You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Cliff Woolley <jw...@virginia.edu> on 2002/04/10 01:04:49 UTC

apache 2.0 trying to reinitialise ssl (fwd)

---------- Forwarded message ----------
Date: Tue, 9 Apr 2002 16:01:13 -0700
From: Martin Hofmann <mh...@uvic.ca>
Reply-To: modssl-users@modssl.org
To: modssl-users@modssl.org
Subject: apache 2.0 trying to reinitialise ssl

I am trying to run apache 2.0.35 with ssl on a Solaris box.
I can compile and install without any problems.
But when I try and run it fails with an error message about
(theoretically impossible) failed re-initialisation of SSL (see log
extract below)

(i also tried configuring mod_ssl as a shared module, but then I had
problems with X509_INFO_free not being found)

system:
Solaris 8 on Sparcstation 20, gcc 2.95.2, openssl 0.9.6c

I used the following configure options:
./configure --prefix=/usr/local/apache --enable-modules="ssl"

and started the server:
/usr/local/apache/bin/apachectl startssl

extract from /usr/local/apache/logs/ssl_engine_log

[09/Apr/2002 15:23:55 14475] [info]  Init: Initializing OpenSSL library
[09/Apr/2002 15:23:55 14475] [info]  Init: Seeding PRNG with 1024 bytes
of entropy
[09/Apr/2002 15:23:55 14475] [info]  Init: (jupiter.library.uvic.ca:443)
Loading certificate & private key of SSL-aware server
[09/Apr/2002 15:23:55 14475] [info]  Init: Requesting pass phrase via
builtin terminal dialog
[09/Apr/2002 15:23:59 14475] [info]  Init: Wiped out the queried pass
phrases from memory
[09/Apr/2002 15:23:59 14475] [info]  Init: Generating temporary RSA
private keys (512/1024 bits)
[09/Apr/2002 15:24:06 14475] [info]  Init: Generating temporary DH
parameters (512/1024 bits)
[09/Apr/2002 15:24:06 14475] [info]  Init: Initializing (virtual)
servers for SSL
[09/Apr/2002 15:24:06 14475] [info]  Init: (jupiter.library.uvic.ca:443)
Configuring server for SSL protocol
[09/Apr/2002 15:24:06 14475] [warn]  Init: (jupiter.library.uvic.ca:443)
RSA server certificate is a CA certificate (BasicConstraints: CA ==
TRUE !?)
[09/Apr/2002 15:24:06 14475] [info]  Server: Apache/2.0.35, Interface:
mod_ssl/2.0.35, Library: OpenSSL/0.9.6c
[09/Apr/2002 15:24:06 14475] [info]  Init: Initializing OpenSSL library
[09/Apr/2002 15:24:06 14475] [info]  Init: Seeding PRNG with 1024 bytes
of entropy
[09/Apr/2002 15:24:06 14475] [info]  Init: (jupiter.library.uvic.ca:443)
Loading certificate & private key of SSL-aware server
[09/Apr/2002 15:24:06 14475] [info]  jupiter.library.uvic.ca:443 reusing
existing RSA private key on restart
[09/Apr/2002 15:24:06 14475] [info]  Init: Generating temporary RSA
private keys (512/1024 bits)
[09/Apr/2002 15:24:41 14475] [info]  Init: Generating temporary DH
parameters (512/1024 bits)
[09/Apr/2002 15:24:41 14475] [info]  Init: Initializing (virtual)
servers for SSL
[09/Apr/2002 15:24:41 14475] [info]  Init: (jupiter.library.uvic.ca:443)
Configuring server for SSL protocol
[09/Apr/2002 15:24:41 14475] [error] Init: (jupiter.library.uvic.ca:443)
Illegal attempt to re-initialise SSL for server (theoretically shouldn't
happen!)

Martin Hofmann                           Unix Systems Administrator
mhofmann@uvic.ca                    Library Systems Services
Ph: 472-5069                               McPherson Library

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

Re: apache 2.0 trying to reinitialise ssl (fwd)

Posted by Doug MacEachern <do...@covalent.net>.

On Tue, 9 Apr 2002, Doug MacEachern wrote:

> On Tue, 9 Apr 2002, Cliff Woolley wrote:
> 
> it is possible jim is correct about the config issue, but it might also be 
> a bug in the static build (which i haven't tried in months)

fyi - just ran httpd-test with a static build of mod_ssl, all tests pass.

Re: apache 2.0 trying to reinitialise ssl (fwd)

Posted by Doug MacEachern <do...@covalent.net>.

On Tue, 9 Apr 2002, Cliff Woolley wrote:

it is possible jim is correct about the config issue, but it might also be 
a bug in the static build (which i haven't tried in months)
 
> (i also tried configuring mod_ssl as a shared module, but then I had
> problems with X509_INFO_free not being found)

this is still an issue if the OpenSSL libraries are static (libssl.a and 
libcrypto.a, rather than .so), because the libraries are linked 
against httpd rather than mod_ssl.so

why is it again that the ssl libraries get linked against httpd and not 
mod_ssl.so?