I've been trying to upgrade mod_ssl, but I've come across some strange
problems... I believe I've changed the configuration directives
correctly (SSLEngine instead of SSLEnable, etc.), but..
The 'SSLRequireSSL' that I had in the config file wouldn't work. The
error message I got was to the effect that 'SSLSSLRequireSSL' wasn't
a configuration directive!
Also, there appears to be a problem finding the server's certificate
file in the second startup round:
[19/Nov/1998 12:47:55] [info] Init: 1st startup round (still not detached)
[19/Nov/1998 12:47:55] [info] Init: Initializing SSLeay library
[19/Nov/1998 12:47:55] [info] Init: Loading certificate & private key of SSL-aware
server virtual10.execpc.com:0
[19/Nov/1998 12:47:55] [debug] Init: (server.domain.com:0) unencrypted private key -
pass phrase not required
[19/Nov/1998 12:47:56] [info] Init: 2nd startup round (already detached)
[19/Nov/1998 12:47:56] [info] Init: Initializing SSLeay library
[19/Nov/1998 12:47:56] [info] Init: Generating temporary (512 bit) RSA private key
[19/Nov/1998 12:47:56] [info] Init: Initializing (virtual) servers for SSL
[19/Nov/1998 12:47:56] [info] Init: Configuring server server.domain.com:0 for SSL
protocol
[19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Creating new SSL context
[19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Configuring permitted SSL
ciphers
[19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Configuring client
verification locations
[19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Reading server CA
certification file
[19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Configuring server
certificate
[19/Nov/1998 12:47:56] [error] Init: (server.domain.com:443) Ops, can't find server
certificate?!
grepping for open()s under /usr/local from strace output shows...
open("/usr/local/apache/etc/httpd.conf", O_RDONLY) = 3
open("/usr/local/apache/etc/common.conf", O_RDONLY) = 4
open("/usr/local/apache/libexec/libssl.so", O_RDONLY) = 4
open("/usr/local/apache/etc/ssl.conf", O_RDONLY) = 4
open("/usr/local/apache/etc/vssl.conf", O_RDONLY) = 5
open("/usr/local/apache/var/log/ssl.err", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
open("/usr/local/apache/var/log/ssl.cip", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
open("/etc/localtime", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.crt/server.crt", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.key/server.key", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.crt/www.virthost1.com.crt", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.key/www.virthost1.com.key", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.crt/www.virthost2.com.crt", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.key/www.virthost2.com.key", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.crt/www.virthost3.com.crt", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.key/www.virthost3.com.key", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.crt/www.virthost4.com.crt", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.key/www.virthost4.com.key", O_RDONLY) = 3
open("/usr/local/apache/etc/mime.types", O_RDONLY) = 3
open("/usr/local/apache/var/log/ssl.log", O_WRONLY|O_APPEND|O_CREAT, 0644) = 3
open("/usr/local/apache/etc/httpd.conf", O_RDONLY) = 3
open("/usr/local/apache/etc/common.conf", O_RDONLY) = 4
open("/usr/local/apache/libexec/libssl.so", O_RDONLY) = 4
open("/usr/local/apache/etc/ssl.conf", O_RDONLY) = 4
open("/usr/local/apache/etc/vssl.conf", O_RDONLY) = 5
open("/usr/local/apache/var/log/ssl.err", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
open("/usr/local/apache/var/run/ssl.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
open("/usr/local/apache/var/log/ssl.cip", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
open("/usr/local/apache/var/run/ssl_mutex", O_WRONLY|O_CREAT, 0644) = 3
open("/usr/local/apache/var/run/ssl_gcache_data.db", O_RDWR|O_CREAT, 0644) = 3
open("/usr/local/apache/etc/ssl.crt/ca-bundle.crt", O_RDONLY) = 3
open("/usr/local/apache/etc/ssl.crt/ca-bundle.crt", O_RDONLY) = 3
open("/usr/local/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/etc/ssl.crt/ca-bundle.crt", O_RDONLY) = 3
...not sure where those open /usr/local/ssl/cert.pem syscalls are coming
from.
Server setup:
linux 2.0.36 + secure-linux patches
apache 1.3.3
mod_ssl 2.1.0, compiled as DSO
SSLeay 0.9.0b, compiled with bsafe 3.0 (via a bsafeglue library)
Worked just fine with the old mod_ssl 2.0.x tree...
--
Jake Buchholz http://www.execpc.com/~jake
ExecPC Senior Systems Administrator [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
