On Wed, Oct 27, 1999 at 08:31:31AM +0200, Ralf S. Engelschall wrote:
> On Tue, Oct 26, 1999, David Kerry wrote:
>
> > [...]
> > [Tue Oct 26 10:12:00 1999] [notice] child pid 30579 exit signal Segmentation fault
>(11)
> > [...]
> > Note also that the backtrace is identical with SDBM vs. vendor DBM libraries
> > (dies at 0x21fb in both cases).
>
> This indicates that the problem for you seems to be _NOT_ inside the session cache.
I was starting to lean that way myself, but I played around a bit with the
SSLSessionCacheTimeout and it seemed to cause the problem faster when I set it
to ridiculously small values (1-3 secs). This may have been coincidence,
however...
Anyways, I've now recompiled apache/mod_ssl to use the MM library to eliminate
that possibility. It's now been up for almost a day, and hasn't shown any
problems yet...
<snip>
> > 27453 time(NULL) = 940949214
> > 27453 getpid() = 27453
>
> That seems to be inside ssl_engine_rand.c:ssl_rand_seed().
> Caused by "SSLRandomSeed connect builtin", right?
> Can you show me your SSLRandomSeed config entries?
Uhh... I don't have one. Is that a necessary parameter? The html docs
don't seem to indicate one way or the other. I don't see any errors
related to this in the logs, either. This box has been upgraded over
time since mod_ssl v2.3 days, so I may be missing new parameters in my
httpd.conf file. (Back to the docs I go)
(This sounds like it could be the problem)
<snip>
> Hmmm... so let us summarize it: The segfault occurs either still inside
> OpenSSL's SSL_accept() or directly after this call inside mod_ssl. The problem
> is just that SSL_accept() calls internally a lot of code inside OpenSSL, so
> this is not easy to debug. You should start by compiling OpenSSL with "-g
> -ggdb3" to really get a backtrace this time.
Drat - that's the one package I forget to add debug info to... figures. I'll
recompile that too and report back what happens, if anything.
> BTW, have you checked that OpenSSL already passes its "make test"?
Ummm... (blush). Nope... (runs tests... - everything's ok)
--
David Kerry ([EMAIL PROTECTED])
Stable Network Technologies Inc. (www.snti.com)
Toronto, Ontario, Canada
Tel: (416) 367-2745 Fax: (416) 861-0650
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
