You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andrea Gabellini - SC <an...@telecomitalia.sm> on 2014/06/02 14:56:54 UTC
[users] Re: [users@httpd] mod_dbd and ssl
Hello,
with LogLevel = debug and only one SSL site enabled (for readability) I
got the following output. The first block is with DBDriver enabled and
the second without it. I can't see anything relevant, but i'm not a
developer ;-)
Any idea?
With DBD:
[Mon Jun 02 14:40:09.407389 2014] [ssl:info] [pid 8035] AH01887: Init:
Initializing (virtual) servers for SSL
[Mon Jun 02 14:40:09.407486 2014] [ssl:info] [pid 8035] AH01914:
Configuring server XXX.telecomitalia.sm:443 for SSL protocol
[Mon Jun 02 14:40:09.407871 2014] [ssl:debug] [pid 8035]
ssl_engine_init.c(1520): AH02209: CA certificate: CN=GeoTrust DV SSL
CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US
[Mon Jun 02 14:40:09.407968 2014] [ssl:debug] [pid 8035]
ssl_engine_init.c(684): AH01900: Configuring certificate revocation facility
[Mon Jun 02 14:40:09.408084 2014] [ssl:debug] [pid 8035]
ssl_engine_init.c(312): AH01893: Configuring TLS extension handling
[Mon Jun 02 14:40:09.408361 2014] [ssl:debug] [pid 8035]
ssl_util_ssl.c(343): AH02412: [XXX.telecomitalia.sm:443] Cert matches
for name 'XXX.telecomitalia.sm' [subject:
CN=XXX.telecomitalia.sm,OU=Domain Control Validated - QuickSSL(R),OU=See
www.geotrust.com/resources/cps (c)14,OU=GT90976397,serialNumber=... /
issuer: CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust
Inc.,C=US / serial: ... / notbefore: Apr 7 19:37:02 2014 GMT /
notafter: Apr 10 20:17:43 2015 GMT]
[Mon Jun 02 14:40:09.408393 2014] [ssl:info] [pid 8035] AH02568:
Certificate and private key XXX.telecomitalia.sm:443:0 configured from
/usr/local/ssl/certs/XXX.telecomitalia.sm.crt and
/usr/local/ssl/keys/XXX.telecomitalia.sm.key
[Mon Jun 02 14:40:09.408551 2014] [ssl:info] [pid 8035] AH01876:
mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1e
[Mon Jun 02 14:40:09.551526 2014] [auth_digest:notice] [pid 8037]
AH01757: generating secret for digest authentication ...
[Mon Jun 02 14:40:09.551630 2014] [auth_digest:debug] [pid 8037]
mod_auth_digest.c(250): AH01759: done
[Mon Jun 02 14:40:09.553298 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(396): AH00821: shmcb_init allocated 512000 bytes of
shared memory
[Mon Jun 02 14:40:09.553392 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(412): AH00822: for 511944 bytes (512000 including
header), recommending 32 subcaches, 88 indexes each
[Mon Jun 02 14:40:09.553410 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(445): AH00824: shmcb_init_memory choices follow
[Mon Jun 02 14:40:09.553421 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(447): AH00825: subcache_num = 32
[Mon Jun 02 14:40:09.553450 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(449): AH00826: subcache_size = 15992
[Mon Jun 02 14:40:09.553459 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(451): AH00827: subcache_data_offset = 2128
[Mon Jun 02 14:40:09.553467 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(453): AH00828: subcache_data_size = 13864
[Mon Jun 02 14:40:09.553475 2014] [socache_shmcb:debug] [pid 8037]
mod_socache_shmcb.c(455): AH00829: index_num = 88
[Mon Jun 02 14:40:09.553690 2014] [socache_shmcb:info] [pid 8037]
AH00830: Shared memory socache initialised
[Mon Jun 02 14:40:09.553724 2014] [ssl:info] [pid 8037] AH01887: Init:
Initializing (virtual) servers for SSL
[Mon Jun 02 14:40:09.553741 2014] [ssl:info] [pid 8037] AH01914:
Configuring server XXX.telecomitalia.sm:443 for SSL protocol
Without DBD:
[Mon Jun 02 14:40:56.201455 2014] [ssl:info] [pid 8063] AH01887: Init:
Initializing (virtual) servers for SSL
[Mon Jun 02 14:40:56.201646 2014] [ssl:info] [pid 8063] AH01914:
Configuring server XXX.telecomitalia.sm:443 for SSL protocol
[Mon Jun 02 14:40:56.202377 2014] [ssl:debug] [pid 8063]
ssl_engine_init.c(1520): AH02209: CA certificate: CN=GeoTrust DV SSL
CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US
[Mon Jun 02 14:40:56.202545 2014] [ssl:debug] [pid 8063]
ssl_engine_init.c(684): AH01900: Configuring certificate revocation facility
[Mon Jun 02 14:40:56.202969 2014] [ssl:debug] [pid 8063]
ssl_engine_init.c(312): AH01893: Configuring TLS extension handling
[Mon Jun 02 14:40:56.203545 2014] [ssl:debug] [pid 8063]
ssl_util_ssl.c(343): AH02412: [XXX.telecomitalia.sm:443] Cert matches
for name 'XXX.telecomitalia.sm' [subject:
CN=XXX.telecomitalia.sm,OU=Domain Control Validated - QuickSSL(R),OU=See
www.geotrust.com/resources/cps (c)14,OU=GT90976397,serialNumber=... /
issuer: CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust
Inc.,C=US / serial: ... / notbefore: Apr 7 19:37:02 2014 GMT /
notafter: Apr 10 20:17:43 2015 GMT]
[Mon Jun 02 14:40:56.203659 2014] [ssl:info] [pid 8063] AH02568:
Certificate and private key XXX.telecomitalia.sm:443:0 configured from
/usr/local/ssl/certs/XXX.telecomitalia.sm.crt and
/usr/local/ssl/keys/XXX.telecomitalia.sm.key
[Mon Jun 02 14:40:56.203997 2014] [ssl:info] [pid 8063] AH01876:
mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1e
[Mon Jun 02 14:40:56.335344 2014] [auth_digest:notice] [pid 8064]
AH01757: generating secret for digest authentication ...
[Mon Jun 02 14:40:56.335445 2014] [auth_digest:debug] [pid 8064]
mod_auth_digest.c(250): AH01759: done
[Mon Jun 02 14:40:56.336980 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(396): AH00821: shmcb_init allocated 512000 bytes of
shared memory
[Mon Jun 02 14:40:56.337032 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(412): AH00822: for 511944 bytes (512000 including
header), recommending 32 subcaches, 88 indexes each
[Mon Jun 02 14:40:56.337060 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(445): AH00824: shmcb_init_memory choices follow
[Mon Jun 02 14:40:56.337085 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(447): AH00825: subcache_num = 32
[Mon Jun 02 14:40:56.337109 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(449): AH00826: subcache_size = 15992
[Mon Jun 02 14:40:56.337133 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(451): AH00827: subcache_data_offset = 2128
[Mon Jun 02 14:40:56.337157 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(453): AH00828: subcache_data_size = 13864
[Mon Jun 02 14:40:56.337181 2014] [socache_shmcb:debug] [pid 8064]
mod_socache_shmcb.c(455): AH00829: index_num = 88
[Mon Jun 02 14:40:56.337377 2014] [socache_shmcb:info] [pid 8064]
AH00830: Shared memory socache initialised
[Mon Jun 02 14:40:56.337416 2014] [ssl:info] [pid 8064] AH01887: Init:
Initializing (virtual) servers for SSL
[Mon Jun 02 14:40:56.337446 2014] [ssl:info] [pid 8064] AH01914:
Configuring server XXX.telecomitalia.sm:443 for SSL protocol
[Mon Jun 02 14:40:56.338328 2014] [ssl:debug] [pid 8064]
ssl_engine_init.c(1520): AH02209: CA certificate: CN=GeoTrust DV SSL
CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US
[Mon Jun 02 14:40:56.338507 2014] [ssl:debug] [pid 8064]
ssl_engine_init.c(684): AH01900: Configuring certificate revocation facility
[Mon Jun 02 14:40:56.338934 2014] [ssl:debug] [pid 8064]
ssl_engine_init.c(312): AH01893: Configuring TLS extension handling
[Mon Jun 02 14:40:56.339507 2014] [ssl:debug] [pid 8064]
ssl_util_ssl.c(343): AH02412: [XXX.telecomitalia.sm:443] Cert matches
for name 'XXX.telecomitalia.sm' [subject:
CN=XXX.telecomitalia.sm,OU=Domain Control Validated - QuickSSL(R),OU=See
www.geotrust.com/resources/cps (c)14,OU=GT90976397,serialNumber=... /
issuer: CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust
Inc.,C=US / serial: ... / notbefore: Apr 7 19:37:02 2014 GMT /
notafter: Apr 10 20:17:43 2015 GMT]
[Mon Jun 02 14:40:56.339577 2014] [ssl:info] [pid 8064] AH02568:
Certificate and private key XXX.telecomitalia.sm:443:0 configured from
/usr/local/ssl/certs/XXX.telecomitalia.sm.crt and
/usr/local/ssl/keys/XXX.telecomitalia.sm.key
[Mon Jun 02 14:40:56.340056 2014] [ssl:info] [pid 8064] AH01876:
mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1e
[Mon Jun 02 14:40:56.378101 2014] [proxy:debug] [pid 8067]
proxy_util.c(1766): AH00925: initializing worker proxy:reverse shared
[Mon Jun 02 14:40:56.378180 2014] [proxy:debug] [pid 8067]
proxy_util.c(1808): AH00927: initializing worker proxy:reverse local
[Mon Jun 02 14:40:56.378235 2014] [proxy:debug] [pid 8067]
proxy_util.c(1859): AH00931: initialized single connection worker in
child 8067 for (*)
[Mon Jun 02 14:40:56.379249 2014] [proxy:debug] [pid 8068]
proxy_util.c(1766): AH00925: initializing worker proxy:reverse shared
[Mon Jun 02 14:40:56.379316 2014] [proxy:debug] [pid 8068]
proxy_util.c(1808): AH00927: initializing worker proxy:reverse local
[Mon Jun 02 14:40:56.379369 2014] [proxy:debug] [pid 8068]
proxy_util.c(1859): AH00931: initialized single connection worker in
child 8068 for (*)
[Mon Jun 02 14:40:56.379552 2014] [proxy:debug] [pid 8069]
proxy_util.c(1766): AH00925: initializing worker proxy:reverse shared
[Mon Jun 02 14:40:56.379607 2014] [proxy:debug] [pid 8069]
proxy_util.c(1808): AH00927: initializing worker proxy:reverse local
[Mon Jun 02 14:40:56.379654 2014] [proxy:debug] [pid 8069]
proxy_util.c(1859): AH00931: initialized single connection worker in
child 8069 for (*)
[Mon Jun 02 14:40:56.380425 2014] [proxy:debug] [pid 8070]
proxy_util.c(1766): AH00925: initializing worker proxy:reverse shared
[Mon Jun 02 14:40:56.380483 2014] [proxy:debug] [pid 8070]
proxy_util.c(1808): AH00927: initializing worker proxy:reverse local
[Mon Jun 02 14:40:56.380535 2014] [proxy:debug] [pid 8070]
proxy_util.c(1859): AH00931: initialized single connection worker in
child 8070 for (*)
[Mon Jun 02 14:40:56.380539 2014] [mpm_prefork:notice] [pid 8064]
AH00163: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips configured -- resuming
normal operations
[Mon Jun 02 14:40:56.380572 2014] [mpm_prefork:info] [pid 8064] AH00164:
Server built: May 31 2014 12:21:21
[Mon Jun 02 14:40:56.380604 2014] [core:notice] [pid 8064] AH00094:
Command line: '/usr/local/apache/sbin/httpd'
[Mon Jun 02 14:40:56.380631 2014] [mpm_prefork:debug] [pid 8064]
prefork.c(995): AH00165: Accept mutex: sysvsem (default: sysvsem)
[Mon Jun 02 14:40:56.381146 2014] [proxy:debug] [pid 8071]
proxy_util.c(1766): AH00925: initializing worker proxy:reverse shared
[Mon Jun 02 14:40:56.381203 2014] [proxy:debug] [pid 8071]
proxy_util.c(1808): AH00927: initializing worker proxy:reverse local
[Mon Jun 02 14:40:56.381249 2014] [proxy:debug] [pid 8071]
proxy_util.c(1859): AH00931: initialized single connection worker in
child 8071 for (*)
Il 31/05/2014 19:50, Nick Kew ha scritto:
> On 31 May 2014, at 12:55, Andrea Gabellini - SC wrote:
>
>> Hello,
>>
>> The server fails to start!
> What does the error log say? Crank up the log level if there's
> nothing useful there.
>
> Or, anything useful if you start it with -X from the commandline?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users] [users@httpd] mod_dbd and ssl
Posted by Nick Kew <ni...@webthing.com>.
On 4 Jun 2014, at 12:03, Andrea Gabellini - SC wrote:
> Hello,
>
> I performed several tests.
This is interesting, and your reports are sufficiently specific
to look more like a bug than a PBKAC. Unfortunately I'm
not in a position to reproduce it, and I don't think I can really
offer any more useful suggestions in this thread.
Have you checked bugzilla for anything relevant?
In the absence of further progress, it would probably
be worth entering this as a bug report. At the very
least, that gives us a record of it!
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users] [users@httpd] mod_dbd and ssl
Posted by Andrea Gabellini - SC <an...@telecomitalia.sm>.
Hello,
I performed several tests.
Starting with a fresh installation of CentOS 6.5 and a fresh compilation
of the latest MySQL 5.5 and Apache (with latest apr and apr-util)
Minimal changes to the default configuration, without adding or removing
apache modules, to permit the use of mod_dbd and mod_ssl
Only one non-ssl site (with dbd auth) and only one ssl site
- With apache 2.4.9, it crash if in the ssl site I use
SSLCACertificateFile ( I have some sites that use client certificates).
Removing that directive, apache starts and dbd authentication works.
- With apache 2.4.7, it crash with any SSL directive configured
- Both installation works if apache starts without the DBDriver
directive. Adding the directive and doing a graceful restart works.
I never used strace or gdb, but if someone give me some instructions I
can try.
Thanks,
Andrea
Il 03/06/2014 00:07, Nick Kew ha scritto:
> On 2 Jun 2014, at 13:56, Andrea Gabellini - SC wrote:
>
>> Hello,
>>
>> with LogLevel = debug and only one SSL site enabled (for readability) I
>> got the following output. The first block is with DBDriver enabled and
>> the second without it. I can't see anything relevant, but i'm not a
>> developer ;-)
> One more thought: maybe you have a problem with conflicting libraries
> linked to apache (or a module such as mod_ssl) and one of the databases
> loaded by DBD? You could check that with ldd. A possible culprit could
> be a hasty update to OpenSSL versions in reaction to heartbleed!
>
> If that's the problem, it's down to your build. What to do depends on
> whether you build from source or install from a package manager.
> In the former case, clean-and-rebuild is an easy fix; in the latter,
> make sure you update all, and if that doesn't fix it, take it up
> with the package maintainers.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users] [users@httpd] mod_dbd and ssl
Posted by Nick Kew <ni...@webthing.com>.
On 2 Jun 2014, at 13:56, Andrea Gabellini - SC wrote:
> Hello,
>
> with LogLevel = debug and only one SSL site enabled (for readability) I
> got the following output. The first block is with DBDriver enabled and
> the second without it. I can't see anything relevant, but i'm not a
> developer ;-)
One more thought: maybe you have a problem with conflicting libraries
linked to apache (or a module such as mod_ssl) and one of the databases
loaded by DBD? You could check that with ldd. A possible culprit could
be a hasty update to OpenSSL versions in reaction to heartbleed!
If that's the problem, it's down to your build. What to do depends on
whether you build from source or install from a package manager.
In the former case, clean-and-rebuild is an easy fix; in the latter,
make sure you update all, and if that doesn't fix it, take it up
with the package maintainers.
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users] [users@httpd] mod_dbd and ssl
Posted by Andrea Gabellini - SC <an...@telecomitalia.sm>.
Hello,
mod_dbd doesn't emit any log (also with LogLevel = trace8). Even if I
disable ssl and the authentication works.
I get a segmentation fault if I run apache with -X
The OS is a CentOS 6.5 upgraded few days ago. I just verified if there
were conflicting libraries.
I also re-compiled all the software I use (apache, mysql, php, ecc...)
I will try with a fresh installation of the OS and Apache.
Thanks,
Andrea
Il 02/06/2014 23:55, Nick Kew ha scritto:
> On 2 Jun 2014, at 13:56, Andrea Gabellini - SC wrote:
>
>> Hello,
>>
>> with LogLevel = debug and only one SSL site enabled (for readability) I
>> got the following output.
> Can't see anything from mod_dbd in there, nor any errors.
>
> Do you have a local geek who could run it under strace or gdb?
> If not, you could at least run httpd -X from the commandline and
> see if it tells you anything.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users] [users@httpd] mod_dbd and ssl
Posted by Nick Kew <ni...@webthing.com>.
On 2 Jun 2014, at 13:56, Andrea Gabellini - SC wrote:
> Hello,
>
> with LogLevel = debug and only one SSL site enabled (for readability) I
> got the following output.
Can't see anything from mod_dbd in there, nor any errors.
Do you have a local geek who could run it under strace or gdb?
If not, you could at least run httpd -X from the commandline and
see if it tells you anything.
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org