You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chris Copeland <ch...@cope360.com> on 2009/12/18 23:38:51 UTC
[users@httpd] HTTP fine, SSL segfaults every time; 2.2.14 on Solaris 10 x86.
Backtrace included
Hello,
I am building OpenSSL, HTTPD, and Tomcat Connectors on Solaris 10 x86
using the Sun Studio compiler.
There server runs fine in HTTP mode but segfaults immediately when SSL
is enabled. OpenSSL passed all tests when built.
Below I have:
* Configure and compile commands for all
* Error log
* Backtrace
I would greatly appreciate any help. If I can provide any more
information, please just let me know what.
TIA,
Chris
=================================================
$ cc -V
cc: Sun C 5.10 SunOS_i386 2009/06/03
$ uname -a
SunOS bsiausdevjvm01 5.10 Generic_120012-14 i86pc i386 i86pc
=================================================
OpenSSL 0.9.8l built as:
CC=/usr/bin/cc
./Configure \
solaris-x86-cc \
shared \
-g \
--openssldir=/usr/local/openssl-0.9.8l
make
make test
sudo make install
sudo ln -s /usr/local/openssl-0.9.8l /usr/local/openssl
=================================================
Apache HTTPD 2.2.14 built as:
CC=/usr/bin/cc
CFLAGS="-g"
./configure \
--prefix=/usr/local/apache-2.2.14 \
--with-mpm=prefork \
--enable-so \
--enable-unique-id=shared \
--enable-rewrite=shared \
--enable-spelling=shared \
--enable-info=shared \
--enable-headers=shared \
--enable-deflate=shared \
--enable-expires=shared \
--enable-unique-id=shared \
--enable-usertrack=shared \
--enable-speling=shared \
--enable-ssl=shared \
--with-ssl=/usr/local/openssl
make
sudo make install
sudo ln -s /usr/local/apache-2.2.14 /usr/local/apache2
=================================================
Tomcat Connectors 1.2.28
CC=/usr/bin/cc
CFLAGS="-g"
./configure \
--with-apxs=/usr/local/apache2/bin/apxs
make
sudo make install
=================================================
At this point I can start the server using the default configuration
files and plain http works fine.
Once I enable SSL it will segfault immediately on HTTPS requests. I
am using the default SSL config file only editing the IP address. The
certification is a self-signed one I generated using the just build
version of OpenSSL.
Error Log:
[Fri Dec 18 15:59:48 2009] [notice] SIGHUP received. Attempting to restart
httpd: Could not reliably determine the server's fully qualified
domain name, using 192.168.15.81 for ServerName
[Fri Dec 18 15:59:49 2009] [warn] RSA server certificate CommonName
(CN) `Chris' does NOT match server name!?
[Fri Dec 18 15:59:49 2009] [notice] Apache/2.2.14 (Unix)
mod_ssl/2.2.14 OpenSSL/0.9.8l configured -- resuming normal operations
[Fri Dec 18 15:59:52 2009] [notice] child pid 12127 exit signal
Segmentation fault (11), possible coredump in /tmp
[Fri Dec 18 15:59:55 2009] [notice] child pid 12128 exit signal
Segmentation fault (11), possible coredump in /tmp
[...]
Backtrace:
$ dbx - core.httpd.12132.u1
Corefile specified executable: "/usr/local/apache-2.2.14/bin/httpd"
For information about new features see `help changes'
To remove this message, put `dbxenv suppress_startup_message 7.7' in your .dbxrc
Reading httpd
core file header read successfully
Reading ld.so.1
Reading libm.so.2
Reading libaprutil-1.so.0.3.9
Reading libexpat.so.0.1.0
Reading libapr-1.so.0.3.9
Reading libuuid.so.1
Reading libsendfile.so.1
Reading librt.so.1
Reading libsocket.so.1
Reading libnsl.so.1
Reading libpthread.so.1
Reading libc.so.1
Reading libaio.so.1
Reading libmd.so.1
Reading libscf.so.1
Reading libdoor.so.1
Reading libuutil.so.1
Reading libgen.so.1
Reading libmp.so.2
Reading mod_deflate.so
Reading libz.so.1
Reading mod_expires.so
Reading mod_headers.so
Reading mod_usertrack.so
Reading mod_unique_id.so
Reading mod_ssl.so
Reading libssl.so.0.9.8
Reading libcrypto.so.0.9.8
Reading libdl.so.1
Reading mod_info.so
Reading mod_speling.so
Reading mod_rewrite.so
t@1 (l@1) program terminated by signal SEGV (Segmentation Fault)
Current function is child_main
635 lr = pdesc[last_poll_idx++].client_data;
(dbx) where
current thread: t@1
=>[1] child_main(child_num_arg = 0), line 635 in "prefork.c"
[2] make_child(s = 0x8148190, slot = 0), line 758 in "prefork.c"
[3] perform_idle_server_maintenance(p = 0x80fc438), line 893 in "prefork.c"
[4] ap_mpm_run(_pconf = 0x80fc438, plog = 0x813a530, s = 0x8148190),
line 1097 in "prefork.c"
[5] main(argc = 3, argv = 0x8047cc8), line 740 in "main.c"
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTP fine, SSL segfaults every time; 2.2.14 on
Solaris 10 x86. Backtrace included
Posted by Jeff Trawick <tr...@gmail.com>.
On Tue, Dec 22, 2009 at 1:02 PM, Chris Copeland <ch...@cope360.com> wrote:
> Jeff, thanks for the help. Replacing that file solved my problem.
>
> I could use some guidance on what to do now. I am building packages
> for use on production servers.
>
> * Would 2.2.14 with this patch suitable for use on a production server?
yes
> * Would an earlier version of 2.2 be better for my Solaris 10 x86 environment?
possibly; you'd have to pick your poison though; httpd 2.2.11 and the
APR that came with it should be okay with the prefork MPM as far as
the port code goes, but there are a number of bugs fixed since then; I
can't really recommend that
> * Should I wait for a release that includes these changes?
no
>
> Any advice greatly appreciated.
>
> -Chris
>
> On Fri, Dec 18, 2009 at 6:47 PM, Jeff Trawick <tr...@gmail.com> wrote:
>> Are you using the APR bundled with httpd? If so, please replace
>> srclib/apr/pool/unix/port.c with the latest version:
>>
>> http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/poll/unix/port.c?revision=836111&view=co
>>
>> I don't recognize the backtrace you posted, but that logic is in the
>> general vicinity of two important fixes. One is specific to 32-bit
>> builds on Solaris 10 x86; the other is necessary for all Solaris 10 or
>> OpenSolaris.
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Born in Roswell... married an alien...
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTP fine, SSL segfaults every time; 2.2.14 on
Solaris 10 x86. Backtrace included
Posted by Chris Copeland <ch...@cope360.com>.
Jeff, thanks for the help. Replacing that file solved my problem.
I could use some guidance on what to do now. I am building packages
for use on production servers.
* Would 2.2.14 with this patch suitable for use on a production server?
* Would an earlier version of 2.2 be better for my Solaris 10 x86 environment?
* Should I wait for a release that includes these changes?
Any advice greatly appreciated.
-Chris
On Fri, Dec 18, 2009 at 6:47 PM, Jeff Trawick <tr...@gmail.com> wrote:
> Are you using the APR bundled with httpd? If so, please replace
> srclib/apr/pool/unix/port.c with the latest version:
>
> http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/poll/unix/port.c?revision=836111&view=co
>
> I don't recognize the backtrace you posted, but that logic is in the
> general vicinity of two important fixes. One is specific to 32-bit
> builds on Solaris 10 x86; the other is necessary for all Solaris 10 or
> OpenSolaris.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTP fine, SSL segfaults every time; 2.2.14 on
Solaris 10 x86. Backtrace included
Posted by Jeff Trawick <tr...@gmail.com>.
On Fri, Dec 18, 2009 at 5:38 PM, Chris Copeland <ch...@cope360.com> wrote:
> Hello,
>
> I am building OpenSSL, HTTPD, and Tomcat Connectors on Solaris 10 x86
> using the Sun Studio compiler.
>
> There server runs fine in HTTP mode but segfaults immediately when SSL
> is enabled. OpenSSL passed all tests when built.
>
> Below I have:
> * Configure and compile commands for all
> * Error log
> * Backtrace
>
> I would greatly appreciate any help. If I can provide any more
> information, please just let me know what.
Are you using the APR bundled with httpd? If so, please replace
srclib/apr/pool/unix/port.c with the latest version:
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/poll/unix/port.c?revision=836111&view=co
I don't recognize the backtrace you posted, but that logic is in the
general vicinity of two important fixes. One is specific to 32-bit
builds on Solaris 10 x86; the other is necessary for all Solaris 10 or
OpenSolaris.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org