Full_Name: Andrej Czapszys
Version: 2.6.5-1.3.12
OS: Linux
Submission from: (NULL) (208.26.192.4)
I noticed that apache dumps core on a sigusr1 with mod_ssl staticly
linked under Linux. I do not get the same effect under Solaris
or if I use mod_ssl as a DSO.
GDB output is:
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libdb.so.3...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
#0 0x8131b65 in SSL_CTX_ctrl ()
(gdb) bt
#0 0x8131b65 in SSL_CTX_ctrl ()
#1 0x808f180 in ssl_init_Module ()
#2 0x808f4a7 in ssl_init_Module ()
#3 0x80eb6e9 in ap_init_modules ()
#4 0x80f5175 in standalone_main ()
#5 0x80f5993 in main ()
#6 0x400d09cb in __libc_start_main (main=0x80f563c <main>, argc=2,
argv=0xbffffb94, init=0x807db74 <_init>, fini=0x81fad2c <_fini>,
rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffb8c)
at ../sysdeps/generic/libc-start.c:92
I went poking through the sources and made the following changes in
ssl_engine_init.c, which (the upper part) resolved the problem
(the lower part detected the problem):
*** ssl_engine_init.c 2000/08/31 23:27:26 1.1
--- ssl_engine_init.c 2000/08/31 23:28:53
***************
*** 230,246 ****
* Ok, now try to solve this totally ugly situation...
*/
- #ifdef SHARED_MODULE
ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
ssl_init_SSLLibrary();
! #else
! if (mc->nInitCount <= 2) {
! ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
! mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
! ssl_init_SSLLibrary();
! }
! #endif
if (mc->nInitCount == 1) {
ssl_pphrase_Handle(s, p);
ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);
--- 230,239 ----
* Ok, now try to solve this totally ugly situation...
*/
ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
ssl_init_SSLLibrary();
!
if (mc->nInitCount == 1) {
ssl_pphrase_Handle(s, p);
ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);
***************
*** 530,535 ****
--- 523,535 ----
ctx = SSL_CTX_new(SSLv2_server_method()); /* only SSLv2 is left */
else
ctx = SSL_CTX_new(SSLv23_server_method()); /* be more flexible */
+
+ if ( ctx == NULL ) {
+ ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
+ "Init: Unable to create new SSL_CTX");
+ ssl_die();
+ }
+
SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (!(sc->nProtocol & SSL_PROTOCOL_SSLV2))
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
My guess is that unlike under Solaris, under Linux, global state is
not saved after the detach. This brings up the question, is it
harmful to reinitialize state during a graceful restart when global
state IS maintained? My guess would be that the worst that could
occur would be a small memory leak on each restart. This change
didn't have any notable effect under Solaris.
Also, my error handling code did not put out a reasonable error (and I'm not
sure why):
[31/Aug/2000 14:26:33 09880] [error] OpenSSL: error:140A90F1::lib(20) :func(169)
:reason(241)
Looking at the source, I expected it to look more like this:
[31/Aug/2000 14:26:33 09880] [error] OpenSSL: error:140A90F1::lib(SSL)
:func(SSL_CTX_new) :reason(Unable to load SSL2-MD5 routine)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
