Since I wrote that I have also observed the LoadBLOB No Memory on one server consitently - but not on some other much busier servers.
I am using the same apache binary on all these servers, and they're all solaris 8, but I have not compared the hwcrhk libs or hardserver version. So I will do that - hwcrhk lib is the SAME on both servers: $ sum * 7461 1801 libnfhwcrhk.so $ pwd /opt/nfast/toolkits/hwcrhk $ ls -l total 1824 -rwxrwxr-x 1 root bin 921856 Apr 5 2001 libnfhwcrhk.so The apache binary is 1.3.26 mod_ssl 2.8.10 openssl-engine 0.9.6g staticly bound- same compile from another machine using sun cc, not gcc, and no modifications to openssl-engine. The only difference I can see is the hardserver binary is different on each box - the package version of NCnfast on each is 1.72.3 but on the bad server the package timestamp is iona20010511170030 while on the good server the package timestamp is iona20010511170123. the hardserver binary on the good server looks like this: $ sum hardserver 47506 995 hardserver $ ls -l hardserver -rwxrwxr-x 1 root bin 509196 May 10 2001 hardserver The good box has a PCI nForce 150, firmware version 1.71.11. The bad box has a SCSI nForce 300, firmware version 1.54.24 So to sum up, I expect this is a nCipher binary / firware related problem and not a modssl or openssl-engine issue. Hope this helps you. -PeterV. Juergen Brauckmann wrote: >Hi Peter. > > > >>works fine for me - no leaks - but then I'm not using Solaris 2.5.1 - >>thats a bit old isnt it, I'm using chil on sol2.6 sol7 and sol8 ok >> >> > >Thanks for answering G�tz' question. After some more testing we observed >the (mis-)behaviour on Solaris 8 too. > >If I understand you correctly you are using Apache 1.3.26, mod_ssl (I >guess you are using 2.8.10), openssl and an nCipher-Box with >libnfhwchrk.so. > >Are you using the engine-branch of openssl, right out of the box, >without any modifications? > >Which version of libnfhwchrk.so do you have? Which size does the library >have? > >We are currently trying to get the libnfhwchrk.so stuff to work with >OpenSSL engine 0.9.6g, but after some thousand SSL-Connects the ncipher >box is blocked and we see error messages like "nFast KM: error: Module >#1: LoadBlob (BlobPubKNSO) failed: NoMemory" followed by something awful >from OpenSSL. > >Of course we are trying to resolve the issue with nCipher, but in the >meantime it would be nice to here from someone who succeeded with this >setup (mod_ssl, engine-branch, libnfhwchrk.so). > >Regards, > J�rgen > > > >>G�tz Babin-Ebell wrote: >> >> >> >>>Hello folks, >>> >>>There seems to be a ressource leak in the chil engine: >>> >>>Afer running 6 hours, apache stops to accept SSL requests: >>> >>> >>> >>>>[Mon Aug 26 20:41:02 2002] [error] OpenSSL: error:26089076:engine >>>>routines:HWCRHK_MOD_EXP:request fallback >>>>[Mon Aug 26 20:41:02 2002] [error] OpenSSL: error:0D079006:asn1 >>>> >>>> >>>encoding >>> >>> >>>>routines:ASN1_verify:bad get asn1 object call >>>> >>>>... >>>> >>>>[Mon Aug 26 20:42:02 2002] [error] OpenSSL: error:2608B072:engine >>>>routines:HWCRHK_RAND_BYTES:request failed >>>> >>>> >>>The program /opt/nfast/bin/randchk" gave the following error: >>> >>> >>>> Initialising 6-bit Universal Statistical Test >>>> Processing... >>>> Error in reply: cmd was ErrorReturn, status was NoMemory >>>> >>>> >>>After restareting apache the server processed normal. >>> >>>System information: >>> >>>Solaris 2.5.1 >>>OpenSSL 0.9.6g >>>ModSSL ??? >>>Apache 1.3.26 >>> >>> >>>Any guesses ? >>> >>>Bye >>> >>>Goetz >>> >>> >>> >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>Development Mailing List [EMAIL PROTECTED] >>Automated List Manager [EMAIL PROTECTED] >>-- >>Juergen Brauckmann Tel.: +49 (0)40 / 80 80 26-3 11 >>TC TrustCenter AG Fax.: +49 (0)40 / 80 80 26-1 26 >>Sonninstra�e 24-28 mailto:[EMAIL PROTECTED] >>D-20097 Hamburg http://www.trustcenter.de >> >> >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >Development Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
