[EMAIL PROTECTED] wrote:
> > It seems mod_ssl ignores new values for SSLCertificateFile and
> > SSLCertificateKeyFile when it handles reconfiguration via a HUP
> > signal.
>
> That is correct.
Ok, any reason why not?
I'm guessing it doesn't reread the certificate because it possibly
has to ask f
It seems mod_ssl ignores new values for SSLCertificateFile and
SSLCertificateKeyFile when it handles reconfiguration via a HUP signal.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
[EMAIL PROTECTED] wrote:
> ...
> Secondary datapoint - not using egd - what is it?
> ...
egd ~= "entropy gathering daemon". See
http://www.openssl.org/support/faq.html#6
http://www.openssl.org/docs/crypto/RAND_egd.html
http://www.lothar.com/tech/crypto/
Ed
--
E
Data point - mine is resolved. I rebuilt everything installing apache with
EAPI only,
(configuring mod_ssl --with-eapi-only), then installed mod_ssl with apxs.
Apache config line as follows:
EAPI_MM=SYSTEM CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"\
./configure --enable-module=most --enab
Steve Hay wrote:
>
> Hi,
>
> I'm having trouble with the infamous Win32 startup hang problem.
>
[...]
> I've created a simple program to emit the pass phrase [...]
> This works fine if I start Apache with "-X" (single process), but
> doesn't help if I don't use the "-X" option: I get no prompt
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Cliff Woolley
Sent: Wednesday, July 26, 2000 3:49 PM
<<< The problem appears to be that (at least in the case of static linking)
SSL_CTX_new() is returning NULL in ssl_engine_init.c lines 530 or 532, and
th
To reply to my own message,
I've tested this with mod_ssl loaded statically and as a DSO, it works
great. No more core dumps when built statically and the memory leak is just
about fixed. There's still a small memory leak somewhere, the httpd
processes still grow a bit after many (hundreds) gra
>>> [EMAIL PROTECTED] 07/26/00 06:38PM But with
the httpd.conf MaxRequestsPerChild parameter available to force>any and
all memory leaks back to ground zero periodically, how bad *is*>this
memory leak, compared to the number of people who find they can>no longer
rotate their production s
>>>
[EMAIL PROTECTED] 07/26/00 06:24PM >>>
>Take a look at the patch I
just posted a minute ago, it takes care of your concerns
>(which were mine as
well)
I have been looking at it. It might very well be correct...
The problem appears to be that (at least in the case of static linking)
S
"Cliff Woolley" <[EMAIL PROTECTED]> wrote:
> >>> [EMAIL PROTECTED] 07/26/00 05:37PM >>>
> >I'd still suggest trying to
> >remove those three lines from ssl_engine_init.c first - just to see if it
> >makes a difference.
> The patch was originally applied to fix a memory leak that was happening upon
I've been looking at the source, and the part of the problem seems to be in
the function ssl_init_Module in ssl_engine_init.c If you look around line
225 in the apache_1.3.12/src/modules/ssl/ssl_engine_init.c file, you'll even
see comments on how ssl initialization occurs.
The changes made to ss
>>> [EMAIL PROTECTED] 07/26/00 05:37PM >>>
>I'd still suggest trying to>remove those three lines from
ssl_engine_init.c first - just to see if it>makes a difference.
The patch was originally applied to fix a memory leak that was happening
upon graceful restart. (Does this sound familiar? )
Take a look at the patch I just
posted a minute ago, it takes care of your concerns (which were mine as
well)
-Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Cliff WoolleySent: Wednesday, July 26, 2000 3:12
PMTo: [EMAIL PROTECTED]Sub
> DSO's are handy, and MM is definetely going to help performance a lot, but
> it shouldn't be necessary to avoid the core's. I'd still suggest trying to
> remove those three lines from ssl_engine_init.c first - just to see if it
> makes a difference.
Ok. I just recompiled from source to test thi
On Wed, Jul 26, 2000 at 02:25:48PM -0700, David Rees wrote:
>
> It does matter. When I build using a DSO, it does not crash on graceful (at
> least on Linux and IRIX). Please try it on your system.
>
DSO's are handy, and MM is definetely going to help performance a lot, but
it shouldn't be nec
> I have it set to alert. I am trying to to -HUP or -USR1 the truss'ed
> apache, but nothing gets to it. When I run apache without Truss, it's fine
> (well, crashes on both -HUP and -USR1).
>
> Well, if anyone knows what could be causing this, don't hesitate to post.
> I am running Solaris 2.7 (Ap
On Wed, Jul 26, 2000 at 02:02:28PM -0700, Dana Powers wrote:
> Indeed, I had posted the same signal issues w/ a backtrace (thread: Coredump)
> and the problem was solved when I moved from 2.6.5 back to 2.6.4. This could be
> the source (no pun intended).
>
Yeah, that fits nicely - the change I fo
I have it set to alert. I am trying to to -HUP or -USR1 the truss'ed
apache, but nothing gets to it. When I run apache without Truss, it's fine
(well, crashes on both -HUP and -USR1).
Well, if anyone knows what could be causing this, don't hesitate to post.
I am running Solaris 2.7 (Apache 1.3.12
Indeed, I had posted the same signal issues w/ a backtrace (thread: Coredump)
and the problem was solved when I moved from 2.6.5 back to 2.6.4. This could be
the source (no pun intended).
Dana
> And while we're at it - I was just checking the cvs and found this:
>
>http://www.modssl.org/source/
On Wed, Jul 26, 2000 at 10:24:59PM +0200, Mads Toftum wrote:
> Could you just check one more thing for me - what exatly gets into the
> error log (LogLevel debug or something like that). It seems that this
> is happening when the server is starting up again.
>
And while we're at it - I was just
Could you just check one more thing for me - what exatly gets into the
error log (LogLevel debug or something like that). It seems that this
is happening when the server is starting up again.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
OK, I recompiled with -g and have now got a backtrace:
0 SSL_CTX_ctrl(0x0, 0x20, 0xf, 0x0, 0xc, 0x101a8768, 0x10208384, 0x1)
["/local/home/drees/temp2/openssl-0.9.5a/ssl/ssl_lib.c":860, 0x100ec950]
1 ssl_init_ConfigureServer(s = 0x10207380, p = 0x101d58f8, sc =
0x10226140)
["/local/shar
Mads Toftum wrote:
> The trick is to run apache in a slightly different way:
>
> truss /path/to/apache/bin/httpd -X
> then use another term to do a kill -USR1 on apache's pid.
Yes thanks, I searched the archive for your message and found the truss command.
however, when I run it, it does not acc
On Wed, Jul 26, 2000 at 12:47:10PM -0400, Victor wrote:
> How can you truss the running apache instance? I am having the same issue
> (apache dumps core and crashes on restarts when compiled with Mod-SSL)
>
The trick is to run apache in a slightly different way:
truss /path/to/apache/bin/httpd -
Interesting, I found the same behavior when compiling mod_ssl statically
into apache. Loading mod_ssl as a DSO would not core dump when doing a
graceful. I did not get a stack trace. Here's the Apache configuration I
used:
./configure --prefix=/usr/local/apache --enable-module=ssl --enable-mod
How can you truss the running apache instance? I am having the same issue
(apache dumps core and crashes on restarts when compiled with Mod-SSL)
Did anyone find any solution or cause for this behavior? I posted my backtrace,
but noone was able to suggest anything to me. Just curious if there was
Hi.
I'm cross posting this message to the modssl-users and php-dev mailing lists
because don't know where the problem is at this time. Any help or suggestions
would be appreciated.
My environment is
Redhat Linux 6.2
Apache 1.3.12
OpenSSL 0.9.5a
mod_ssl 2.6.5-1
On Wed, Jul 26, 2000 at 10:53:10AM -0500, Ed Kubaitis wrote:
>
> Ok - I'll try that. But it's a fairly busy production server
> now backed off to modssl 2.6.3. So I'll report back early
> tomorrow morning (wrt UTC -0500) with the results.
>
You could just use it with a different httpd.conf that
On Wed, Jul 26, 2000 at 08:47:02AM -0400, Barry, Richard wrote:
> This may sound a little strange at first, but I'm looking for feedback from
> the experienced modssl-users readership on how people view the use of
> Apache/mod_ssl in a non-SSL configuration.
>
> My purpose for asking is that we a
Mads Toftum wrote:
> ...
> I must admit that I'm not too familiar with adb - I've always had gdb.
> How about using truss[1] ? It will probably tell us what apache was trying
> to do before the segfault.
> ...
Ok - I'll try that. But it's a fairly busy production server
now backed off to modssl 2
On Wed, Jul 26, 2000 at 10:59:43AM -0400, Barry, Richard wrote:
> (This is good feedback, thanks.)
>
> We don't build mod_ssl as a dynamically-loaded module, it's compiled in so
> the initialization hooks get called. (Export regulations dictated this at
> the time. These regulations are changing
On Wed, Jul 26, 2000 at 10:12:55AM -0500, Ed Kubaitis wrote:
>
> Not for the original adb backtrace reported. I tried
> recompiling apache with -g. The httpd executable got much
> bigger (and was reported by file(1) as "not stripped").
> When I tried the graceful restart, still got a coredump.
>
Mads Toftum wrote:
>
> On Wed, Jul 26, 2000 at 08:44:11AM -0500, Ed Kubaitis wrote:
> >
> > Same thing with SSLSessionCache set to none. I guess that
> > clears mm-1.1.3.
> >
> Yeah - did you compile with -g before running the core through the debugger
> http://www.modssl.org/docs/2.6/ssl_faq.htm
(This is good feedback, thanks.)
We don't build mod_ssl as a dynamically-loaded module, it's compiled in so
the initialization hooks get called. (Export regulations dictated this at
the time. These regulations are changing by the day so we may re-address
that decision in the future.)
Ideally, we
If the LoadModule dirrective is also commented out, mod_ssl will not be
loaded, hence no key generated. no?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Barry, Richard
> Sent: Wednesday, July 26, 2000 10:28 AM
> To: '[EMAIL PROTECTED]'
> Subject
That's our preferred solution.
Note that mod_ssl still insists that a server certificate exists which is
used to generate temp RSA keys, so non-SSL users will need to install a
dummy certificate even when they're serving only HTTP requests. Not a big
deal, but something we need to consider.
The
Hi,
[Sorry if you've already received this -- like somebody else a short
while ago, I'm re-sending a mail which I sent yesterday which didn't
appear to get there.
Is there a problem with this mailing list "losing" messages??!!]
I'm having trouble with the infamous Win32 startup hang problem.
Fo
On Wed, Jul 26, 2000 at 08:44:11AM -0500, Ed Kubaitis wrote:
>
> Same thing with SSLSessionCache set to none. I guess that
> clears mm-1.1.3.
>
Yeah - did you compile with -g before running the core through the debugger
http://www.modssl.org/docs/2.6/ssl_faq.html#report-backtrace ?
vh
Mads Tof
On Wed, Jul 26, 2000 at 03:21:58PM +0200, [EMAIL PROTECTED] wrote:
>
> Hi all!
>
> My first mail seems not to have been received, so i do it again. I'm sorry
> if you already received this.
>
> I'm running that configuration :
> Apache/1.3.12 (Unix) (Red Hat/Linux)
> mod_ssl/
Mads Toftum wrote:
>
> On Wed, Jul 26, 2000 at 03:04:10PM +0200, [EMAIL PROTECTED] wrote:
> [SNIP]
> > # adb /www/apache/bin/httpd core
> > core file = core -- program ``httpd'' on platform SUNW,Ultra-2
> > SIGSEGV: Segmentation Fault
> > $c
> > SSL_CTX_ctrl(0x211af8,0x211ad0,0xef62a9dc,0x0,0x2f6
Why not option a) and just comment out the SSL directives in httpd.conf?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Barry, Richard
> Sent: Wednesday, July 26, 2000 8:47 AM
> To: [EMAIL PROTECTED]
> Cc: Barry, Richard
> Subject: Pros/Cons for us
On Wed, Jul 26, 2000 at 03:04:10PM +0200, [EMAIL PROTECTED] wrote:
[SNIP]
> # adb /www/apache/bin/httpd core
> core file = core -- program ``httpd'' on platform SUNW,Ultra-2
> SIGSEGV: Segmentation Fault
> $c
> SSL_CTX_ctrl(0x211af8,0x211ad0,0xef62a9dc,0x0,0x2f657272,0x2f73736c) + 10c
> ap_init_mo
Hi all!
My first mail seems not to have been received, so i do it again. I'm sorry
if you already received this.
I'm running that configuration :
Apache/1.3.12 (Unix) (Red Hat/Linux)
mod_ssl/2.6.5
OpenSSL/0.9.5a
mod_perl/1.21
ApacheJServ/1.1.2
I
Full_Name: Ed Kubaitis
Version: 2.6.5
OS: Solaris 2.6
Submission from: (NULL) (130.126.112.162)
SunOS 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-2
apache_1.3.12
egd-0.8
mod_ssl-2.6.5-1.3.12
mm-1.1.3
openssl-0.9.5a
rsaref-2.0
# adb /www/apache/bin/httpd core
core file = core -- progra
This may sound a little strange at first, but I'm looking for feedback from
the experienced modssl-users readership on how people view the use of
Apache/mod_ssl in a non-SSL configuration.
My purpose for asking is that we are porting Apache and mod_ssl and
packaging it for our customers. Most of
hi,
I recently compiled and installed Openssl 0.9.5,
Modssl 2.6.5 and Apache 1.3.12 on a Win32 machine. I've created 2 servers, a
standar one listening on port 80 and a secure one listening on port
443.
When I run Apache without the '-D SSL' (just
standar server) option, everything looks ni
Ditto here on Solaris 2.6.
SunOS 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-2
apache_1.3.12
egd-0.8
mod_ssl-2.6.5-1.3.12
mm-1.1.3
openssl-0.9.5a
rsaref-2.0
mod_rewrite is the only optional module besides mod_ssl.
# adb /www/apache/bin/httpd core
core file = core -- program ``httpd''
This is becouse you're using an old version of Apache/mod_ssl with a new
version of openssl.
Unless you've got a very good reason to use that ld version, you
should upgrade to the latest (Apache 1.3.12 and mod_ssl 2.6.5).
If you really want to keep the old version, then you should downgrad
On Wed, Jul 26, 2000 at 01:06:44PM +0800, Raymond wrote:
> hi all,
>
> Question #1:
>
> i am currently working on having a secured site by installing openssl and
> mod_ssl with apache. to start apache, i type in the command:
>
> /var/lib/apache/bin/apachectl startssl
>
> if i edit httpd.conf,
Hi,
RedHat Linux 6.1
apache_1.3.9.tar.gz
mod_ssl-2_4_10-1_3_9_tar.gz
openssl-0_9_5a_tar.gz
mm-1_1_3_tar.gz
Apache make fails here:
gcc -c -I../../../../mm-1.1.3 -I../../os/unix -I../../include -DLINUX=2 -D
MOD_
SSL=204110 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../../lib/expat-lite
`..
/
Try verifying your certificate: openssl x509 -noout -text -in server.crt
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User S
51 matches
Mail list logo
