Howto "unload" the mod_ssl from memory?

Dear readers,

Can anyone teach me how to unload/kill/remove the SSL module from
memory, so when I restart Apache the SSL module will be loaded again?

The reason I am asking is because I get this error:

Starting httpd: [Sat Nov 04 18:59:43 2006] [warn] module ssl_module is
already loaded, skipping
[Sat Nov 04 18:59:43 2006] [warn] _default_ VirtualHost overlap on
port 443, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
no listening sockets available, shutting down
Unable to open logs

and the strangest thing is, if I
~# mv /etc/httpd/conf.d/ssl_conf /etc/httpd/conf.d/ssl_conf_old
~# apachectl restart

it works, but https:// still works on the server.

So I guess if I could unload the module I could make the changes to
ssl_conf that I need, and restart Apache and the new settings would be
loaded.

Can anyone help me with this? =)

Lots of love,
Louise
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Howto "unload" the mod_ssl from memory?

Replying to my own post.

I have found the problem, and it is not Apache not unloading its modules =)

~# lsof|grep ssl
rpc.idmap 2607 root mem REG 253,0 213600 5884682
/lib/libssl.so.0.9.7a
vsftpd 2760 root mem REG 253,0 213600 5884682
/lib/libssl.so.0.9.7a
mysqld 31323 mysql mem REG 253,0 213600 5884682
/lib/libssl.so.0.9.7a
~#

but rpc.idmap (what ever that is), vsftpd, and mysqld.

One problem solved, another arised =)

Any help I can get is much appreciated =)

Love,
Louise
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Howto "unload" the mod_ssl from memory?

Replying to my own post again.

Even if I have stopped all daemons that uses libssl, I get the
"module ssl_module is already loaded, skipping" error.

Could there be something very wrong with my ssl.conf? I haven't made
changes to httpd.conf because this howto doesn't do that:
http://www.vanemery.com/Linux/Apache/apache-SSL.html

I have stripped the comments from it to shorten it for this email.

So I am completly out of ideas now... I hope someone at this
mailinglist can help me =)

Hugs,
Louise


LoadModule ssl_module modules/mod_ssl.so

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin



DocumentRoot "/var/www/html"
ServerName removed.com:443
ServerAdmin removed@removed.com

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/my-ca.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/my-ca.crt


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Howto "unload" the mod_ssl from memory?

This:
module ssl_module is already loaded, skipping

means you have LoadModule ssl_module specified twice in your apache
configuration.

This:
_default_ VirtualHost overlap on port 443, the first has precedence

means you have two virtual hosts defined in your configuration which
conflict because they want to use the same socket (IP address/port
pair).

When you move ssl_conf out the way, SSL still works because you must
have LoadModule ssl_module and an SSL virtual host defined in another
config file. Look through your config files and find the offending
duplicate entries.

What's probably happening is your Apache distribution already has SSL
configured, and when you've followed the SSL howto you've duplicated the
steps required to enable SSL.

That's my tuppence worth anyway. Hope it helps.

--
Michael


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Howto "unload" the mod_ssl from memory?

Louise Hoffman wrote:
> Replying to my own post again.
>
> Even if I have stopped all daemons that uses libssl, I get the
> "module ssl_module is already loaded, skipping" error.
>
> Could there be something very wrong with my ssl.conf? I haven't made
> changes to httpd.conf because this howto doesn't do that:
> http://www.vanemery.com/Linux/Apache/apache-SSL.html

Hi Louise,

Two things you can check are your httpd.conf and ssl.conf files.
In mine, the httpd.conf file contains:

LoadModule ssl_module modules/mod_ssl.so

and then just a few lines down:

#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf


So this includes *.conf files listed in the conf.d directory (in
mine, this is on the same directory level as the "conf" directory
below /etc/httpd). My ssl.conf file is in this second directory and
has as one of its commands:

LoadModule ssl_module modules/mod_ssl.so

This was triggering the same error you are seeing on your server.
I kept trying to find out why this module was getting loaded twice
and finally ran it down. I just commented out the "LoadModule..."
command in the httpd.conf file and the problem cleared up (since it
was only getting loaded once now instead of twice: once in the
httpd.conf file and again in the ssl.conf file).

I do not know if this will apply to your situation but it sounds like
it might be something to check. It took me a couple of hours of digging
around in the filesystem to find that one. I'm a noobie or I guess I
would have found it quicker. :-)

Patrick







____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Howto "unload" the mod_ssl from memory?

> Hi Louise,

Hi Patrick =)

> Include conf.d/*.conf

> So this includes *.conf files listed in the conf.d directory (in
> mine, this is on the same directory level as the "conf" directory
> below /etc/httpd). My ssl.conf file is in this second directory and
> has as one of its commands:

This was just it =)

I backed up the original and called it _ssl.conf

From now on will I learn learn how to use SVN, and check /etc in as
the first thing, so I don't try something similar another time =)

> I do not know if this will apply to your situation but it sounds like
> it might be something to check. It took me a couple of hours of digging
> around in the filesystem to find that one. I'm a noobie or I guess I
> would have found it quicker. :-)

I think I spend about 4-5 hours on the debugging and tracing without
solving this problem, so I am very glad for Michael's and yours reply
=) I would very have solved it without.

With love,
Louise
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Apache man-in-the-middle settings

Hi all, I am told that there is a setting in apache that will drop
connections if the destination changes. This, ideally, should help
prevent man-in-the-middle attacks. However, this also causes
problems with clients that load balance between ISP's. What setting
does this? Thanks!

Robert

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org