[rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
I can get RT up and running just fine using LDAP with RT::Authen::ExternalAuth. But as soon as I shut down the server and install mod_ssl, apache won't restart, segfaults. Similarly, I can install mod_ssl just fine but as soon as I install RT::Authen::ExternalAuth and add the known-working LDAP server config to RT_SiteConfig.pm, same problem. I'll be honest that I haven't debugged an apache crash for years. Since I am not even sending the SSL virtual host to RT (the DocumentRoot for the SSL host is the default apache /var/www/html) I am not sure what could be conflicting. I am happy to provide logs but the RT, and apache error logs don't seem to have anything relevant. -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
On Thu, 2014-03-27 at 16:01 -0500, Dewhirst, Rob wrote: I can get RT up and running just fine using LDAP with RT::Authen::ExternalAuth. But as soon as I shut down the server and install mod_ssl, apache won't restart, segfaults. What version of RT and Apache? I presume you're running with a mod_perl deployment? - Alex -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
RT 4.0.19 (because of RTIR) mod_perl RHEL 6.5 x64 Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:15 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/etc/httpd -D SUEXEC_BIN=/usr/sbin/suexec -D DEFAULT_PIDLOG=run/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf On Thu, Mar 27, 2014 at 4:30 PM, Alex Vandiver ale...@bestpractical.com wrote: On Thu, 2014-03-27 at 16:01 -0500, Dewhirst, Rob wrote: I can get RT up and running just fine using LDAP with RT::Authen::ExternalAuth. But as soon as I shut down the server and install mod_ssl, apache won't restart, segfaults. What version of RT and Apache? I presume you're running with a mod_perl deployment? - Alex -- RT Training - Dallas May 20-21 http://bestpractical.com/training -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
On Thu, 2014-03-27 at 16:42 -0500, Dewhirst, Rob wrote: RT 4.0.19 (because of RTIR) mod_perl Interesting; we've seen another report of this previously, but I've been unable to replicate it. It's presumably caused by a disagreement of mod_ssl with the SSL libraries that perl uses for LDAPS support -- and since mod_perl is in use, those two exist in the same process, and their disagreements lead to coredumps. We addressed a similar problem with mod_ssl and TLS connections to Postgres early in the 4.0 series. The simple work-around is to switch from mod_perl to one of the fastcgi deployment strategies, which separates the mod_ssl OpenSSL stack from perl's LDAPS OpenSSL stack, allowing them to play well together. However, I'd love to have a simple replication strategy to help track this down and fix it. How stock an RT install is this? I presume you're running with the standard Apache and mod_perl installs from RPMs? Can you provide your RT::Authen::ExternalAuth configuration? - Alex -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
This is just about as basic an RT install as you can get. everything was installed by CPAN and RPMs. I can give you instructions or if you have a place I can put a 1-2GB file I could probably just build a CentOS VM that exhibits the problem. On Thu, Mar 27, 2014 at 4:53 PM, Alex Vandiver ale...@bestpractical.com wrote: On Thu, 2014-03-27 at 16:42 -0500, Dewhirst, Rob wrote: RT 4.0.19 (because of RTIR) mod_perl Interesting; we've seen another report of this previously, but I've been unable to replicate it. It's presumably caused by a disagreement of mod_ssl with the SSL libraries that perl uses for LDAPS support -- and since mod_perl is in use, those two exist in the same process, and their disagreements lead to coredumps. We addressed a similar problem with mod_ssl and TLS connections to Postgres early in the 4.0 series. The simple work-around is to switch from mod_perl to one of the fastcgi deployment strategies, which separates the mod_ssl OpenSSL stack from perl's LDAPS OpenSSL stack, allowing them to play well together. However, I'd love to have a simple replication strategy to help track this down and fix it. How stock an RT install is this? I presume you're running with the standard Apache and mod_perl installs from RPMs? Can you provide your RT::Authen::ExternalAuth configuration? - Alex -- RT Training - Dallas May 20-21 http://bestpractical.com/training -- RT Training - Dallas May 20-21 http://bestpractical.com/training
