httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Livingstone, Hugh" <hlivingst...@thrupoint.com>
Subject [users@httpd] Apache does not start when DBDriver(mod_dbd) and ssl is configured
Date Wed, 17 Jul 2013 13:45:20 GMT
Hi,

I am trying to use ssl access to the server(port 443) and also use mod_dbd
and mod_session_dbd for session management. I have tried this on apache
version 2.4.4, the latest of the trunk, and also the 2.4.6 tag I found in
svn, all are not woking.

With the following set in the http.conf  file the server starts once in
about 50 goes.  When the server starts it works as desired:

Listen 443

DBDriver mysql
DBDParams "host=172.31.252.44,dbname=apachesession,user=admin,pass=uscl99"
Servername "fusionsdkhugh.cdflab.thrupoint.com"

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /opt/certs/sitename.crt
SSLCertificateKeyFile /opt/certs/sitekey.key
</VirtualHost>


I have tired all manners of config, I simply stripped my http.conf down to
the above to figure out exactly what is causing the issue.  I found that if
I remove the "DBDrvier mysql" line, the server would start using https.
 Conversely, I found that if I turned off SSL, my database configuration
with session management would work as expected.  But when I put both
together the server rarely starts.

I discovered that apache was creating a core dump upon start up.  It looks
like when it is reading the self signed SSL certs I created it is crashing.
 The last few lines of a gdb trace on the dump file is:

Loaded symbols for /opt/apache/modules/mod_alias.so
Reading symbols from /opt/apache/lib/apr-util-1/apr_ldap-1.so...done.
Loaded symbols for /opt/apache/lib/apr-util-1/apr_ldap-1.so
Core was generated by `/opt/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.


Also the backtrace from the core dump file is:

#0  0x002041d0 in ?? ()
#1  0x0663d235 in ?? () from /usr/lib/libcrypto.so.10
#2  0x0663cbd4 in CRYPTO_free_ex_data () from /usr/lib/libcrypto.so.10
#3  0x066b9127 in ?? () from /usr/lib/libcrypto.so.10
#4  0x066be41c in ?? () from /usr/lib/libcrypto.so.10
#5  0x066be649 in ASN1_item_free () from /usr/lib/libcrypto.so.10
#6  0x066b92d8 in X509_free () from /usr/lib/libcrypto.so.10
#7  0x0024cc71 in ssl_pphrase_Handle (s=0x9feaea8, p=0x9ff29d0) at
ssl_engine_pphrase.c:275
#8  0x00240e42 in ssl_init_Module (p=0x9fc60a8, plog=0x9fec9b8,
ptemp=0x9ff29d0, base_server=0x9feaea8) at ssl_engine_init.c:368
#9  0x080871d2 in ap_run_post_config (pconf=0x9fc60a8, plog=0x9fec9b8,
ptemp=0x9ff29d0, s=0x9feaea8) at config.c:105
#10 0x08069411 in main (argc=3, argv=0xbfc75334) at main.c:765


A snippet of the end of the error_log is as follows:

[Tue Jul 16 17:56:08.924919 2013] [ldap:info] [pid 2185:tid 3079191200]
AH01318: APR LDAP: Built with OpenLDAP LDAP SDK
[Tue Jul 16 17:56:08.925077 2013] [ldap:info] [pid 2185:tid 3079191200]
AH01319: LDAP: SSL support available
[Tue Jul 16 17:56:08.925292 2013] [ssl:trace2] [pid 2185:tid 3079191200]
ssl_engine_rand.c(124): Init: Seeding PRNG with 136 bytes of entropy
[Tue Jul 16 17:56:08.925348 2013] [ssl:debug] [pid 2185:tid 3079191200]
ssl_engine_pphrase.c(181): AH02199: SSL not enabled on vhost
test.example.com:80 <http://test.example.com/>, skipping SSL setup
[Tue Jul 16 17:56:08.925405 2013] [ssl:info] [pid 2185:tid 3079191200]
AH02200: Loading certificate & private key of SSL-aware server '
test.example.com:443'
[Tue Jul 16 17:56:08.925924 2013] [ssl:debug] [pid 2185:tid 3079191200]
ssl_engine_pphrase.c(239): AH02202: Init: Read server certificate from
'/opt/certs/sitename.cr


I built my server from source using the following configure command:
./configure --with-mysql --prefix=/opt/apache  --enable-mods-shared=all
--enable-ldap --enable-authnz-ldap --enable-ssl --with-included-apr
--with-ldap --enable-proxy=shared

Given that the server does actually work as expected when it does start I
am at a loss.

Reading the guidelines it said to ask here before raising a bug.

Any help would be appreciated.

Thanks
Hugh Livingstone

 
--------------------
Note: The information contained in this message may be privileged and confidential 
and protected from disclosure. If the reader of this message is not the intended 
recipient, or an employee or agent responsible for delivering this message to the 
intended recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the message and 
deleting it from your computer. Thank you. Thrupoint, Inc.
nXaR2cC3

Mime
View raw message