[Techtalk] Re: Help! Apache startssl Dies Silently?
Kai MacTane
kmactane at GothPunk.com
Sun Sep 21 23:15:27 EST 2003
At 9/20/03 05:19 PM , gab wrote:
>Well, let's compare logs. :D
Cool!
> > [19/Sep/2003 18:50:30 30777] [info] Server: Apache/1.3.28, Interface:
> > mod_ssl/2.8.15, Library: OpenSSL/0.9.6g
>
>Mine has:
>[19/Sep/2003 13:03:07 11321] [info] Server: Apache/1.3.28, Interface:
>mod_ssl/2.8.15, Library: OpenSSL/0.9.6d
Okay, so we're using different OpenSSL versions. FWIW, this is the same
OpenSSL as I had before I upgraded Apache, back when my secure APache was
working. I've upgraded Apache and its associated mod_perl and mod_ssl, plus
I upgraded PHP while I was at it. But I haven't touched the installed OpenSSL.
> > [19/Sep/2003 18:50:30 30777] [info] Init: Requesting pass phrase via
> > builtin terminal dialog
> > [19/Sep/2003 18:50:43 30777] [info] Init: Loading certificate & private
> > key of SSL-aware server www.GothPunk.com:443
> > [19/Sep/2003 18:50:43 30777] [info] Init: Wiped out the queried pass
> > phrases from memory
>
>^^^^^I am missing these three lines.
I suspect, then, that your certificates aren't encrypted on your server,
and so apachectl doesn't need to prompt you for a PEM pass phrase on
startup. Mine does prompt me, and that's when the first of the above lines
shows up in the log. The next two come when I enter the pass phrase.
> > [19/Sep/2003 18:50:43 30777] [info] Init: Seeding PRNG with 136 bytes of
> > entropy
> > [19/Sep/2003 18:50:43 30777] [info] Init: Generating temporary RSA
> private
> > keys (512/1024 bits)
> > [19/Sep/2003 18:50:45 30777] [info] Init: Configuring temporary DH
> > parameters (512/1024 bits)
>
>^^^^^These are the same in my log. (DH is Diffie-Hellman.)
Oh, thanks. My best guesses were along the lines of "dynamic header" or
something.
>Now things get different: I have basically a repeat of what we just saw:
>[19/Sep/2003 13:03:10 11322] [info] Init: 2nd startup round (already
>detached)
>[19/Sep/2003 13:03:10 11322] [info] Init: Reinitializing OpenSSL
>library
>[etc...]
Wild. So, is my server crashing while it tries to configure its DH
parameters, or when it tries to do its second startup round? (I assume the
former.)
>WAG: Do you have the "Virtual Server" section configured correctly in
>your httpd.conf? The upgrade may have overwritten it, or maybe it's in
>a different format now, or something?
My httpd.conf appears untouched by the upgrade. (Otherwise, I'd have been
screaming bloody murder about all my vhost configs being gone!) How would I
check on the format?
If you like, I can post just the virtual server stuff; that's not *too*
excessive, if I trim out the comments.
--Kai MacTane
----------------------------------------------------------------------
"'Don't look, don't look,' the shadows scream,
Whispering me away from you..."
--The Cure,
"Burn"
More information about the Techtalk
mailing list