You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Graham Leggett <mi...@sharp.fm> on 2014/05/29 19:14:21 UTC

mod_ssl and missing debug logging

Hi all,

I am having some strange behaviour from mod_ssl, and am struggling to get the the bottom of the behaviour.

I have a client trying to connect to a mod_ssl server using client certs, and the client says that mod_ssl rejected the connection with "handshake failure". Fair enough, let's head to the server and look in the logfile, it will tell us the reason for the handshake failure.

All I see in error_log is this:

[Thu May 29 17:07:53.638577 2014] [ssl:info] [pid 14881:tid 140639962363648] [client xx.xx.xx.xx:43405] AH01998: Connection closed to child 140 with abortive shutdown (server foo.bar.example.net:443)

What I'm expecting to see in the error log is the reason that the connection was closed, rather than the fact it closed.

I tried setting "LogLevel debug", and still no change in behaviour: mod_ssl is completely silent on the issue of why this connection is rejected.

Does mod_ssl have error handling anomalies that people are aware of? What does one have to do to coax some kind of explanation for the failure out of mod_ssl? I am confident if I can break the radio silence and get an error message I can solve the problem, but until mod_ssl stops playing mute I am stuck.

Ring any bells?

This is httpd v2.4.9.

Regards,
Graham
--

Re: mod_ssl and missing debug logging

Posted by Falco Schwarz <hi...@falco.me>.

> On 29 May 2014, at 19:15, Graham Leggett <mi...@sharp.fm> wrote:
> "LogLevel debug"
> This is httpd v2.4.9.

Unfortunately I am unable to help you with your error, however if you're trying to see more information, did you try to turn logging all the way up?

LogLevel warn ssl:trace4

You could try even higher, up until trace8. It can ne quite noisy though and at some point it starts to get unusable.

Re: mod_ssl and missing debug logging

Posted by Yann Ylavic <yl...@gmail.com>.

On Thu, May 29, 2014 at 7:14 PM, Graham Leggett <mi...@sharp.fm> wrote:
> Ring any bells?

I noticed in [1] that no mod_ssl log callback was set on the write
side of the SSL connection (wbio).
That probably only concerns network events/errors, but maybe the patch
proposed there can help.
The callback is level TRACE4 though.

Regards,
Yann.

[1] http://mail-archives.apache.org/mod_mbox/httpd-dev/201401.mbox/%3CCAKQ1sVMvpckx_gf9w72gHYefQdDDVkQVpdjxkGC5CST8yYd-_g@mail.gmail.com%3E