Hi, The situation is that a friend's datacenter lost all power. Once power was restored their main web server (solaris 8, apache 1.3.26, openssl 0.9.6g) would not run and ssh did not work. They found that prngd was not working and the config file in /etc was missing so they copied over a config file from a test server and voila, ssh works, but apache still fails with this error:
[Thu Oct 29 23:36:46 2009] [error] mod_ssl: Init: (www.company.org:443) Unable to create SSL Proxy context (OpenSSL library error follows) [Thu Oct 29 23:36:46 2009] [error] OpenSSL: error:140A90A1:lib(20):func(169):reason(161) Searching the web, this seems to have something to do with "I would therefore say, function 169 (SSL_CTX_new) complains about error 161 LIBRARY_HAS_NO_CIPHERS. You did not call SSL_library_init()." It starts fine if you disable ssl. Now to confuse things even more, she has two versions of apache. The version that fails (above) is has a process limit of 512 (call it binary512). For grins my friend tried an older binary that has a process limit of 256 (call it binary256) and it worked. Aha she thought, perhaps the binary512 is corrupted so she copied over the binary512 from the test machine where it works fine and tried to run it on the production server. No luck. BTW the way, both binaries are built with ssl statically linked into them. Any ideas on how to debug this? Since there was file corruption the best solution would be to rebuild the server, but that is really not an option (lack of hardware and who knows where the cd's are to rebuild it). What has me confused is why binary512 works on the test server and not on the production server and why binary256 works on both servers. The only difference that I know of is the prngd problem and I am not sure how this could be causing a problem. Thanks for your comments and thoughts. cheers ski -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, [email protected], 206-501-9803 or ski98033 on most IM services _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
