On Sun, Oct 31, 1999, [EMAIL PROTECTED] wrote:
> Full_Name: David Kerry
> Version: 2.4.6
> OS: Debian/Linux 2.1 (Intel) w/2.0.36 kernel
> Submission from: cr719912-a.ym1.on.wave.home.com (24.114.39.84)
>
> I've been having alot of segmentation fault problems on a linux
> webserver I've set up.
>
> We're using:
> apache 1.3.9
> mod_ssl 2.4.6
> mm 1.0.12
> php 3.0.12
> Jserv 1.0
>
> Quick summary of the problem - users connecting to the ssl enabled
> virtual host on this server get I/O errors and the logs show that
> the apache process is dying with a segmentation fault (sig 11).
> Only the ssl host is affected, the regular port 80 access is
> unaffected. This problem seems to only happen after apache has
> been restarted (apachectl restart) at least once, and has been sitting
> idle for a number of hours.
>
> I have tried the following cache/session options: DBM, Vendor DBM,
> and shared-memory (MM). The result is still the same.
>
> I've since recompiled everything with complete debug info, and gotten
> a stack-backtrace:
>
> #0 RSA_private_decrypt (flen=64, from=0x812aaa8
> "G�q]k\2009\206U�)\n�\027e��X\002�8о��\nQ \tQ\017�<���g�A�$N#\226��ج��8�\224
> {\2276a^d�\037V�V�*�\023",
> to=0x812aaa8 ".....", rsa=0x810ae58, padding=1)
> at rsa_lib.c:228
> #1 0x402d9c9d in ssl3_get_client_key_exchange (s=0x8128418) at s3_srvr.c:1240
Yeah, that's definetely the same segfault someone other has also seen. It's
inside OpenSSL and seems to be not directly related to the session cache, I
think. Instead I've seen such problems inside OpenSSL one year ago under
Solaris if DSO was used. Are you using the DSO facility for building the
modules?
> [...]
> After tracing the code back up the tree a bit, it seems this rsa
> pointer is somehow stuffed into a certificate structure (s->cert->rsa_tmp).
> It would appear that someone is either stomping on memory,
> or just not initializing this structure before passing it around.
>
> Since I'm not familiar enough with the code to trace this completely
> through, I can't say for sure whether this is a mod_ssl problem,
> or an OpenSSL problem.
The problem is that this is very deep inside OpenSSL and the last code in
mod_ssl was the one which called SSL_accept(). Between this mod_ssl->OpenSSL
step and the segfault a lot of stuff happens inside OpenSSL. So it's not very
easy to find the reason for the messed up RSA structure. Hmmm... I think one
has to trace the whole SSL handshake to find the reason. The only thing I can
offer you here is that if you provide me with a temporary "rse" account and a
step-by-step list which shows how to reproduce the segfault, I can try to step
through the code and find out a little bit more.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
