Hi all
It's kinda strange to reply to a message written by myself, but I wonder
why my message went completely unnoticed.
Please, is there anybody who has noticed this problem apart of me? Can
anybody give me some advice?
I repeated my tests in AIX 4.1.5 with mod_ssl/2.4.1 and the found the same
behavior.... The only workaround I found was to set the cache expiration
time very high... not a desirable thing.
Also, only in AIX I am getting this error after the session is found in the
cache. This happens only if using client certificates:
[01/Sep/1999 16:14:27] [trace] Inter-Process Session Cache: request=GET
status=FOUND
id=61D60216A307650565623C2B41C6C2B333F956BB59EC16ECC41F05919A3C3730
(session reuse)
[01/Sep/1999 16:14:27] [trace] OpenSSL: Exit: error in SSLv3 read client
hello C
[01/Sep/1999 16:14:27] [trace] OpenSSL: Exit: error in SSLv3 read client
hello C
[01/Sep/1999 16:14:27] [error] SSL handshake failed (client 172.18.242.145,
server psmserv.intranet.bancorio.com.ar:443) (OpenSSL library error
follows)
[01/Sep/1999 16:14:27] [error] OpenSSL: error:140D9115:SSL
routines:SSL_GET_PREV_SESSION:session id context uninitialized
Is there somebody using client certificates in AIX?
Thanks a lot!!
Regards, Alfredo
Alfredo Raul Pena wrote:
> Hi all!
> I'm having problems with the session cache. When the server does a fresh
> start, everything works fine till the first expiration occurs. From then
> on, it looks like the session cache gets corrupted and even the sessions
> that gets set in the cache are being removed and missed one second
> later.
> This is driving me mad, because when the session is not found in the
> cache, Apache forces a renegotiation and Netscape ask for the Client
> Certificate again....
>
> My environment:
> OS: Solaris 2.5.1 on a Sun Ultra-1
> Apache: Apache/1.3.9 (Unix) mod_ssl/2.4.0 OpenSSL/0.9.4 mod_perl/1.21
> with SDBM and a file mutex
> Browser: Netscape Communicator 4.61 for Solaris 2.5 fortified, only
> one...
>
> I can send my Configure.apaci and my httpd.conf if you need it...
>
> This is the ssl_engine_log filtered with "grep 'Inter-Process' " with
> some comments (starting with ***). Sorry this is a bit long...
>
> [25/Aug/1999 19:39:14] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 0, new: 0, removed: 0
> [25/Aug/1999 19:39:42] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=41B8CDC284F66DB2B5632CF34471E925DC74CE27321C89BC9016C503A8A4BB73
> (session renewal)
> *** Here the browser is trying to use a session from the previous run of
> apache - It isn't there
>
> [25/Aug/1999 19:39:47] [trace] Inter-Process Session Cache: request=SET
> status=OK
> id=2A35E062EA9A763DBE2EF144F56814CCF20DEF95F32B47E94459BEEDFE2B5EBB
> timeout=295s (session caching)
> [25/Aug/1999 19:39:54] [trace] Inter-Process Session Cache: request=GET
> status=FOUND
> id=2A35E062EA9A763DBE2EF144F56814CCF20DEF95F32B47E94459BEEDFE2B5EBB
> (session reuse)
> [25/Aug/1999 19:40:36] [trace] Inter-Process Session Cache: request=GET
> status=FOUND
> id=2A35E062EA9A763DBE2EF144F56814CCF20DEF95F32B47E94459BEEDFE2B5EBB
> (session reuse)
> [25/Aug/1999 19:40:38] [trace] Inter-Process Session Cache: request=GET
> status=FOUND
> id=2A35E062EA9A763DBE2EF144F56814CCF20DEF95F32B47E94459BEEDFE2B5EBB
> (session reuse)
> *** I downloaded a page here with some gifs, the session is the same for
> all requests
>
> [25/Aug/1999 19:55:35] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 1, new: 1, removed: 0
> *** I let the browser alone for 15 minutes, enougth for the cache to
> expire. What is the "new: 1" about?
>
> [25/Aug/1999 19:55:36] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=2A35E062EA9A763DBE2EF144F56814CCF20DEF95F32B47E94459BEEDFE2B5EBB
> (session renewal)
> *** Netscape tried to use the same session as before, it expired....
>
> [25/Aug/1999 19:55:40] [trace] Inter-Process Session Cache: request=SET
> status=OK
> id=6A493123EE01A4D29A98F1417A467C30BFA8B50494F8F8FB368E171C81FC5E93
> timeout=296s (session caching)
> [25/Aug/1999 19:55:40] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 1, new: 0, removed: 1
> *** It started a new session and OOPS, why is there an old entry?
>
> [25/Aug/1999 19:55:40] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=6A493123EE01A4D29A98F1417A467C30BFA8B50494F8F8FB368E171C81FC5E93
> (session renewal)
> *** Why the session that was set above isn't found now??? It was
> removed?!?!?
>
> [25/Aug/1999 19:55:42] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 0, new: 0, removed: 0
> [25/Aug/1999 19:55:42] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=4E3342BF3DF0740F5962C236F2F0CC1DB4DC70FD7BE552BB67F40D906F47EE6F
> (session renewal)
> [25/Aug/1999 19:55:42] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 0, new: 0, removed: 0
> [25/Aug/1999 19:55:42] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=20AC16A79E8610078A8945F9D4F7AE9D0702D4F17050A07B5A62A9CA5CDCE8DB
> (session renewal)
> [25/Aug/1999 19:55:45] [trace] Inter-Process Session Cache: request=SET
> status=OK
> id=88F150A66B15B8D84D20A9A0A3C0E9C62C2D1A91F162AE5266810C47AB62EF05
> timeout=297s (session caching)
> [25/Aug/1999 19:55:46] [trace] Inter-Process Session Cache: request=SET
> status=OK
> id=10F32F2287C4380D0E1B2BDDA4314751734D2274D639627CF75979DEAB614386
> timeout=296s (session caching)
> [25/Aug/1999 19:55:47] [trace] Inter-Process Session Cache: request=SET
> status=OK
> id=BD8E869DFAF194B191A25C9A522AF309D7AA6F9BBE04350778DC962ED677262F
> timeout=293s (session caching)
> [25/Aug/1999 19:56:11] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 3, new: 0, removed: 3
> *** Now Netscape and Apache went really crazy... Netscape tried to use
> two sessions I don't now anything about and then started 3 new
> sessions... They were removed just after been created?!?!?!
>
> [25/Aug/1999 19:56:11] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=BD8E869DFAF194B191A25C9A522AF309D7AA6F9BBE04350778DC962ED677262F
> (session renewal)
> *** Netscape tried to use one of the above sessions, not found ...
>
> [25/Aug/1999 19:56:15] [trace] Inter-Process Session Cache: request=SET
> status=OK
> id=0CD7AA8B3930BAB9790CD22E92F016491433787DB3C680B1FED58393F97881D7
> timeout=296s (session caching)
> [25/Aug/1999 19:56:15] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 1, new: 0, removed: 1
> [25/Aug/1999 19:56:15] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=0CD7AA8B3930BAB9790CD22E92F016491433787DB3C680B1FED58393F97881D7
> (session renewal)
> *** Same thing as before. What the *hell* is happening here?
>
> [25/Aug/1999 19:56:21] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 0, new: 0, removed: 0
> [25/Aug/1999 19:56:21] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=10F32F2287C4380D0E1B2BDDA4314751734D2274D639627CF75979DEAB614386
> (session renewal)
> [25/Aug/1999 19:56:21] [trace] Inter-Process Session Cache (DBM) Expiry:
> old: 0, new: 0, removed: 0
> [25/Aug/1999 19:56:21] [trace] Inter-Process Session Cache: request=GET
> status=MISSED
> id=88F150A66B15B8D84D20A9A0A3C0E9C62C2D1A91F162AE5266810C47AB62EF05
> (session renewal)
> *** The sessions that were set before aren't found either.
>
> I am sure I am configuring the cache correctly, as the files
> ssl_mutex.$$, ssl_scache.pag and ssl_scache.dir gets created when the
> server starts. I've also 'truss'ed the server and haven't found anything
> anusual with the locking as every open of 'ssl_scache.pag' and
> 'ssl_scache.dir' is surrounded of fcntl's of file descriptor 24 which is
> 'ssl_mutex.$$'.
>
> Could anybody help me?
> I haven't tried yet the MM based cache, but this one should still
> work...
>
> Thanks in advance,
> Best regards, Alfredo
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
