subject:"\[Modules\] mod

Re: [Modules] mod_gnutls making Apache use 100% CPU

2016-02-22 Thread Corentin

Simon Josefsson  writes:

> 
> I recall something like that, it happened if the cache was corrupt.
> Maybe you could stop apache, copy away /var/cache/apache2/gnutls_cache,
> and start apache again, to see if it solves the problem?  Save the cache
> file so we can try to debug why this happened.
> 
> /Simon
> 

This is an old topic but it saved me. I just had the same problem, apache
spawning 100% CPU childrens. Exactly the same output than you for strace and
dbg. I am glad i found this topic, the situation was becoming really
troublesome.

___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

[Modules] mod_gnutls

2010-12-05 Thread Nikos Mavrogiannopoulos

It seems I have no longer the time to keep up working with mod_gnutls.
Unless someone else steps up as maintainer please consider this module
as unmaintained.

regards,
Nikos
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] [mod_gnutls] Keep-Alive possible?

2010-09-22 Thread Nikos Mavrogiannopoulos

On 09/22/2010 09:11 AM, Hardy Griech wrote:
 On 22.09.2010 08:56, Nikos Mavrogiannopoulos wrote:
 :
 GnuTLSCache is pointing to a file in a writable directory
 (/tmp-ram/gnutls), but: there are only gnutls.dir and gnutls.pag
 contained in that directory, no gnutls without extension.

 This sounds normal. The db backend does use those files. Could you try
 deleting them and restarting? Do you get the same error? Which version
 of mod_gnutls do you use?
[...]
 [Wed Sep 22 09:08:12 2010] [debug] gnutls_cache.c(355): [gnutls_cache] 
 Cleaned up cache '/tmp-ram/gnutls'. Deleted 0 and left 0
 [Wed Sep 22 09:08:12 2010] [debug] gnutls_cache.c(461): (22)Invalid 
 argument: [gnutls_cache] error storing in cache '/tmp-ram/gnutls'

That's strange. What is the output with the patch (prints the DB
internal error as well)?


regards,
Nikos



diff --git a/configure.ac b/configure.ac
index 90f4ab6..6b81ded 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 dnl 
-AC_INIT(mod_gnutls, 0.5.8)
+AC_INIT(mod_gnutls, 0.5.9)
 OOO_CONFIG_NICE(config.nice)
 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
 AC_PREREQ(2.53)
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c
index 3ca8cb5..2653b4e 100644
--- a/src/gnutls_cache.c
+++ b/src/gnutls_cache.c
@@ -456,12 +456,15 @@ static int dbm_cache_store(void* baton, gnutls_datum_t 
key,
 }
 
 rv = apr_dbm_store(dbm, dbmkey, dbmval);
-
 if (rv != APR_SUCCESS) {
+char err[128], *p;
+
+p = apr_dbm_geterror(dbm, NULL, err, sizeof(err));
+
 ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
  ctxt-c-base_server,
- [gnutls_cache] error storing in cache '%s',
- ctxt-sc-cache_config);
+ [gnutls_cache] error storing in cache '%s': %s,
+ ctxt-sc-cache_config, p!=NULL?p:unknown error);
 apr_dbm_close(dbm);
 apr_pool_destroy(spool);
 return -1;
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] [mod_gnutls] Keep-Alive possible?

2010-09-22 Thread ntbox

I will (have to) do the test today in the evening (MESZ).

Hardy


- Ursprüngliche Nachricht -
Von: Nikos Mavrogiannopoulos
Gesendet: 22.09.10 09:25 Uhr
An: Hardy Griech
Betreff: Re: [Modules] [mod_gnutls] Keep-Alive possible?

On 09/22/2010 09:11 AM, Hardy Griech wrote:
 On 22.09.2010 08:56, Nikos Mavrogiannopoulos wrote:
 :
 GnuTLSCache is pointing to a file in a writable directory
 (/tmp-ram/gnutls), but: there are only gnutls.dir and gnutls.pag
 contained in that directory, no gnutls without extension.

 This sounds normal. The db backend does use those files. Could you try
 deleting them and restarting? Do you get the same error? Which version
 of mod_gnutls do you use?
[...]
 [Wed Sep 22 09:08:12 2010] [debug] gnutls_cache.c(355): [gnutls_cache] 
 Cleaned up cache '/tmp-ram/gnutls'. Deleted 0 and left 0
 [Wed Sep 22 09:08:12 2010] [debug] gnutls_cache.c(461): (22)Invalid 
 argument: [gnutls_cache] error storing in cache '/tmp-ram/gnutls'

That's strange. What is the output with the patch (prints the DB
internal error as well)?


regards,
Nikos






diff --git a/configure.ac b/configure.ac
index 90f4ab6..6b81ded 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 dnl 
-AC_INIT(mod_gnutls, 0.5.8)
+AC_INIT(mod_gnutls, 0.5.9)
 OOO_CONFIG_NICE(config.nice)
 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
 AC_PREREQ(2.53)
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c
index 3ca8cb5..2653b4e 100644
--- a/src/gnutls_cache.c
+++ b/src/gnutls_cache.c
@@ -456,12 +456,15 @@ static int dbm_cache_store(void* baton, gnutls_datum_t 
key,
 }
 
 rv = apr_dbm_store(dbm, dbmkey, dbmval);
-
 if (rv != APR_SUCCESS) {
+char err[128], *p;
+
+p = apr_dbm_geterror(dbm, NULL, err, sizeof(err));
+
 ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
  ctxt-c-base_server,
- [gnutls_cache] error storing in cache '%s',
- ctxt-sc-cache_config);
+ [gnutls_cache] error storing in cache '%s': %s,
+ ctxt-sc-cache_config, p!=NULL?p:unknown error);
 apr_dbm_close(dbm);
 apr_pool_destroy(spool);
 return -1;
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

[Modules] [mod_gnutls] Keep-Alive possible?

2010-09-21 Thread Hardy Griech

Hi,

I'm trying to configure mod_gnutls/apache to allow keep-alive 
connections, i.e. allow multiple http requests through a single connection.

Is this actually possible with mod_gnutls?

Thanks

Hardy


Background: we have a battery driven application which should securely 
connect to a web server via GPRS.  So amount of data transmission and 
online time is critical.
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] [mod_gnutls] Keep-Alive possible?

2010-09-21 Thread Hardy Griech

On 21.09.2010 21:32, Nikos Mavrogiannopoulos wrote:
:
 Why wouldn't it be? Did you notice any issues? mod_gnutls only offers
 the secure layer. The HTTP is still handled by apache thus anything that
 worked without mod_gnutls should work with it.
:

Another hint that mod_gnutls is the culprit: the headers of the 
responses in both cases (mod_ssl, mod_gnutls) are the same.  The 
difference is, that apache with mod_gnutls closes the connection after 
the response while apache with mod_ssl does not.

mod_gnutls:

H: HTTP/1.1 200 OK
H: Date: Wed, 22 Sep 2010 03:34:51 GMT
H: Server: Apache/2.2.16 (Debian)
H: Vary: Accept-Encoding
H: Keep-Alive: timeout=60, max=100
H: Connection: Keep-Alive
H: Transfer-Encoding: chunked
H: Content-Type: text/plain


mod_ssl:

H: HTTP/1.1 200 OK
H: Date: Tue, 21 Sep 2010 11:15:38 GMT
H: Server: Apache
H: Keep-Alive: timeout=15, max=99
H: Connection: Keep-Alive
H: Transfer-Encoding: chunked
H: Content-Type: text/plain

SSL_VERSION_LIBRARY=GnuTLS/2.10.1
SSL_VERSION_INTERFACE=mod_gnutls/0.5.8

(the same for official debian packages from testing, gnutls 2.8.6, 
mod_gnutls 0.5.6)

Hardy
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls missing a Certificate file!

2009-09-13 Thread Nikos Mavrogiannopoulos

Julian Blake Kongslie wrote:
 I'm trying to setup an apache 2 server that offers SSL using anonymous
 DH, and does not offer any certificate at all. Presently, my virtual
 host configuration is as follows:
 
   VirtualHost *:443
 ServerName testbed
 GnuTLSEnable on
 GnuTLSPriorities NORMAL:+ANON-DH
 DocumentRoot /web
   /VirtualHost
 
 Unfortunately, apache 2 refuses to start, with the error:
   [GnuTLS] - Host 'testbed:0' is missing a Certificate File!
 
 But that, of course, is exactly what I want.
 
 If I provide a X.509 certificate to satisfy mod_gnutls, it is delivered
 to clients, even if I add -CTYPE-X.509 to the priorities. I can get
 approximately the right thing by providing an OpenPGP certificate
 instead - it, too, is sent to clients, but nothing in the world
 understands it, so it is simply ignored and the connection falls back to
 ANON-DH mode as I desire.
 Please tell me there's a better way?

Don't really think so. I've never considered anon to be the only option
in mod_gnutls. If you provide a dummy certificate and set -CTYPE-X509
and -CTYPE-OPENPGP does it do what you expect?


regards,
Nikos
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls making Apache use 100% CPU

2009-04-28 Thread Simon Josefsson

Hi again Sander.  I just remembered that you can disable session
resumption caching if you run into this problem again.  So FYI, in
/etc/apache2/mods-available/gnutls.conf add

GnuTLSCache none none

and comment out the other settings.  Of course, this will disable
session resumption, so it may also hurt performance.  But it may help.

/Simon
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls making Apache use 100% CPU

2009-04-24 Thread Simon Josefsson

Sander Marechal s.marec...@jejik.com writes:

 How can I debug this? Here's a typical configuration for one of my domains:

What does 'strace -p PID' for the PIDs of the apache daemon indicate?

/Simon
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls making Apache use 100% CPU

2009-04-24 Thread Sander Marechal

Simon Josefsson wrote:
 I recall something like that, it happened if the cache was corrupt.
 Maybe you could stop apache, copy away /var/cache/apache2/gnutls_cache,
 and start apache again, to see if it solves the problem?  Save the cache
 file so we can try to debug why this happened.

That worked!

I have a copy of the cache. Before I publish this on the mailinglist
here, what is in the cache? No private information like private keys or
anything?

-- 
Sander Marechal
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls making Apache use 100% CPU

2009-04-24 Thread Simon Josefsson

Sander Marechal s.marec...@jejik.com writes:

 Simon Josefsson wrote:
 I recall something like that, it happened if the cache was corrupt.
 Maybe you could stop apache, copy away /var/cache/apache2/gnutls_cache,
 and start apache again, to see if it solves the problem?  Save the cache
 file so we can try to debug why this happened.

 That worked!

Good.

 I have a copy of the cache. Before I publish this on the mailinglist
 here, what is in the cache? No private information like private keys or
 anything?

I don't think it contains private keys, but it definitely contains
secrets for the TLS sessions you have had live.  Maybe you could get dbm
people to help you debug the file for them, there are probably some dbm
tools to inspect dbm files.

Maybe Nikos can answer this better, I'm not a mod_gnutls developer (yet
:)).

/Simon
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls making Apache use 100% CPU

2009-04-24 Thread Simon Josefsson

Sander Marechal s.marec...@jejik.com writes:

 Simon Josefsson wrote:
 You could install memcached and modify
 /etc/apache2/mods-available/gnutls.conf to use it instead of a dbm file.

 I tried that but I get an error:

 # /etc/init.d/apache2 restart
 Restarting web server: apache2Syntax error on line 6 of
 /etc/apache2/mods-enabled/gnutls.conf:
 Invalid Type for GnuTLSCache!
  failed!

 The contents of my file:

 IfModule mod_gnutls.c

   GnuTLSCache memcache 127.0.0.1
   # GnuTLSCache dbm /var/cache/apache2/gnutls_cache

 /IfModule

 Is mod_gnutls in Debian Lenny built without memcache support?

Alas, yes.  It appears as if you updated #497097, thanks.  It would be
useful to prepare back-ported mod-gnutls packages with memcached support
for lenny though.

/Simon
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls: Failed to load Client CA File ... The given memory buffer is too short to hold parameters.

2009-01-13 Thread Nikos Mavrogiannopoulos

Jack Bates wrote:
 Sander Marechal reports that he cannot use the CA certificates
 distributed in the Debian ca-certificates package with mod_gnutls:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573
 
 I confirmed that this behaviour is the same in mod_gnutls trunk revision
 403:

Thanks for the report. I'll try to fix it as soon. However note that if
you want to set all the list of ca-certificates.crt as the trusted list
then probably you are doing something wrong. mod_gnutls uses this list
to authenticate clients that should have access to this website, thus a
list of 1-2 ca certificates should be the typical use.

regards,
Nikos
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Re: [Modules] mod_gnutls making Apache use 100% CPU

[Modules] mod_gnutls

Re: [Modules] [mod_gnutls] Keep-Alive possible?

Re: [Modules] [mod_gnutls] Keep-Alive possible?

[Modules] [mod_gnutls] Keep-Alive possible?

Re: [Modules] [mod_gnutls] Keep-Alive possible?

Re: [Modules] mod_gnutls missing a Certificate file!

Re: [Modules] mod_gnutls making Apache use 100% CPU

Re: [Modules] mod_gnutls making Apache use 100% CPU

Re: [Modules] mod_gnutls making Apache use 100% CPU

Re: [Modules] mod_gnutls making Apache use 100% CPU

Re: [Modules] mod_gnutls making Apache use 100% CPU

Re: [Modules] mod_gnutls: Failed to load Client CA File ... The given memory buffer is too short to hold parameters.

13 matches

Site Navigation

Mail list logo

Footer information