine for cleanup, but that certainly shouldn't be impacted by this patch. It seems something in the process of loading the store is complicating things. I'll continue poking around, but pointers are certainly appreciated. -- Daniel Ruggeri
