Re: SSLSessionCache file not created

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Luca,

I increased the LogLevel to debug, but nothing related to the issue came up.

However, looking in /proc/$PID/fd/, where $PID is the process ID of an
Apache process, I find that there are two symbolic links pointing to

/run/lock/apache2/ssl-cache.19037       # number changes after restart
/run/lock/apache2/ssl-stapling.19037    # number changes after restart

Both these link destinations are deleted. So it looks like the SSL
session and stapling caches are created, opened, and then deleted, with
the file descriptors remaining active and the caches remaining functional.

What's more peculiar though is that my configuration says

SSLSessionCache  shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768)

where APACHE_RUN_DIR is /var/run/apache2. Note that

1.) the above file descriptors point inside /run/, not /var/run/
2.) the basenames are different (e.g. ssl-cache instead of ssl_scache)

So my settings are apparently ignored. This is on Ubuntu 14.04. I wonder
if the Ubuntu Apache package has something special going on here?

It would be nice if this could be understood. Any more thoughts?

Thanks a lot,
Peter

PS: I had a similar issue in the past, where I could not see temporary
    files of a daemon. It turned out that the daemon had a private
    /tmp/ mount in its own filesystem namespace, achieved via systemd's
    PrivateTmp setting. However, the issue at hand does not seem to be
    a namespace issue.

On 03/27/2017 04:12 PM, Luca Toscano wrote:
> Hi Peter,
> 
> 2017-03-23 13:58 GMT+01:00 Peter Thomassen <thomassen@xxxxxx
> <mailto:thomassen@xxxxxx>>:
> 
>     Hi,
> 
>     Using Apache 2.4.10 on Ubuntu, I configured SSLSessionCache like
> 
>             SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
> 
>     ... where APACHE_RUN_DIR is /var/run/apache2.
> 
>     During operating, the ssl_scache file is not created. However, according
>     to server-status, there are still entries in the cache.
> 
>     I don't understand this behavior -- is this normal?
> 
> 
> Anything relevant in the error logs? If not, could you increase the
> LogLevel (https://httpd.apache.org/docs/2.4/mod/core.html#loglevel) and
> see if anything comes up?
> 
> Luca 
> 

-- 
Mit freundlichen Grüßen
Peter Thomassen

OpenPGP Key: 0x2BA469F9

Verwirrender Anhang? Das ist eine digitale Unterschrift.
Details: https://www.anonym-surfen.de/help/email-openpgp.html

------------------------------------------
a4a GmbH
Scheffelstr. 14
97072 Würzburg
Germany

fon: +49-931-2705351
fax: +49-931-27049942

web: https://a4a.de
e-mail: info@xxxxxx

Geschäftsführer: Dr. Peter Thomassen
Registergericht AG Würzburg HRB 10041
USt-IdNr.: DE263344753

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux