Restarts fixed (was: Re: mod_ssl 2.2.3 restart bug?)

Wed, 3 Mar 1999 05:04:31 -0500 

On Tue, Mar 02, 1999, Ralf S. Engelschall wrote:

> On Tue, Mar 02, 1999, Sander Steffann wrote:
> 
> > Same problem here on Linux. https is also down after a graceful restart.
> > Sander.
> > 
> > >mod_ssl/2.2.3 failed to restart(kill -HUP).
> > >After restarting, http is OK, but https is down.
> > >OS is Solaris2.6(on SS20).
> 
> I'll investigate in a few hours.
>[...]

Ok, I've now found and successfully fixed this problem for mod_ssl 2.2.4.
Thanks for the hints. It was my fault because I've forgotten that OpenSSL's
d2i_xx functions also change the data pointer (and not only i2d_xxx where I've
finally done it correctly). I've to incorporate some experimental EAPI hooks
for vendors before I can release 2.2.4 today or tomorrow, so I append you the
essential patch below. Apply it to ssl_engine_kernel.c and your server
should again survive restarts without problems. The patch is already
comitted this way for mod_ssl 2.2.4.

Greetings,
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

Index: ssl_engine_init.c
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.50
retrieving revision 1.52
diff -u -r1.50 -r1.52
--- ssl_engine_init.c   1999/02/21 16:40:07     1.50
+++ ssl_engine_init.c   1999/03/03 09:29:24     1.52
@@ -321,6 +321,7 @@
     SSL_CTX *ctx;
     STACK *skCAList;
     ssl_asn1_t *asn1;
+    unsigned char *ucp;
     char *cp;
 
     /*
@@ -454,7 +455,13 @@
                 "Init: (%s) Ops, can't find server certificate?!", cpVHostID);
         ssl_die();
     }
-    sc->px509Certificate = d2i_X509(NULL, &(asn1->cpData), asn1->nData);
+    ucp = asn1->cpData;
+    if ((sc->px509Certificate = d2i_X509(NULL, &ucp, asn1->nData)) == NULL) {
+        ssl_log(s, SSL_LOG_ERROR,
+                "Init: (%s) Failed to convert server certificate "
+                "from DER to internal format?!", cpVHostID);
+        ssl_die();
+    }
 
     /*
      *  Configure server private key
@@ -465,8 +472,14 @@
         ssl_log(s, SSL_LOG_ERROR,
                 "Init: (%s) Ops, can't find server private key?!", cpVHostID);
         ssl_die();
+    }
+    ucp = asn1->cpData;
+    if ((sc->prsaKey = d2i_RSAPrivateKey(NULL, &ucp, asn1->nData)) == NULL) {
+        ssl_log(s, SSL_LOG_ERROR,
+                "Init: (%s) Failed to convert server private key "
+                "from DER to internal format?!", cpVHostID);
+        ssl_die();
     }
-    sc->prsaKey = d2i_RSAPrivateKey(NULL, &(asn1->cpData), asn1->nData);
 
     return;
 }
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to