Compiling Apache 2.0.63 as DSO with OpenSSL 0.9.8g (among other modules. Compiling completes sucessfully, but the runtime fails. This is being compiled on solaris. Interestingly enough, we do not have the same issue with AIX. Here is the output of the error_log with the failure: [Tue May 20 15:08:11 2008] [info] mod_unique_id: using ip addr XXX.XXX.XXX.XXX [Tue May 20 15:08:11 2008] [notice] httplog/2.1.2 XX configured -- resuming normal operations [Tue May 20 15:08:12 2008] [info] ################################ [Tue May 20 15:08:12 2008] [info] Initializing the hardware engine [Tue May 20 15:08:12 2008] [info] ################################ [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(311): Initializing the engine (I've done this 1 times) [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(314): Getting engine by id. [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(323): Getting control context - setting forkcheck. [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(328): Setting default with ENGINE_set_default... [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(336): I should not have gotten here.... help? [Tue May 20 15:08:12 2008] [info] Hardware engine initialization complete [Tue May 20 15:08:12 2008] [info] Init: Initializing OpenSSL library [Tue May 20 15:08:12 2008] [info] Init: Seeding PRNG with 136 bytes of entropy [Tue May 20 15:08:12 2008] [info] Loading certificate & private key of SSL-aware server [Tue May 20 15:08:12 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Tue May 20 15:08:12 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue May 20 15:08:12 2008] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue May 20 15:08:12 2008] [debug] ssl_scache_dbm.c(406): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue May 20 15:08:12 2008] [info] Init: Initializing (virtual) servers for SSL [Tue May 20 15:08:12 2008] [info] Configuring server for SSL protocol [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(397): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(580): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(664): Configuring server certificate chain (4 CA certificates) [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(708): Configuring RSA server certificate [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(747): Configuring RSA server private key [Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(397): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Tue May 20 15:08:12 2008] [info] mod_ssl/2.0.63 compiled against Server: Apache/2.0.63, Library: OpenSSL/0.9.8g [Tue May 20 15:08:12 2008] [notice] httplog: SIGTERM received. Flushing buffers and exiting [Tue May 20 15:08:12 2008] [notice] httplog/2.1.2 XX configured -- resuming normal operations [Tue May 20 15:08:12 2008] [info] mod_unique_id: using ip addr 10.157.246.214 [Tue May 20 15:08:13 2008] [info] ################################ [Tue May 20 15:08:13 2008] [info] Initializing the hardware engine [Tue May 20 15:08:13 2008] [info] ################################ [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(311): Initializing the engine (I've done this 1 times) [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(314): Getting engine by id. [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(323): Getting control context - setting forkcheck. [Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(328): Setting default with ENGINE_set_default... [Tue May 20 15:08:13 2008] [error] Init: Failed to enable Crypto Device API `chil' [Tue May 20 15:08:13 2008] [error] SSL Library Error: 2164682852 error:81067064:CHIL engine:HWCRHK_INIT:already loaded [Tue May 20 15:08:13 2008] [error] SSL Library Error: 638287981 error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed The issue seems to be that OpenSSL hooks into the HWCRHK_INIT twice. Mod_ssl initializes a hardware engine through the ssl_init_Engine function. This is found only in ssl_init_Module of modules/ssl/ssl_engine_init.c in the apache source tree. The ssl_init_Engine function IS being called twice, therefore the ssl_init_Module is being called twice mod_ssl.c registers hooks for ssl_init_Module as a post-config action... it seems those hooks are being processed twice causing the dual-kickoff of the ssl_init_Module function. This is nothing new... this performed this way all the way back in 2.0.55. We have gotten this same error with different versions of 2.0.x with 0.9.8g, so it seems there is something in the build scripts that may be causing this. One other note: we are including a third-party .so specific the to hardware key device we utilize and that is the where HWCRHK_INIT method comes from. Any ideas? Pointers? -------------- I use my cat's name for a password: he is called zo4W*!@n32G+ and I change his name every 60 days --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|