Ralf S. Engelschall wrote:
>
>
> Perhaps your <VirtualHost> which has the "SSLEngine on" is not applied at all.
> For instance because it doesn't match your Listen directives. Because such
> hangs usually mean one connects via HTTP to a HTTPS port or vice versa.
No. But I have tried some more things. As I said before, it works
sometimes. This eliminates the possibility of a misconfiguration (at
least ist should :-)).
And it's the same configuration, that worked perfectly with openssl0.9.2
+ modssl2.2.8.
It seems to be a problem with the dbm-session-cache. I just made a
"hope-it-will-help-you-to-find-the-problem" session.
I stopped apache, erased /var/log/httpd_error_log and
/var/log/httpd_ssl_engine_log and then started apache.
Then I waited a minute (this does matter).
Then I connected to apache with the openssl-client:
openssl s_client -connect pyros:443 -debug
I instantly got a *working* connection (taht meand I got the
server-certificate and a *lot* of debug data). I entered my http-Request
("GET / HTTP/1.0") and got the reply (along with a lot of debug-data).
I immediately executed the same openssl-command, but this time apache
hanged. I just get a few debug-bytes (see the attached file
"typescript") and then nothing happend.
If you look into httpd_error_log, you will notice the problem with the
session-cache. And I think "Hier liegt der Hund begraben" (english: this
seems to be the problem).
The session cache exists but has wrong access rights:
-rw------- 2 root root 12288 Jul 13 14:47
/var/run/httpd_ssl_scache.dir
-rw------- 2 root root 12288 Jul 13 14:47
/var/run/httpd_ssl_scache.pag
Apache (or mod_ssl) somehow forgot to chown to httpd.root (apache ist
running as user "httpd").
When I delete these files and restart they are created with the correct
access-rights (owner httpd.root; mode 0600). But somehow they become
root.root.
I will send httpd_ssl_engine_log to rse only, because it's 36k
(SSLLogLevel was "debug").
Jens
CONNECTED(00000003)
write to 0807F000 [080874E0] (109 bytes => 109 (0x6D))
0000 - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .k....B... .....
0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 ................
0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 ................
0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 .......@........
0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 34 13 2e .............4..
0050 - 6d fc 9c 11 3e 9d 2b 44-83 b4 ac a4 4c 1d 5c 97 m...>.+D....L.\.
0060 - 0e 3a 64 b1 c3 21 6a 99-82 09 1f 89 b9 .:d..!j......
[Wed Jul 14 21:55:02 1999] [notice] Apache/1.3.6 (Unix) PHP/3.0.11 mod_ssl/2.3.5
OpenSSL/0.9.3a configured -- resuming normal operations
[Wed Jul 14 21:58:33 1999] [error] mod_ssl: Cannot open SSLSessionCache DBM file
`/var/run/httpd_ssl_scache' for writing (store) (System error follows)
[Wed Jul 14 21:58:33 1999] [error] System: Permission denied (errno: 13)
[Wed Jul 14 21:59:25 1999] [error] mod_ssl: SSL handshake interrupted by system
(System error follows)
[Wed Jul 14 21:59:25 1999] [error] System: Broken pipe (errno: 32)
