Re: [users@httpd] apache2, mod_ssl, Connection to child 0 closed with abortive shutdown

[Joe Orton <jo...@redhat.com>]

On Mon, Feb 28, 2005 at 05:26:39PM +1100, Carl Brewer wrote:
> 
> Hello
> 
> I'm using apache2.0.53 on an i64 (Opteron) Solaris 10 server,
> and it works fine (as I'd expect), except when I try and
> set up mod_ssl on it.  I'm using it to run a subversion server.
> It's compiled with Sun's SFW gcc, and the following arguments :
> 
> ./configure --enable-dav --enable-ssl

What version of OpenSSL?

> 
> I'm seeing this in my log file :
> 
> [Mon Feb 28 17:03:11 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: 
> Exit: error in SSLv3 read certificate verify A
> [Mon Feb 28 17:03:11 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: 
> Exit: error in SSLv3 read certificate verify A
> [Mon Feb 28 17:03:11 2005] [info] SSL library error 1 in handshake 
> (server dart.opaltree.com.au:443, client 211.26.251.34)
> [Mon Feb 28 17:03:11 2005] [info] SSL Library Error: 336187530 
> error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable
> [Mon Feb 28 17:03:11 2005] [info] Connection to child 0 closed with 
> abortive shutdown(server dart.opaltree.com.au:443, client 211.26.251.34)

Are you getting this error for all attempts to connect via SSL, or just 
some?  What's the output of 

  $ openssl s_client -connect dart.opaltree.com.au:443

You could try 

> SSLSessionCache         shm:/usr/local/apache2/logs/ssl_scache

Changing shm to shmcb is worth a try, not sure it'll make a difference
though.

joe

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org