On Tue, Jul 06, 1999, [EMAIL PROTECTED] wrote:
> We're running Debian Linux (kernel 2.2.7, glibc 2.1), apache 1.3.6 & mod_ssl
> 2.3.5.
>
> Unless we manually chown the ssl_scache.dir and ssl_scache.pag files, we
> get:
>
> Can't open SSLSessionCache DBM file for writing (store): system error
> follows
> w/ a system error of Permission denied.
>
> The system acts a little flaky, but I haven't been able to track down
> consitent negative behavior.
>
> I added some debugging statements to ssl_engine_scache.c (in the
> ssl_scache_dbm_init() function). It turns out that somehow,
> SSL_DBM_FILE_SUFFIX_DIR and SSL_DBM_FILE_SUFFIX_PAG are both defined as
> ".db" instead of ".pag" and ".dir", respectively. I don't know why they're
> getting defined this way in mod_ssl.h (and I'm not sure how to debug
> preproccessor stuff). This of course causes chown() to fail.
>
> Check those return values!!!
>
> Anyway, manually chowning the files fixes this, and as I said, I'm not sure
> this caused any actual problems (besides presumably adding connection
> overhead by forcing renegotiated sesssions).
>
> Thought you'd want to know, though. Let me know if you need more info.
Because there is no really correct way to determine the file suffixes, mod_ssl
2.3.6 now does the chown() the hard way: 1. xx, 2. xx.<guessed-suffix>, 3.
xx.db, 4. xx.{dir,pag}. Additionally it now allows you to configure via
CFLAGS="-DSSL_DBM_FILE_SUFFIX_DIR=foo -DSSL_DBM_FILE_SUFFIX=PAG=bar" in case
you have to make it running on even more esoteric platforms. I really hate
this NDBM stuff. Seems like my next abstraction library will by a DBM
library..... :-(
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
