Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (nike.apache.org: domain of hlivingstone@thrupoint.com
 designates 207.126.144.141 as permitted sender)
MIME-Version: 1.0
Date: Wed, 17 Jul 2013 14:45:20 +0100
Message-ID: 
 <CAN5euqn8jrfOyx9933DvXRb_4Cv+MBPAWuKkV2LmZ=fH1Kj98g@mail.gmail.com>
From: "Livingstone, Hugh" <hlivingstone@thrupoint.com>
To: users@httpd.apache.org
Content-Type: multipart/alternative; boundary=089e0129452cfa8fb504e1b54dad
Subject: [users@httpd] Apache does not start when DBDriver(mod_dbd) and ssl is
 configured

--089e0129452cfa8fb504e1b54dad
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I am trying to use ssl access to the server(port 443) and also use mod_dbd
and mod_session_dbd for session management. I have tried this on apache
version 2.4.4, the latest of the trunk, and also the 2.4.6 tag I found in
svn, all are not woking.

With the following set in the http.conf  file the server starts once in
about 50 goes.  When the server starts it works as desired:

Listen 443

DBDriver mysql
DBDParams "host=172.31.252.44,dbname=apachesession,user=admin,pass=uscl99"
Servername "fusionsdkhugh.cdflab.thrupoint.com"

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /opt/certs/sitename.crt
SSLCertificateKeyFile /opt/certs/sitekey.key
</VirtualHost>


I have tired all manners of config, I simply stripped my http.conf down to
the above to figure out exactly what is causing the issue.  I found that if
I remove the "DBDrvier mysql" line, the server would start using https.
 Conversely, I found that if I turned off SSL, my database configuration
with session management would work as expected.  But when I put both
together the server rarely starts.

I discovered that apache was creating a core dump upon start up.  It looks
like when it is reading the self signed SSL certs I created it is crashing.
 The last few lines of a gdb trace on the dump file is:

Loaded symbols for /opt/apache/modules/mod_alias.so
Reading symbols from /opt/apache/lib/apr-util-1/apr_ldap-1.so...done.
Loaded symbols for /opt/apache/lib/apr-util-1/apr_ldap-1.so
Core was generated by `/opt/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.


Also the backtrace from the core dump file is:

#0  0x002041d0 in ?? ()
#1  0x0663d235 in ?? () from /usr/lib/libcrypto.so.10
#2  0x0663cbd4 in CRYPTO_free_ex_data () from /usr/lib/libcrypto.so.10
#3  0x066b9127 in ?? () from /usr/lib/libcrypto.so.10
#4  0x066be41c in ?? () from /usr/lib/libcrypto.so.10
#5  0x066be649 in ASN1_item_free () from /usr/lib/libcrypto.so.10
#6  0x066b92d8 in X509_free () from /usr/lib/libcrypto.so.10
#7  0x0024cc71 in ssl_pphrase_Handle (s=0x9feaea8, p=0x9ff29d0) at
ssl_engine_pphrase.c:275
#8  0x00240e42 in ssl_init_Module (p=0x9fc60a8, plog=0x9fec9b8,
ptemp=0x9ff29d0, base_server=0x9feaea8) at ssl_engine_init.c:368
#9  0x080871d2 in ap_run_post_config (pconf=0x9fc60a8, plog=0x9fec9b8,
ptemp=0x9ff29d0, s=0x9feaea8) at config.c:105
#10 0x08069411 in main (argc=3, argv=0xbfc75334) at main.c:765


A snippet of the end of the error_log is as follows:

[Tue Jul 16 17:56:08.924919 2013] [ldap:info] [pid 2185:tid 3079191200]
AH01318: APR LDAP: Built with OpenLDAP LDAP SDK
[Tue Jul 16 17:56:08.925077 2013] [ldap:info] [pid 2185:tid 3079191200]
AH01319: LDAP: SSL support available
[Tue Jul 16 17:56:08.925292 2013] [ssl:trace2] [pid 2185:tid 3079191200]
ssl_engine_rand.c(124): Init: Seeding PRNG with 136 bytes of entropy
[Tue Jul 16 17:56:08.925348 2013] [ssl:debug] [pid 2185:tid 3079191200]
ssl_engine_pphrase.c(181): AH02199: SSL not enabled on vhost
test.example.com:80 <http://test.example.com/>, skipping SSL setup
[Tue Jul 16 17:56:08.925405 2013] [ssl:info] [pid 2185:tid 3079191200]
AH02200: Loading certificate & private key of SSL-aware server '
test.example.com:443'
[Tue Jul 16 17:56:08.925924 2013] [ssl:debug] [pid 2185:tid 3079191200]
ssl_engine_pphrase.c(239): AH02202: Init: Read server certificate from
'/opt/certs/sitename.cr


I built my server from source using the following configure command:
./configure --with-mysql --prefix=/opt/apache  --enable-mods-shared=all
--enable-ldap --enable-authnz-ldap --enable-ssl --with-included-apr
--with-ldap --enable-proxy=shared

Given that the server does actually work as expected when it does start I
am at a loss.

Reading the guidelines it said to ask here before raising a bug.

Any help would be appreciated.

Thanks
Hugh Livingstone

 
--------------------
Note: The information contained in this message may be privileged and confidential 
and protected from disclosure. If the reader of this message is not the intended 
recipient, or an employee or agent responsible for delivering this message to the 
intended recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the message and 
deleting it from your computer. Thank you. Thrupoint, Inc.
nXaR2cC3

--089e0129452cfa8fb504e1b54dad
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,<br><div class=3D"gmail_quote"><div><br></div><div>I am trying to use ss=
l access to the server(port 443) and also use mod_dbd and mod_session_dbd f=
or session management. I have tried this on apache version 2.4.4, the lates=
t of the trunk, and also the 2.4.6 tag I found in svn, all are not woking.<=
/div>
<div><br></div><div>With the following set in the http.conf =A0file the ser=
ver starts once in about 50 goes. =A0When the server starts it works as des=
ired:</div><div><br></div><div><div>Listen 443</div><div><br></div><div>DBD=
river mysql</div>
<div>DBDParams &quot;host=3D172.31.252.44,dbname=3Dapachesession,user=3Dadm=
in,pass=3Duscl99&quot;</div><div>Servername<span class=3D"Apple-tab-span" s=
tyle=3D"white-space:pre">	</span>&quot;<a href=3D"http://fusionsdkhugh.cdfl=
ab.thrupoint.com">fusionsdkhugh.cdflab.thrupoint.com</a>&quot;</div>
<div><br></div><div>&lt;VirtualHost *:443&gt;</div><div>SSLEngine on</div><=
div>SSLCertificateFile /opt/certs/sitename.crt</div><div>SSLCertificateKeyF=
ile /opt/certs/sitekey.key</div><div>&lt;/VirtualHost&gt;</div></div><div>
<br></div><div><br></div><div>I have tired all manners of config, I simply =
stripped my http.conf down to the above to figure out exactly what is causi=
ng the issue. =A0I found that if I remove the &quot;DBDrvier mysql&quot; li=
ne, the server would start using https. =A0Conversely, I found that if I tu=
rned off SSL, my database configuration with session management would work =
as expected. =A0But when I put both together the server rarely starts.</div=
>
<div><br></div><div>I discovered that apache was creating a core dump upon =
start up. =A0It looks like when it is reading the self signed SSL certs I c=
reated it is crashing. =A0The last few lines of a gdb trace on the dump fil=
e is:</div>
<div><br></div><div><div>Loaded symbols for /opt/apache/modules/mod_alias.s=
o</div><div>Reading symbols from /opt/apache/lib/apr-util-1/apr_ldap-1.so..=
.done.</div><div>Loaded symbols for /opt/apache/lib/apr-util-1/apr_ldap-1.s=
o</div>
<div>Core was generated by `/opt/apache/bin/httpd -k start&#39;.</div><div>=
Program terminated with signal 11, Segmentation fault.</div></div><div><br>=
</div><div><br></div><div>Also the backtrace from the core dump file is:</d=
iv>
<div><br></div><div><div>#0 =A00x002041d0 in ?? ()</div><div>#1 =A00x0663d2=
35 in ?? () from /usr/lib/libcrypto.so.10</div><div>#2 =A00x0663cbd4 in CRY=
PTO_free_ex_data () from /usr/lib/libcrypto.so.10</div><div>#3 =A00x066b912=
7 in ?? () from /usr/lib/libcrypto.so.10</div>
<div>#4 =A00x066be41c in ?? () from /usr/lib/libcrypto.so.10</div><div>#5 =
=A00x066be649 in ASN1_item_free () from /usr/lib/libcrypto.so.10</div><div>=
#6 =A00x066b92d8 in X509_free () from /usr/lib/libcrypto.so.10</div><div>#7=
 =A00x0024cc71 in ssl_pphrase_Handle (s=3D0x9feaea8, p=3D0x9ff29d0) at ssl_=
engine_pphrase.c:275</div>
<div>#8 =A00x00240e42 in ssl_init_Module (p=3D0x9fc60a8, plog=3D0x9fec9b8, =
ptemp=3D0x9ff29d0, base_server=3D0x9feaea8) at ssl_engine_init.c:368</div><=
div>#9 =A00x080871d2 in ap_run_post_config (pconf=3D0x9fc60a8, plog=3D0x9fe=
c9b8, ptemp=3D0x9ff29d0, s=3D0x9feaea8) at config.c:105</div>
<div>#10 0x08069411 in main (argc=3D3, argv=3D0xbfc75334) at main.c:765</di=
v></div><div><br></div><div><br></div><div>A snippet of the end of the erro=
r_log is as follows:</div><div><br></div><div><div>[Tue Jul 16 17:56:08.924=
919 2013] [ldap:info] [pid 2185:tid 3079191200] AH01318: APR LDAP: Built wi=
th OpenLDAP LDAP SDK</div>
<div>[Tue Jul 16 17:56:08.925077 2013] [ldap:info] [pid 2185:tid 3079191200=
] AH01319: LDAP: SSL support available</div><div>[Tue Jul 16 17:56:08.92529=
2 2013] [ssl:trace2] [pid 2185:tid 3079191200] ssl_engine_rand.c(124): Init=
: Seeding PRNG with 136 bytes of entropy</div>
<div>[Tue Jul 16 17:56:08.925348 2013] [ssl:debug] [pid 2185:tid 3079191200=
] ssl_engine_pphrase.c(181): AH02199: SSL not enabled on vhost=A0<a href=3D=
"http://test.example.com/" target=3D"_blank">test.example.com:80</a>, skipp=
ing SSL setup</div>
<div>[Tue Jul 16 17:56:08.925405 2013] [ssl:info] [pid 2185:tid 3079191200]=
 AH02200: Loading certificate &amp; private key of SSL-aware server &#39;<a=
 href=3D"http://test.example.com:443/" target=3D"_blank">test.example.com:4=
43</a>&#39;</div>
<div>[Tue Jul 16 17:56:08.925924 2013] [ssl:debug] [pid 2185:tid 3079191200=
] ssl_engine_pphrase.c(239): AH02202: Init: Read server certificate from &#=
39;/opt/certs/<a href=3D"http://sitename.cr">sitename.cr</a></div></div><di=
v>
<br></div><div><br></div><div>I built my server from source using the follo=
wing configure command:</div><div>./configure --with-mysql --prefix=3D/opt/=
apache =A0--enable-mods-shared=3Dall --enable-ldap --enable-authnz-ldap --e=
nable-ssl --with-included-apr --with-ldap --enable-proxy=3Dshared=A0</div>
<div><br></div><div>Given that the server does actually work as expected wh=
en it does start I am at a loss.</div><div><br></div><div>Reading the guide=
lines it said to ask here before raising a bug.</div><div><br></div><div>
Any help would be appreciated.</div><div><br>Thanks</div><div>Hugh Livingst=
one</div><div><br></div><div><br></div><span class=3D"HOEnZb"><font color=
=3D"#888888">
</font></span></div><br>

<pre> =

--------------------
Note: The information contained in this message may be privileged and con=
fidential =

and protected from disclosure. If the reader of this message is not the i=
ntended =

recipient, or an employee or agent responsible for delivering this messag=
e to the =

intended recipient, you are hereby notified that any dissemination, distr=
ibution or =

copying of this communication is strictly prohibited. If you have receive=
d this =

communication in error, please notify us immediately by replying to the m=
essage and =

deleting it from your computer. Thank you. Thrupoint, Inc.
nXaR2cC3
=0D
--089e0129452cfa8fb504e1b54dad--