Apache 2 with SSL dies

To: debian-apache@lists.debian.org
Subject: Apache 2 with SSL dies
From: "Adam Warner" <lists@consulting.net.nz>
Date: Fri, 18 Oct 2002 22:11:15 +1300
Message-id: <pan.2002.10.18.09.11.12.88781@consulting.net.nz>
Hi all,

I experienced a power cut so I thought I better check that my web sites
had come back up. I was surprised to discover that they had not, nor had
my backup server. If the reboot is the only reason I found out about this
then there may be a grave error waiting to happen to others.

I finally isolated why Apache 2 kept dying straight after starting up.
There is this obtuse final error message in my ssl_server.log:

[Fri Oct 18 20:39:50 2002] [info] Init: Initializing OpenSSL library
[Fri Oct 18 20:39:50 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Fri Oct 18 20:39:50 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Oct 18 20:39:54 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Oct 18 20:39:54 2002] [info] Init: Initializing (virtual) servers for SSL
[Fri Oct 18 20:39:54 2002] [info] Server: Apache/2.0.43, Interface: mod_ssl/2.0.43, Library: OpenSSL/0.9.6g
[Fri Oct 18 20:39:54 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Fri Oct 18 20:39:54 2002] [info] Init: Initializing OpenSSL library
[Fri Oct 18 20:39:54 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Fri Oct 18 20:39:54 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Oct 18 20:40:07 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Oct 18 20:40:07 2002] [error] Cannot allocate shared memory: (17)File exists

I got the sites back up by moving ssl.conf and ssl.load out of
mods-enabled and by commenting out any mention of SSL in sites-enabled.

I'm running a proxy and main server on the same computer. This has been
working fine for the last couple of months. Some package upgrade has
broken SSL support. I have tried downgrading a number of packages without
success.

It might help you to understand the server config by looking at ssl.conf:

<IfDefine proxy>
  SSLSessionCache shm:/var/log/apache2/ssl_scache_proxy(128000)
  SSLMutex file:/var/log/apache2/ssl_mutex_proxy
  SSLRandomSeed startup file:/dev/urandom 512
  SSLRandomSeed connect file:/dev/urandom 512
  ErrorLog /var/log/apache2/ssl_proxy.log
  LogLevel info
</IfDefine>

<IfDefine server>
  SSLSessionCache shm:/var/log/apache2/ssl_scache_server(128000)
  SSLMutex file:/var/log/apache2/ssl_mutex_server
  SSLRandomSeed startup file:/dev/urandom 512
  SSLRandomSeed connect file:/dev/urandom 512
  ErrorLog /var/log/apache2/ssl_server.log
  LogLevel info
</IfDefine>

Exactly the same order of info and the same final error is also found in
ssl_proxy.log.

I currently have installed:

# dpkg -l apache2-mpm-worker apache2-common libapr0 libssl0.9.6
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name                Version             Description
+++-===================-===================-======================================================
ii  apache2-mpm-worker  2.0.43-1            High speed threaded model for Apache2
ii  apache2-common      2.0.43-1            Next generation, scalable, extendable web server
ii  libapr0             2.0.43-1            The Apache Portable Runtime
ii  libssl0.9.6         0.9.6c-2.woody.1    SSL shared libraries

I've also upgraded libssl0.9.6 to 0.9.6g-6 and it makes no difference.

Perhaps that's the cause of the file exists error message?

Here are the last log messages since when it used to work:

[Sat Oct 12 15:57:30 2002] [warn] child process 274 still did not exit, sending a SIGTERM
[Sat Oct 12 15:57:30 2002] [warn] child process 274 still did not exit, sending a SIGTERM
[Sat Oct 12 15:57:32 2002] [info] removed PID file /var/run/apache2_server.pid (pid=248)
[Sat Oct 12 15:57:32 2002] [notice] caught SIGTERM, shutting down
[Sat Oct 12 15:57:44 2002] [info] Init: Initializing OpenSSL library
[Sat Oct 12 15:57:44 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Sat Oct 12 15:57:44 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat Oct 12 15:57:53 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat Oct 12 15:57:53 2002] [info] Init: Initializing (virtual) servers for SSL
[Sat Oct 12 15:57:53 2002] [info] Server: Apache/2.0.43, Interface: mod_ssl/2.0.43, Library: OpenSSL
/0.9.6g
[Sat Oct 12 15:57:53 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Sat Oct 12 15:57:53 2002] [info] Init: Initializing OpenSSL library
[Sat Oct 12 15:57:54 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Sat Oct 12 15:57:54 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat Oct 12 15:58:00 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat Oct 12 15:58:00 2002] [info] Shared memory session cache initialised
[Sat Oct 12 15:58:00 2002] [info] Init: Initializing (virtual) servers for SSL
[Sat Oct 12 15:58:00 2002] [info] Server: Apache/2.0.43, Interface: mod_ssl/2.0.43, Library: OpenSSL
/0.9.6g
[Sat Oct 12 15:58:00 2002] [notice] Apache/2.0.43 (Debian GNU/Linux) mod_ssl/2.0.43 OpenSSL/0.9.6g c
onfigured -- resuming normal operations
[Sat Oct 12 15:58:00 2002] [info] Server built: Oct  8 2002 21:59:47


You can see it was still working after I upgraded to 2.0.43 (but this was
just a package upgrade, not a reboot)

So there is a 6 day gap before the reboot that includes a few upgrades.

Here is a list of potentially relevant packages from
/var/cache/apt/archives that may have been upgraded over that time:

-rw-r--r--    1 root     root        66372 Oct 16 21:32 libpgsql2_7.2.3-0.2_i386.deb
-rw-r--r--    1 root     root       426188 Oct 16 21:32 pgaccess_7.2.3-0.2_i386.deb
-rw-r--r--    1 root     root        66314 Oct 15 21:17 libpgsql2_7.2.3-0.1_i386.deb
-rw-r--r--    1 root     root       426154 Oct 15 21:17 pgaccess_7.2.3-0.1_i386.deb
-rw-r--r--    1 root     root      1937048 Oct 15 16:02 python2.2_2.2.2-1_i386.deb
-rw-r--r--    1 root     root        14730 Oct 14 01:17 initrd-tools_0.1.33_all.deb
-rw-r--r--    1 root     root       256930 Oct 12 04:17 libfreetype6_2.1.2-8_i386.deb
-rw-r--r--    1 root     root        14636 Oct 11 23:47 initrd-tools_0.1.32_all.deb
-rw-r--r--    1 root     root      1934146 Oct 11 10:32 python2.2_2.2.1.91-1_i386.deb
-rw-r--r--    1 root     root       724406 Oct  9 17:32 openssl_0.9.6g-9_i386.deb
-rw-r--r--    1 root     root      1955218 Oct  9 10:47 apache2-common_2.0.43-1_i386.deb
-rw-r--r--    1 root     root       202910 Oct  9 10:47 apache2-mpm-worker_2.0.43-1_i386.deb
-rw-r--r--    1 root     root       107296 Oct  9 10:47 libapr0_2.0.43-1_i386.deb
-rw-r--r--    1 root     root       724362 Oct  8 23:17 openssl_0.9.6g-8_i386.deb
-rw-r--r--    1 root     root       724296 Oct  7 02:02 openssl_0.9.6g-7_i386.deb
-rw-r--r--    1 root     root        14466 Oct  7 00:32 initrd-tools_0.1.31_all.deb

Regards,
Adam
Reply to:
Follow-Ups:
- Re: Apache 2 with SSL dies
  - From: Thom May <thom@debian.org>
Prev by Date: apache2 and php4
Next by Date: Re: Apache 2 with SSL dies
Previous by thread: apache2 and php4
Next by thread: Re: Apache 2 with SSL dies
Index(es):
- Date
- Thread