Figured this one out: the third-party module was hacked by a previous colleague who was oh so kind to not document it, so the issue was not related to anything Apache/mod_ssl/openssl related.
Thanks, Flaffer ---- [EMAIL PROTECTED] wrote: > Compiling Apache 2.0.63 as DSO with OpenSSL 0.9.8g (among other modules. > Compiling completes sucessfully, but the runtime fails. This is being > compiled on solaris. Interestingly enough, we do not have the > same issue with AIX. > > Here is the output of the error_log with the failure: > > [Tue May 20 15:08:11 2008] [info] mod_unique_id: using ip addr XXX.XXX.XXX.XXX > [Tue May 20 15:08:11 2008] [notice] httplog/2.1.2 XX configured -- resuming > normal operations > [Tue May 20 15:08:12 2008] [info] ################################ > [Tue May 20 15:08:12 2008] [info] Initializing the hardware engine > [Tue May 20 15:08:12 2008] [info] ################################ > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(311): > Initializing the engine (I've done this 1 times) > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(314): Getting engine by > id. > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(323): Getting control > context - setting forkcheck. > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(328): Setting default > with ENGINE_set_default... > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(336): I should not have > gotten here.... help? > [Tue May 20 15:08:12 2008] [info] Hardware engine initialization complete > [Tue May 20 15:08:12 2008] [info] Init: Initializing OpenSSL library > [Tue May 20 15:08:12 2008] [info] Init: Seeding PRNG with 136 bytes of entropy > [Tue May 20 15:08:12 2008] [info] Loading certificate & private key of > SSL-aware server > [Tue May 20 15:08:12 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA > private key - pass phrase not required > [Tue May 20 15:08:12 2008] [info] Init: Generating temporary RSA private keys > (512/1024 bits) > [Tue May 20 15:08:12 2008] [info] Init: Generating temporary DH parameters > (512/1024 bits) > [Tue May 20 15:08:12 2008] [debug] ssl_scache_dbm.c(406): Inter-Process > Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 > [Tue May 20 15:08:12 2008] [info] Init: Initializing (virtual) servers for SSL > [Tue May 20 15:08:12 2008] [info] Configuring server for SSL protocol > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(397): Creating new SSL > context (protocols: SSLv2, SSLv3, TLSv1) > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(580): Configuring > permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(664): Configuring server > certificate chain (4 CA certificates) > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(708): Configuring RSA > server certificate > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(747): Configuring RSA > server private key > [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(397): Creating new SSL > context (protocols: SSLv2, SSLv3, TLSv1) > [Tue May 20 15:08:12 2008] [info] mod_ssl/2.0.63 compiled against Server: > Apache/2.0.63, Library: OpenSSL/0.9.8g > [Tue May 20 15:08:12 2008] [notice] httplog: SIGTERM received. > Flushing buffers and exiting > [Tue May 20 15:08:12 2008] [notice] httplog/2.1.2 XX configured -- > resuming normal operations > [Tue May 20 15:08:12 2008] [info] mod_unique_id: using ip addr 10.157.246.214 > [Tue May 20 15:08:13 2008] [info] ################################ > [Tue May 20 15:08:13 2008] [info] Initializing the hardware engine > [Tue May 20 15:08:13 2008] [info] ################################ > [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(311): Initializing the > engine (I've done this 1 times) > [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(314): Getting engine by > id. > [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(323): Getting control > context - setting forkcheck. > [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(328): Setting default > with ENGINE_set_default... > [Tue May 20 15:08:13 2008] [error] Init: Failed to enable Crypto Device API > `chil' > [Tue May 20 15:08:13 2008] [error] SSL Library Error: 2164682852 > error:81067064:CHIL engine:HWCRHK_INIT:already loaded > [Tue May 20 15:08:13 2008] [error] SSL Library Error: 638287981 > error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed > > The issue seems to be that OpenSSL hooks into the HWCRHK_INIT twice. > Mod_ssl initializes a hardware engine through the ssl_init_Engine > function. This is found only in ssl_init_Module of > modules/ssl/ssl_engine_init.c in the apache source tree. > The ssl_init_Engine function IS being called twice, therefore the > ssl_init_Module is being called twice > mod_ssl.c registers hooks for ssl_init_Module as a post-config > action... it seems those hooks are being processed twice causing the > dual-kickoff of the ssl_init_Module function. This is nothing new... > this performed this way all the way back in 2.0.55. > > We have gotten this same error with different versions of 2.0.x with > 0.9.8g, so it seems there is something in the build scripts that may > be causing this. > > One other note: we are including a third-party .so specific the to > hardware key device we utilize and that is the where HWCRHK_INIT method comes > from. > > Any ideas? Pointers? > > > -------------- > > I use my cat's name for a password: he is called [EMAIL PROTECTED] and I > change his name every 60 days > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
