[users@httpd] apache2, mod_ssl, Connection to child 0 closed with abortive shutdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hello

I'm using apache2.0.53 on an i64 (Opteron) Solaris 10 server,
and it works fine (as I'd expect), except when I try and
set up mod_ssl on it.  I'm using it to run a subversion server.
It's compiled with Sun's SFW gcc, and the following arguments :

./configure --enable-dav --enable-ssl

I'm seeing this in my log file :

[Mon Feb 28 17:03:11 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv3 read certificate verify A [Mon Feb 28 17:03:11 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv3 read certificate verify A [Mon Feb 28 17:03:11 2005] [info] SSL library error 1 in handshake (server dart.opaltree.com.au:443, client 211.26.251.34) [Mon Feb 28 17:03:11 2005] [info] SSL Library Error: 336187530 error:1409D08A:SSL routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable [Mon Feb 28 17:03:11 2005] [info] Connection to child 0 closed with abortive shutdown(server dart.opaltree.com.au:443, client 211.26.251.34)


And the client is reporting a broken connection; mozilla 1.7.5 says :

The connection to svn.opaltree.com.au has terminated unexpectedly, some
data may have been transferred


There's a pile of errors in the logs, I think this is the relevant
batch :

[Mon Feb 28 17:20:52 2005] [notice] Graceful restart requested, doing restart [Mon Feb 28 17:20:52 2005] [info] Connection to child 0 established (server dart.opaltree.com.au:443, client 127.0.0.1)
[Mon Feb 28 17:20:52 2005] [info] Seeding PRNG with 0 bytes of entropy
[Mon Feb 28 17:20:52 2005] [info] Connection to child 2 established (server dart.opaltree.com.au:443, client 127.0.0.1)
[Mon Feb 28 17:20:52 2005] [info] Seeding PRNG with 0 bytes of entropy
[Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1772): OpenSSL: Handshake: start [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1780): OpenSSL: Loop: before/accept initialization [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1772): OpenSSL: Handshake: start [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1780): OpenSSL: Loop: before/accept initialization [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_io.c(1522): OpenSSL: I/O error, 11 bytes expected to read on BIO#81ea088 [mem: 81f1710] [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Mon Feb 28 17:20:52 2005] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Mon Feb 28 17:20:52 2005] [info] Connection to child 2 closed with abortive shutdown(server dart.opaltree.com.au:443, client 127.0.0.1) [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_io.c(1522): OpenSSL: I/O error, 11 bytes expected to read on BIO#81d65a0 [mem: 81f1638] [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Mon Feb 28 17:20:52 2005] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Mon Feb 28 17:20:52 2005] [info] Connection to child 0 closed with abortive shutdown(server dart.opaltree.com.au:443, client 127.0.0.1) [Mon Feb 28 17:20:52 2005] [info] Connection to child 1 established (server dart.opaltree.com.au:443, client 127.0.0.1)
[Mon Feb 28 17:20:52 2005] [info] Seeding PRNG with 0 bytes of entropy
[Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1772): OpenSSL: Handshake: start [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1780): OpenSSL: Loop: before/accept initialization [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_io.c(1522): OpenSSL: I/O error, 11 bytes expected to read on BIO#81d65f8 [mem: 81f1638] [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Mon Feb 28 17:20:52 2005] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Mon Feb 28 17:20:52 2005] [info] Connection to child 1 closed with abortive shutdown(server dart.opaltree.com.au:443, client 127.0.0.1)
[Mon Feb 28 17:20:52 2005] [info] Init: Initializing OpenSSL library
[Mon Feb 28 17:20:52 2005] [info] Init: Seeding PRNG with 512 bytes of entropy [Mon Feb 28 17:20:52 2005] [info] Loading certificate & private key of SSL-aware server [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Mon Feb 28 17:20:52 2005] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Mon Feb 28 17:20:52 2005] [info] Init: Generating temporary DH parameters (512/1024 bits) [Mon Feb 28 17:20:52 2005] [debug] ssl_scache_dbm.c(404): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Mon Feb 28 17:20:52 2005] [info] Init: Initializing (virtual) servers for SSL
[Mon Feb 28 17:20:52 2005] [info] Configuring server for SSL protocol
[Mon Feb 28 17:20:52 2005] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_init.c(588): Configuring permitted SSL ciphers [ALL] [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_init.c(716): Configuring RSA server certificate [Mon Feb 28 17:20:52 2005] [warn] RSA server certificate CommonName (CN) `svn.opaltree.com.au' does NOT match server name!? [Mon Feb 28 17:20:52 2005] [debug] ssl_engine_init.c(755): Configuring RSA server private key [Mon Feb 28 17:20:52 2005] [info] Server: Apache/2.0.53, Interface: mod_ssl/2.0.53, Library: OpenSSL/0.9.7d [Mon Feb 28 17:20:52 2005] [notice] Apache/2.0.53 (Unix) SVN/1.1.3 mod_ssl/2.0.53 OpenSSL/0.9.7d DAV/2 configured -- resuming normal operations
[Mon Feb 28 17:20:52 2005] [info] Server built: Feb 28 2005 16:45:30
[Mon Feb 28 17:20:52 2005] [debug] prefork.c(956): AcceptMutex: fcntl (default: fcntl)


My ssl.conf is this :

SSLRandomSeed startup file:/dev/urandom 512
<IfDefine SSL>
Listen 0.0.0.0:443
NameVirtualHost *:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex

<VirtualHost *:443>

    DocumentRoot /data/svn/repositories
    ServerName dart.opaltree.com.au
    ServerAlias svn.opaltree.com.au
    <Directory />
        AuthType Basic
        AuthName "Opaltree Subversion repository"
        AuthUserFile /data/svn/htpasswd
        Require valid-user
    </Directory>
    <Location /CADRiA>
        DAV svn
        SVNpath /data/svn/repositories/CADRiA
    </Location>

       # General setup for the virtual host
       ErrorLog /usr/local/apache2/logs/error_log
       TransferLog /usr/local/apache2/logs/access_log

       SSL Engine Switch:
       # Enable/Disable SSL for this virtual host.
       SSLEngine on

       SSL Cipher Suite:
       # List the ciphers that the client is permitted to negotiate.
       # See the mod_ssl documentation for a complete list.
    SSLCipherSuite ALL
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile /usr/local/apache2/conf/ssl.crt/dart.crt
    SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/dart.key

</VirtualHost>

</IfDefine>



Can anyone suggest what I may have misconfigured?

Thanks

Carl


--
=======================
Vivitec Pty. Ltd.
Suite 6, 51-55 City Rd.
Southbank, 3006.
Ph. +61 3 8626 5626
Fax +61 3 9682 1000
=======================

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux