Apache and mod_ssl (extra info)

Apache and mod_ssl (extra info)

am 04.09.2007 22:30:16 von Aaron Smith

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7EF32.65752815
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

So I tried something kind of new. I completely removed the
directory with the non-functioning apache install. I went back to the
source, did a make clean, a new configure using the same parameters as
before: =20

=20

../configure --prefix=3D/opt/apache3 --enable-auth-dbm=3Dshared
--enable-expires=3Dshared --enable-headers=3Dshared =
--enable-rewrite=3Dshared
--enable-mime-magic=3Dshared --enable-info=3Dshared =
--enable-status=3Dshared
--enable-userdir=3Dshared --enable-http --enable-so =
--enable-ssl=3Dstatic
--with-ssl=3D/opt/openssl098d --with-perl=3D/opt/perl58 --with-ndbm
--enable-ldap=3Dshared --enable-auth_ldap=3Dshared
--with-ldap=3D/usr/local/OpenLDAP.2.3

=20

Had SHLIB_PATH set to
"/opt/openssl098d/lib:/usr/local/OpenLDAP.2.3/lib" as well as CPPFLAGS
and LDFLAGS set with -I and -L flags for those two non-standard
directories. This is all the same as what I had done before.

=20

After the make, make install, I went in to the installed directory and
made as minimal changes as I could. I changed Listen port in the main
httpd.conf to 8040 and the Listen port (as well as the VirtualHost port)
in ssl.conf to 8045 so it wouldn't step on the toes of the production
apache process. I then changed the User and Group directives in
httpd.conf to the webadmin user which the other apache process runs as.
Launched this just about plain jane apache using apachectl startssl.
Connecting via http to 8040, everything looks fine. Connecting via
https to port 8045 shows the behavior of child processing hanging in a
waiting state.

=20

Am I wrong in thinking this is a permissions issue? Or perhaps
something is funky with the fact that the SSL libraries are in a strange
spot? I've tried adding the library path to envvars in apache3/bin and
having PassEnv SHLIB_PATH in the httpd.conf. However, the WORKING
installation is linked to these exact same libraries and although
there's a PassEnv command in it's httpd.conf, nothing was added to
envvars.

=20

If it *is* a permissions issue, what does mod_ssl need permission to get
to in order to function properly? I notice that the ssl_scache.dir and
ssl_scache.pag files are created in the logs directory, (though the .dir
file is 0 bytes) both owned by webadmin, so that user can at least
CREATE files in that directory.

=20

=20


------_=_NextPart_001_01C7EF32.65752815
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









style=3D'font-size:10.0pt;
font-family:Arial'>         =
   So
I tried something kind of new.  I completely removed the directory =
with
the non-functioning apache install.  I went back to the source, did =
a make
clean, a new configure using the same parameters as before:  =



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>./configure --prefix=3D/opt/apache3 =
--enable-auth-dbm=3Dshared
--enable-expires=3Dshared --enable-headers=3Dshared =
--enable-rewrite=3Dshared
--enable-mime-magic=3Dshared --enable-info=3Dshared =
--enable-status=3Dshared
--enable-userdir=3Dshared --enable-http --enable-so =
--enable-ssl=3Dstatic
--with-ssl=3D/opt/openssl098d --with-perl=3D/opt/perl58 --with-ndbm
--enable-ldap=3Dshared --enable-auth_ldap=3Dshared
--with-ldap=3D/usr/local/OpenLDAP.2.3



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'> Had SHLIB_PATH set to =
“/opt/openssl098d/lib:/usr/local/OpenLDAP.2.3/lib”
 as well as CPPFLAGS and LDFLAGS set with –I and –L =
flags for
those two non-standard directories.  This is all the same as what I =
had
done before.



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>After the make, make install, I went in to the =
installed directory
and made as minimal changes as I could.  I changed Listen port in =
the main
httpd.conf to 8040 and the Listen port (as well as the VirtualHost port) =
in
ssl.conf to 8045 so it wouldn’t step on the toes of the production =
apache
process.  I then changed the User and Group directives in =
httpd.conf to
the webadmin user which the other apache process runs as.  Launched =
this
just about plain jane apache using apachectl startssl.  Connecting =
via
http to 8040, everything looks fine.  Connecting via https to port =
8045
shows the behavior of child processing hanging in a waiting =
state.



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>Am I wrong in thinking this is a permissions issue? =
 Or
perhaps something is funky with the fact that the SSL libraries are in a
strange spot?  I’ve tried adding the library path to envvars =
in apache3/bin
and having PassEnv SHLIB_PATH in the httpd.conf.  However, the =
WORKING
installation is linked to these exact same libraries and although =
there’s
a PassEnv command in it’s httpd.conf, nothing was added to =
envvars.



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>If it * style=3D'font-weight:bold'>is* a
permissions issue, what does mod_ssl need permission to get to in order =
to
function properly?  I notice that the ssl_scache.dir and =
ssl_scache.pag
files are created in the logs directory, (though the .dir file is 0 =
bytes) both
owned by webadmin, so that user can at least CREATE files in that =
directory.



style=3D'font-size:
12.0pt'> 



style=3D'font-size:
12.0pt'> 









------_=_NextPart_001_01C7EF32.65752815--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org