You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Chen, Allen" <al...@digex.com> on 2002/04/11 00:06:08 UTC

Apache 2 mod_ssl problems

Has anyone out there (besides me) had problems getting Apache 2.0.35's 
built-in mod_ssl to work?  I've tried building on Solaris 7 and 8 with the 
same results.  I've tried building mod_ssl both shared and staticly; both 
fail, but with different reasons, which I will detail below.

### SHARED

When I build a shared mod_ssl, I use the following configure:

  ./configure --prefix=/local/opt/apache2 \
              --enable-usertrack=shared \
              --enable-so \
              --with-mpm=worker \
              --disable-imap \
              --enable-cgid \
              --enable-ssl=shared \          # shared mod_ssl
              --with-ssl=/usr/local/ssl \    # OpenSSL 0.9.6b
              --enable-dav=shared \
              --enable-dav-fs=shared 
  
It builds and installs fine.  When I start it in non-ssl mode, it also 
works fine.  But when I try "apachectl startssl" I get the following 
output:

  Syntax error on line 220 of /local/opt/apache2/conf/httpd.conf:
  Cannot load /local/opt/apache2/modules/mod_ssl.so into server: ld.so.1:
/local/opt/apache2/bin/httpd: fatal: relocation error: file
/local/opt/apache2/modules/mod_ssl.so: symbol X509_INFO_free: referenced
symbol not found
  ./apachectl startssl: httpd could not be started
  
The syntax error it is complaining about is from the stock httpd.conf:

  LoadModule ssl_module modules/mod_ssl.so 

Running just 'apachectl start' works fine, but, of course, it doesn't serve
SSL.

### STATIC

So since that didn't work, I tried building a staticly-linked mod_ssl
with the following configure:

  ./configure --prefix=/local/opt/apache2 \
              --enable-usertrack=shared \
              --enable-so \
              --with-mpm=worker \
              --disable-imap \
              --enable-cgid \
              --enable-ssl \                  # static
              --with-ssl=/usr/local/ssl \
              --enable-dav=shared \
              --enable-dav-fs=shared

This builds and installs fine.  However, when I try to start using 
'apachectl startssl' I simply get the following:

  Segmentation Fault
  ./apachectl startssl: httpd could not be started
  
When I try a plain 'apachectl start' I get the following message in 
the error_log:

  [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private
key
  
I found this message in the mod_ssl FAQ which basically says you can fix it 
using SSLRandomKey directives.  However, the default ssl.conf already has

  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin

These directives worked fine on Apache 1.3.x built with mod_ssl 2.8.4 
and OpenSSL 0.9.6b on the same servers.


Any ideas or input would be greatly appreciated.

Thanks,
-Allen
 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org