Hi Harald, it looks as if the mysql server closes the connection unexpectedly after the authentication. This could happen if the database has been corrupted somehow (maybe a full disk or power outage?) or if it runs into some kind of timeout (high load on the machine caused by some processes which went mad?). Can you connect using mysql from the command line and select rows from the tables? If this is all ok, we need to have a closer look at the process of issuing a new CRL. The autoCRL daemon (./src/common/lib/cmds/startAutoCRL) uses sub autoCRLProcess() at the bottom of the source file, whereas manually issuing a new CRL is done by sub cmdGenCRL() in ./src/common/lib/cmds/genCRL ). They both call new() in ./src/modules/openca-crl/CRL.pm to create a new CRL, but obviously, something must be different if one way works and the other one fails to connect to the database.
best regards, Martin On 09/03/2014 07:14 AM, Harald Koch wrote: > Hello, > > I’m running two CAs with openCA, which has run successfully over years now. > Actually, I’m facing the situation that autoCRL is not working any more. This > started after I manually revoked one certificate in one of both CAs, but this > may be perhaps an accident. Actually, I have to issue CRLs manually from time > to time, since the autoCRL process seems to stop overnight after having run > for two days. Manually issueing CRLs works perfectly. > When starting the autoCRL process from the web interface, the log at > var/openca/log/stderr.log states the following: > > CRL::Found Entry -> 6DE70E00C4FF81E0A54B (13) > CRL::Found Entry -> 7AE329F4AFCAB0DE3D1E (15) > CRL::Found Entry -> 90BBDBB297A27246C4CE (17) > CRL::Found Entry -> D460DA7FA19F65076D50 (19) > CRL::Found Entry -> EB35BF44E2FAA2355CC0 (21) > DBD::mysql::st execute failed: MySQL server has gone away at <path > obfuscated>/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3309. > autoCRLProcess()::ERROR::Can not store CRL in DB! > DBD::mysql::db commit failed: MySQL server has gone away at <path > obfuscated>/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3549. > > I learned a bit that the file var/openca/crypto/crlnumber and crlnumber.old > may have something to do with it. The content is the hexadecimal > interpretation of the next and actual value of crl_key in the database table > crl. May this be the reason of cancellation ofthe autoCRL process? What other > reasons could exist so that the autoCRL process fails? > > > Freundliche Grüße/Best regards, > > Harald Koch > > c-works GmbH > Otto-Lilienthal-Str. 36 > 71034 Böblingen > http://www.os4x.com > > eMail: h.k...@os4x.com > Support: +49-(0)7031-4924306 > Fax: +49-(0)7031-4924308 > > Geschäftsführer/Managing Director: Harald Koch > Sitz und Registergericht/Domicile and Court of Registry: Stuttgart > HRB-Nr./ Commercial Register No. 725882 > > > ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
