Re: Apache warning: Connection refused: connect to listener
On Tue, Sep 30, 2003 at 12:13:42PM -0400, Alex Hart wrote: I sent this yesterday but never saw it, so sorry if this is double. Output of httpd -V at bottom. ./httpd -V Server version: Apache/2.0.47 Server built: Sep 29 2003 18:29:13 Server's Module Magic Number: 20020903:4 Architecture: 32-bit Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_FLOCK_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT Right, this was part of what we needed - then there is the configuration. Specifically there are two settings that might be worth taking a closer look at - SSLMutex and SSLSessionCache. What are they currently set to? and if you feel adventurous, try switching between different types. http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslmutex http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache vh Mads Toftum -- Speaking at ApacheCon 2003 - http://ApacheCon.com/ T03, Apache 2 mod_ssl tutorial (3h) WE03, Troubleshooting Apache configurations WE11, Apache mod_rewrite, the Swiss Army Knife of URL manipulation __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Registration Open for ApacheCon 2003
Looking back through the list archive, it appears that this message never got through to the list. (sorry if I missed it). If there's enough interested mod_ssl users there, we could try setting up a mod_ssl BOF to discuss what has happened after the module became a part of the Apache distribution and where we would like to see the module going in the future. If you're interested, then drop me a note off list, and I'll talk to the planners. vh Mads Toftum -- Speaking at ApacheCon 2003 - http://ApacheCon.com/ T03, Apache 2 mod_ssl tutorial (3h) WE03, Troubleshooting Apache configurations WE11, Apache mod_rewrite, the Swiss Army Knife of URL manipulation ---BeginMessage--- http://www.marketwire.com/mw/release_html_b1?release_id=57498 Registration Opens for ApacheCon 2003, the Global Hub for All Things Apache (MARKET WIRE) -- 09/15/2003 -- http://www.apachecon.com/ -- ApacheCon, the official conference of the Apache Software Foundation (ASF), announced today the opening of registration for ApacheCon 2003, to be held November 16-20, 2003 in Las Vegas, Nevada. Forward-thinking open source users, developers, programmers, system administrators, and information architects head to ApacheCon to master new technologies, expand their knowledge and share problem-solving skills with peers from across the globe. Offering a wide range of beginner, intermediate and advanced sessions, ApacheCon attendees will learn firsthand the latest developments in Apache, the world's most popular Web server software, as well as key open source projects spanning PHP, Perl, XML, Java, MySQL, WebDAV, and more. Debuting at ApacheCon is code-named Geronimo, the ASF-licensed open source implementation of the J2EE specification that builds upon the many ASF-driven Java projects in liaison with leading members of the Castor, JBoss, MX4J and OpenEJB communities. We're proud to offer the opportunity to inspire, educate, and interact with some of the industry's sharpest minds, said ApacheCon 2003 Chairman Ken Coar. ApacheCon attendees are part of a collective voice in providing input and feedback to the Apache Software Foundation, thereby making a direct impact on the Apache community. More than 60 Sessions Highlight Core and Next-Generation Apache Server Tools ApacheCon kicks off with intensive full- and half-day tutorials that offer real world insight, techniques, and methodologies pivotal to the increasing demand for open source software. Attendees hone their skills, learn shortcuts and hacks and solve programming challenges on a variety of topics, including Apache 2.0, Jakarta, PHP, Perl, and SVG. This year's sessions highlight the dynamic nature of open development, and are grouped into three Focus Days: 1) Apache with XML and Java; 2) All Things Apache; and 3) Apache with Perl and PHP. ApacheCon presenters and faculty include some of the most accomplished and respected leaders in the open source community, such as Rich Bowen, Doug Tidwell, Stas Bekman, Rasmus Lerdorf, Greg Stein, Stefano Mazzocchi, and Geoffrey Young, along with keynote speakers Chris Pirillo and Doc Searls. Attendees can meet ASF members and peers during the ApacheCon Expo, evening events, birds of a feather sessions and a number of informal social gatherings. Premier sponsors include the Java Community Process (JCP), and Sun Microsystems who returns as a platinum sponsor. Once again ApacheCon is offering early registration incentives, including a tiered discount of up to $400 off the $899 individual registration fee to those who register by 30 September. The full conference schedule, tutorial descriptions, sponsorship and exhibitor opportunities, and venue details can be found at the ApacheCon 2003 Website. Register today at http://www.apachecon.com/ . Press registration is now available; please contact the ApacheCon Press Team on +1.617.921.8656 or via email at [EMAIL PROTECTED] About the Apache Software Foundation The Apache Software Foundation provides organizational, legal, and financial support for world-class, Open Source, Java, Perl, XML, Tcl, and PHP projects, in addition to the world's most popular Web server. The membership driven, non-profit, Foundation exists to ensure that the Apache projects continue to exist beyond the contributions of individuals, to enable contributions of intellectual property and financial support, and to provide a vehicle for limiting legal exposure while participating in Open Source projects. For more information, please see http://www.apache.org -- Contact: Sally Khudairi Company: Apache Software Foundation Phone: 617-921-8656 Email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---End Message---
Problems with Random Number Seeding
I'm not sure if this is an issue with mod_ssl, or possibly with OpenSSL's engine code itself. I have a FreeBSD 5.1R box with a Broadcom BCM5820 crypto accelerator board. I'm using mod_ssl's experimental extensions to enable this board, and I'm using it through BSD's cryptodev subsystem. When I first start the server, after configuration, and before forking daemons, it will dump core with either an Illegal Instruction or a Segmentation Fault. It seems to do this intermittently, and not on a consistent basis. It almost seems like the seeding process is not completing correctly the first time. I have the random device set to /dev/urandom to enable BSD to provide entropy for mod_ssl. It almost seems as if its ignoring this device and trying to get entropy from somewhere else. Has anybody seen any behavior like this? OS: FreeBSD 5.1R Apache Version: 1.3.28 mod_ssl Version: 2.8.15 OpenSSL Version: 0.9.7a mod_ssl configure: ./configure --with-apache=../apache_1.3.27 --with-mm=../mm-1.3.0 apache configure: setenv LDFLAGS -L/usr/local/lib setenv CFLAGS -I/usr/local/include setenv EAPI_MM ../mm-1.3.0 ./configure \ --prefix=/private/apache \ --enable-module=most \ --enable-shared=max \ --server-uid=www \ --server-gid=www \ --enable-suexec \ --suexec-caller=www \ --suexec-uidmin=2000 \ --suexec-gidmin=100 \ --suexec-docroot=/private/filer/www \ --enable-module=ssl \ --enable-shared=ssl \ --enable-rule=SSL_EXPERIMENTAL \ --activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c Backtrace: #0 0x282ef152 in engine_table_select () from /usr/lib/libcrypto.so.3 #1 0x282caeaa in ENGINE_get_default_RAND () from /usr/lib/libcrypto.so.3 #2 0x282c9ea5 in RAND_get_rand_method () from /usr/lib/libcrypto.so.3 #3 0x282c9fc9 in RAND_seed () from /usr/lib/libcrypto.so.3 #4 0x284ecefd in ssl_rand_feedfp () from /private/apache/libexec/libssl.so #5 0x284ecbd0 in ssl_rand_seed () from /private/apache/libexec/libssl.so #6 0x284e7f23 in ssl_init_TmpKeysHandle () from /private/apache/libexec/libssl.so #7 0x284e7c09 in ssl_init_Module () from /private/apache/libexec/libssl.so #8 0x08059cf4 in ap_init_modules () #9 0x08064a7b in main () #10 0x0804f7f5 in _start () -- Jeremy C. McDermond [EMAIL PROTECTED] Lead Engineer Peak Internet, LLC (541) 738-4921 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache warning: Connection refused: connect to listener
On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote: I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b However, I keep getting the following line in my error log file (thousands of times): [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to listener I have thousands of these warnings now in just a couple of days. ./httpd -V Server version: Apache/2.0.47 Server built: Sep 29 2003 18:29:13 Server's Module Magic Number: 20020903:4 Architecture: 32-bit Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_FLOCK_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT=/usr/local/apache2 -D SUEXEC_BIN=/usr/local/apache2/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf More Info: SSLSessionCache dbm:logs/ssl_scache SSLMutex file:logs/ssl_mutex I will try out different values for these, but I reinstalled without modssl, so I have to install modssl first. Seems like these are pretty standard settings. I'm surprised no one else has run across this warning. Please let me know if there is anything else I can provide to help out. - Alex Hart http://atpmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
