On 01/17/2011 06:28 PM, Kaspar Brand wrote:
On 17.01.2011 13:38, Bernhard Thalmayr wrote:
Apache httpd 2.2.17
and what MPM are you using?
Worker MPM is used , but is configured so start multiple processes (default)
Is it possible that the
Connection::initialized boolean might not be
On 18.01.2011 12:29, Bernhard Thalmayr wrote:
I meant it might be a bug in Agent code to call 'NSS_NoDBInit' ...
however this code has been there for some years already.
One explanation I can think of is that it would only break with more
recent versions of NSS, due to stricter application
On 01/18/2011 05:16 PM, Kaspar Brand wrote:
On 18.01.2011 12:29, Bernhard Thalmayr wrote:
I meant it might be a bug in Agent code to call 'NSS_NoDBInit' ...
however this code has been there for some years already.
One explanation I can think of is that it would only break with more
recent
Thanks for your reply Kaspar, please see my comments inline.
On 01/16/2011 12:16 PM, Kaspar Brand wrote:
On 14.01.2011 10:24, Bernhard Thalmayr wrote:
the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
Just to be sure: we're talking of this code here, right?
yes
On 17.01.2011 13:38, Bernhard Thalmayr wrote:
Apache httpd 2.2.17
and what MPM are you using?
Worker MPM is used , but is configured so start multiple processes (default)
Is it possible that the
Connection::initialized boolean might not be shared among the httpd
processes, resulting
On 14.01.2011 10:24, Bernhard Thalmayr wrote:
the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
Just to be sure: we're talking of this code here, right?
http://sources.forgerock.org/browse/openam/trunk/opensso/products/webagents/am/source/connection.cpp?r=HEADcontent=true
Thanks again Robert, please see my comments inline ...
On 01/13/2011 10:40 PM, Robert Relyea wrote:
--snip--
What is the actual client software you are running?
the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
It merley does the following ...
Thanks a lot for the detailed explanation Robert - much appreciated.
Please see my comments in line, some stuff deleted for brevity.
On 01/12/2011 11:38 PM, Robert Relyea wrote:
--- snip ---
331569088[1bd1610]: C_UnwrapKey 331569088[1bd1610]: hSession =
0x6 331569088[1bd1610]: pMechanism =
Hi again,
today I a built a debug version of NSS 3.12.8 (as I haven't found 3.12.9
yet)
The issue is still there, but occours much later then with 3.12.5.
Server (with lib using NSS) ran about 1.5 hours before the issue
occoured. During this time 911 SSL connections have been done. The last
On 01/13/2011 10:46 AM, Bernhard Thalmayr wrote:
Hi again,
today I a built a debug version of NSS 3.12.8 (as I haven't found
3.12.9 yet)
I wouldn't expect 3.12.9 to fix the problem, as you seem to be running
into a unique issue.
The issue is still there, but occours much later then with
On Wed, Jan 12, 2011 at 2:38 PM, Robert Relyea rrel...@redhat.com wrote:
On 01/12/2011 01:26 PM, Bernhard Thalmayr wrote:
331569088[1bd1610]: C_UnwrapKey
331569088[1bd1610]: hSession = 0x6
331569088[1bd1610]: pMechanism = 0x7fffcd592ea0
331569088[1bd1610]: hUnwrappingKey = 0x8
On Thu, Jan 13, 2011 at 2:53 AM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
It might be helpfull if SSLTRACE and PKCS#11 could log a timestamp to help
in correlation.
You can add 'timestamp' to the NSPR_LOG_MODULES environment variable. See
So here we go ... the PCKS#11 logger shows the following
331569088[1bd1610]: C_DigestUpdate
331569088[1bd1610]: hSession = 0x88
331569088[1bd1610]: pPart = 0x6e580a4
331569088[1bd1610]: ulPartLen = 70
331569088[1bd1610]: rv = CKR_OK
331569088[1bd1610]: C_GetMechanismInfo
Bernhard wrote:
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f31569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]: CKA_CLASS = CKO_SECRET_KEY [8]
Was that a copy
On 01/12/2011 10:50 PM, Nelson B Bolyard wrote:
Bernhard wrote:
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f31569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]:
On 01/12/2011 10:50 PM, Nelson B Bolyard wrote:
Bernhard wrote:
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f31569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]:
On Wed, Jan 12, 2011 at 2:02 PM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Am'I wright that 'C_DeriveKey' is actually 'NSC_DeriveKey' in
http://mxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11c.c ?
Yes. C_DeriveKey is a function pointer. It points to the
On 01/12/2011 01:26 PM, Bernhard Thalmayr wrote:
So here we go ... the PCKS#11 logger shows the following
331569088[1bd1610]: C_DigestUpdate
331569088[1bd1610]: hSession = 0x88
331569088[1bd1610]: pPart = 0x6e580a4
331569088[1bd1610]: ulPartLen = 70
331569088[1bd1610]: rv = CKR_OK
Hi experts,
I have apache httpd running with a shared lib using NSS/NSPR.
The lib talks to an SSL enabled server using PR_WRITE. Occasionally
PR_WRITE returns error '-8023'.
OS is CentOS 5.5 64bit.
NSS: @(#)NSS 3.12.5.0 Aug 3 2010 17:15:02
NSPR: @(#)NSPR 4.8.2 2010-08-03 17:13:30
I've
On 01/11/2011 11:36 AM, Bernhard Thalmayr wrote:
Hi experts,
I have apache httpd running with a shared lib using NSS/NSPR.
The lib talks to an SSL enabled server using PR_WRITE. Occasionally
PR_WRITE returns error '-8023'.
OS is CentOS 5.5 64bit.
NSS: @(#)NSS 3.12.5.0 Aug 3 2010 17:15:02
On 1/11/2011 5:36 PM, Bernhard Thalmayr wrote:
Hi experts,
I have apache httpd running with a shared lib using NSS/NSPR.
The lib talks to an SSL enabled server using PR_WRITE. Occasionally
PR_WRITE returns error '-8023'.
OS is CentOS 5.5 64bit.
NSS: @(#)NSS 3.12.5.0 Aug 3 2010 17:15:02
Hi Wan-Teh,
thanks for your reply.
Will it be helpfull to use the 'PKCS #11 Module Logger' before starting
with 'printfs'?
I tried that and get at least some output in the specified log.
-Bernhard
On 01/11/2011 08:28 PM, Wan-Teh Chang wrote:
Hi Bernhard,
The best way to debug this is
On 01/11/2011 12:51 PM, Bernhard Thalmayr wrote:
Hi Wan-Teh,
thanks for your reply.
Will it be helpfull to use the 'PKCS #11 Module Logger' before
starting with 'printfs'?
I tried that and get at least some output in the specified log.
-Bernhard
yes, that will tell you which PKCS #11
23 matches
Mail list logo