httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: ssl_die() and pool cleanup
Date Wed, 20 Nov 2013 21:14:39 GMT
On Wed, Nov 20, 2013 at 5:19 AM, Kaspar Brand <httpd-dev.2013@velox.ch>wrote:

> On 18.11.2013 14:59, Jeff Trawick wrote:
> > Has anyone looked at making ssl_die() clean up pools on the way out
> > (presumably by calling some function besides exit())?  It is rather easy
> to
> > end up with a bunch of stranded IPC objects while debugging your SSL
> config.
>
> Oh yes, a major annoyance I'm also occasionally running into.
>
> >      * XXX: The config hooks should return errors instead of calling
> exit().
>
> Gave it a try, see attachment. Not yet extensively tested (*), so
> perhaps incomplete. But httpd now properly cleans up for me, e.g. when a
> SIGHUPing fails, as shown in this log extract:
>

It looks fine at first glance...  I'll try to test a few error paths "soon"
whether or not it has already been committed at the time.

Thanks!


>
> > [Wed Nov 20 11:02:14.304528 2013] [mpm_worker:notice] [pid 23918:tid
> 3214934016] AH00298: SIGHUP received.  Attempting to restart
> > [Wed Nov 20 11:02:14.544660 2013] [ssl:info] [pid 23918:tid 3214934016]
> AH02200: Loading certificate & private key of SSL-aware server 'server:443'
> > [Wed Nov 20 11:02:14.545137 2013] [ssl:emerg] [pid 23918:tid 3214934016]
> AH02241: Init: Unable to read server certificate from file /tmp/snakeoil.pem
> > [Wed Nov 20 11:02:14.545240 2013] [ssl:emerg] [pid 23918:tid 3214934016]
> SSL Library Error: error:0D06B08E:asn1 encoding
> routines:ASN1_D2I_READ_BIO:not enough data
> > [Wed Nov 20 11:02:14.545278 2013] [ssl:emerg] [pid 23918:tid 3214934016]
> AH02312: Fatal error initialising mod_ssl, exiting.
> > [Wed Nov 20 11:02:14.545310 2013] [:emerg] [pid 23918:tid 3214934016]
> AH00020: Configuration Failed, exiting
>
> ("Configuration Failed, exiting" is the key here - this comes from
> main.c and will call destroy_and_exit_process() to clean up.)
>
> Kaspar
>
> (*) The changes related to ssl_read_pkcs7 in particular are fairly
> superficial, but I think we should drop that PKCS#7 stuff from mod_ssl
> anyway.
>



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message