LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 01-20-2003, 06:31 AM   #1
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Rep: Reputation: 30
startssl segfaults :'(


I have recently installed a machine with apache apache_1.3.27 and
mod_ssl-2.8.12-1.3.27. I have transferred a domain to a new machine, copied over it's ssl certificate and key files, but am unable to start the ssl server.. It segfaults and I can't figure out why:

bash-2.05# /usr/local/apache/bin/apachectl startssl
/usr/local/apache/bin/apachectl: line 184: 32549 Segmentation fault $HTTPD -DSSL
/usr/local/apache/bin/apachectl startssl: httpd could not be started

the ssl_engine_log shows the following (which looks farly normal):

[20/Jan/2003 11:28:10 32618] [info] Init: Initializing OpenSSL library
[20/Jan/2003 11:28:10 32618] [info] Init: Seeding PRNG with 136 bytes of entropy
[20/Jan/2003 11:28:10 32618] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[20/Jan/2003 11:28:10 32618] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[20/Jan/2003 11:28:10 32619] [info] Init: 2nd startup round (already detached)
[20/Jan/2003 11:28:10 32619] [info] Init: Reinitializing OpenSSL library
[20/Jan/2003 11:28:10 32619] [info] Init: Seeding PRNG with 136 bytes of entropy
[20/Jan/2003 11:28:10 32619] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[20/Jan/2003 11:28:10 32619] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[20/Jan/2003 11:28:10 32619] [info] Init: Initializing (virtual) servers for SSL


any ideas chaps?

christo

__________________
$dayjob: us.com, uk.com, uk.net domains
$hangout: my electronic brainpad
 
Old 01-20-2003, 10:57 AM   #2
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
no idea, but there're a few things you can try....

* run openssl s_server -WWW -cert yourcertfile
this will start a plain https server without apache.
You can see whether openssl actually works or if it's
sometihng related to apache.

* find a "core" file that httpd dumped and run
gdb -c core /usr/local/apache/bin/httpd
and type "bt" to see where it went wrong.
 
Old 01-20-2003, 12:06 PM   #3
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Original Poster
Rep: Reputation: 30
thanks for the reply... this is what happened when I tried your first suggestion:

bash-2.05# /usr/bin/openssl s_server -WWW -cert /usr/local/apache/conf/ssl.crt/www.secure.domainnamehere.co.uk.crt
Using default temp DH parameters
unable to get private key from '/usr/local/apache/conf/ssl.crt/www.secure.domainnamehere.co.uk.crt'
3886:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:662:Expecting: DH PARAMETERS
3886:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:662:Expecting: ANY PRIVATE KEY
3886:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1 eos:ssl_rsa.c:707:

I have to admit, these messages are well beyond my comprehension.
I'm quite sure that I did provide a key when compilng mod_ssl, though, using the --with-key directive.

As for the coredumps, I can't see any being genereated.

..still hunting
christo
 
Old 01-20-2003, 11:20 PM   #4
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
looks like something wrong with your cert file, does
/usr/local/apache/conf/ssl.crt/www.secure.domainnamehere.co.uk.crt
exist? i so what's the size of the file?
 
Old 01-21-2003, 03:24 AM   #5
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Original Poster
Rep: Reputation: 30
yeah, it does exist and it's 1927 bytes in size

christo
 
Old 01-21-2003, 03:39 AM   #6
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
that maybe a file with both the private and public key in 1 file, can a look in it, it should only have 1 section...
---BEGIN ... ----
---END ... ----

seperate it into 2 if it's got 2 sections.

the public file goes into the apache option SSLCertificateFile
the private file goes into SSLCertificateKeyFile

the 2 certificate files I have are approx 1k.
 
Old 01-21-2003, 03:55 AM   #7
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Original Poster
Rep: Reputation: 30
I was worth checking, but nope - the crt only has one section in it - it's just fairly long 31 lines in total. BTW, I have transferred the crt from another machine, where it has bee working fine... and I brought the key over with it too and I'm using the same domain name - it's just a different physical machine. I'm wondering if that'll make a difference ?

thanks niknah
christo
 
Old 01-21-2003, 04:59 AM   #8
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Original Poster
Rep: Reputation: 30
I have just tried with a self-signed certificate and still no joy - so I think I'll drop back to apache 1.3.26 and modssl to fit - and see if that solves it

*sigh*

christo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
best practice - startssl on boot? xfurious_mindx Linux - Security 3 01-07-2005 09:23 AM
apachectl startssl error message harlow400 Linux - Software 2 03-01-2004 03:31 AM
slack 9.0 apachectl startssl doesn't work harlow400 Linux - Software 4 02-29-2004 10:03 PM
apachectl startssl doesn't work on SuSE 9.0 ahargrove Linux - Software 3 02-17-2004 12:02 AM
couldn't find startssl option in apahcectl ybc Linux - General 2 04-16-2003 01:23 AM


All times are GMT -5. The time now is 02:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration