httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mike _ <arizonagroove...@gmail.com>
Subject Re: [users@httpd] shmcb:/path/to/datafile datafile does not exist
Date Wed, 16 Aug 2017 13:25:45 GMT
On 16 August 2017 at 13:54, Eric Covener <covener@gmail.com> wrote:
> On Wed, Aug 16, 2017 at 8:50 AM, mike _ <arizonagroovejet@gmail.com> wrote:
>
>> Could it be that ocsp.usertrust.com pre-produced a response for my
>> certificate at "Aug 16 00:58:00 2017 GMT" and is handing that out to
>> my instance of httpd?
>
> That's what I suspect. You could put a packet capture between Apache
> and the OCSP server and it would confirm that after a reboot or
> stop/start (maybe restart?) that such an OCSP response comes in on
> that backend side on the next frontend handshake (or at startup? I
> don't know much about OCSP in mod_ssl)

When I bother to look at the logs more closely I find

[Wed Aug 16 13:38:23.590925 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(79): [client nnn.nnn.nnn.nnn:37904]
AH01973: connecting to OCSP responder 'ocsp.usertrust.com'
[Wed Aug 16 13:38:23.602557 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(105): [client nnn.nnn.nnn.nnn:37904]
AH01975: sending request to OCSP responder
[Wed Aug 16 13:38:23.614194 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Date: Wed, 16 Aug 2017 12:38:24 GMT
[Wed Aug 16 13:38:23.614214 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Server: Apache
[Wed Aug 16 13:38:23.614218 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Last-Modified: Wed, 16 Aug 2017
00:58:00 GMT
[Wed Aug 16 13:38:23.614221 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Expires: Wed, 23 Aug 2017 00:58:00 GMT
[Wed Aug 16 13:38:23.614223 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: ETag:
69D88A041D975D90EA32CB081EFFC015230776F7
[Wed Aug 16 13:38:23.614226 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Cache-Control:
max-age=562175,public,no-transform,must-revalidate
[Wed Aug 16 13:38:23.614242 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: X-OCSP-Reponder-ID: rmdccaocsp19
[Wed Aug 16 13:38:23.614272 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Content-Length: 471
[Wed Aug 16 13:38:23.614277 2017] [ssl:debug] [pid 1418:tid
140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904]
AH01981: OCSP response header: Connection: close

So that seems to explain the "This Update"  date/time.

(562175 seconds is about 6 and a half days.)

thanks,

mike

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message