[Techtalk] Re: Help! Apache startssl Dies Silently?

Kai MacTane kmactane at GothPunk.com
Sun Sep 21 23:15:27 EST 2003 

At 9/20/03 05:19 PM , gab wrote:

>Well, let's compare logs.  :D

Cool!

> > [19/Sep/2003 18:50:30 30777] [info]  Server: Apache/1.3.28, Interface:
> > mod_ssl/2.8.15, Library: OpenSSL/0.9.6g
>
>Mine has:
>[19/Sep/2003 13:03:07 11321] [info]  Server: Apache/1.3.28, Interface:
>mod_ssl/2.8.15, Library: OpenSSL/0.9.6d

Okay, so we're using different OpenSSL versions. FWIW, this is the same 
OpenSSL as I had before I upgraded Apache, back when my secure APache was 
working. I've upgraded Apache and its associated mod_perl and mod_ssl, plus 
I upgraded PHP while I was at it. But I haven't touched the installed OpenSSL.

> > [19/Sep/2003 18:50:30 30777] [info]  Init: Requesting pass phrase via
> > builtin terminal dialog
> > [19/Sep/2003 18:50:43 30777] [info]  Init: Loading certificate & private
> > key of SSL-aware server www.GothPunk.com:443
> > [19/Sep/2003 18:50:43 30777] [info]  Init: Wiped out the queried pass
> > phrases from memory
>
>^^^^^I am missing these three lines.

I suspect, then, that your certificates aren't encrypted on your server, 
and so apachectl doesn't need to prompt you for a PEM pass phrase on 
startup. Mine does prompt me, and that's when the first of the above lines 
shows up in the log. The next two come when I enter the pass phrase.

> > [19/Sep/2003 18:50:43 30777] [info]  Init: Seeding PRNG with 136 bytes of
> > entropy
> > [19/Sep/2003 18:50:43 30777] [info]  Init: Generating temporary RSA 
> private
> > keys (512/1024 bits)
> > [19/Sep/2003 18:50:45 30777] [info]  Init: Configuring temporary DH
> > parameters (512/1024 bits)
>
>^^^^^These are the same in my log. (DH is Diffie-Hellman.)

Oh, thanks. My best guesses were along the lines of "dynamic header" or 
something.

>Now things get different: I have basically a repeat of what we just saw:
>[19/Sep/2003 13:03:10 11322] [info]  Init: 2nd startup round (already
>detached)
>[19/Sep/2003 13:03:10 11322] [info]  Init: Reinitializing OpenSSL
>library
>[etc...]

Wild. So, is my server crashing while it tries to configure its DH 
parameters, or when it tries to do its second startup round? (I assume the 
former.)

>WAG:  Do you have the "Virtual Server" section configured correctly in
>your httpd.conf?  The upgrade may have overwritten it, or maybe it's in
>a different format now, or something?

My httpd.conf appears untouched by the upgrade. (Otherwise, I'd have been 
screaming bloody murder about all my vhost configs being gone!) How would I 
check on the format?

If you like, I can post just the virtual server stuff; that's not *too* 
excessive, if I trim out the comments.

                                                 --Kai MacTane
----------------------------------------------------------------------
"'Don't look, don't look,' the shadows scream,
  Whispering me away from you..."
                                                 --The Cure,
                                                  "Burn"

More information about the Techtalk mailing list