LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   startssl segfaults :'( (http://www.linuxquestions.org/questions/linux-software-2/startssl-segfaults-42116/)

chr15t0 01-20-2003 05:31 AM

startssl segfaults :'(
 
I have recently installed a machine with apache apache_1.3.27 and
mod_ssl-2.8.12-1.3.27. I have transferred a domain to a new machine, copied over it's ssl certificate and key files, but am unable to start the ssl server.. It segfaults and I can't figure out why:

bash-2.05# /usr/local/apache/bin/apachectl startssl
/usr/local/apache/bin/apachectl: line 184: 32549 Segmentation fault $HTTPD -DSSL
/usr/local/apache/bin/apachectl startssl: httpd could not be started

the ssl_engine_log shows the following (which looks farly normal):

[20/Jan/2003 11:28:10 32618] [info] Init: Initializing OpenSSL library
[20/Jan/2003 11:28:10 32618] [info] Init: Seeding PRNG with 136 bytes of entropy
[20/Jan/2003 11:28:10 32618] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[20/Jan/2003 11:28:10 32618] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[20/Jan/2003 11:28:10 32619] [info] Init: 2nd startup round (already detached)
[20/Jan/2003 11:28:10 32619] [info] Init: Reinitializing OpenSSL library
[20/Jan/2003 11:28:10 32619] [info] Init: Seeding PRNG with 136 bytes of entropy
[20/Jan/2003 11:28:10 32619] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[20/Jan/2003 11:28:10 32619] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[20/Jan/2003 11:28:10 32619] [info] Init: Initializing (virtual) servers for SSL


any ideas chaps?

christo

__________________
$dayjob: us.com, uk.com, uk.net domains
$hangout: my electronic brainpad

niknah 01-20-2003 09:57 AM

no idea, but there're a few things you can try....

* run openssl s_server -WWW -cert yourcertfile
this will start a plain https server without apache.
You can see whether openssl actually works or if it's
sometihng related to apache.

* find a "core" file that httpd dumped and run
gdb -c core /usr/local/apache/bin/httpd
and type "bt" to see where it went wrong.

chr15t0 01-20-2003 11:06 AM

thanks for the reply... this is what happened when I tried your first suggestion:

bash-2.05# /usr/bin/openssl s_server -WWW -cert /usr/local/apache/conf/ssl.crt/www.secure.domainnamehere.co.uk.crt
Using default temp DH parameters
unable to get private key from '/usr/local/apache/conf/ssl.crt/www.secure.domainnamehere.co.uk.crt'
3886:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: DH PARAMETERS
3886:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: ANY PRIVATE KEY
3886:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1 eos:ssl_rsa.c:707:

I have to admit, these messages are well beyond my comprehension.
I'm quite sure that I did provide a key when compilng mod_ssl, though, using the --with-key directive.

As for the coredumps, I can't see any being genereated.

..still hunting :)
christo

niknah 01-20-2003 10:20 PM

looks like something wrong with your cert file, does
/usr/local/apache/conf/ssl.crt/www.secure.domainnamehere.co.uk.crt
exist? i so what's the size of the file?

chr15t0 01-21-2003 02:24 AM

yeah, it does exist and it's 1927 bytes in size

christo

niknah 01-21-2003 02:39 AM

that maybe a file with both the private and public key in 1 file, can a look in it, it should only have 1 section...
---BEGIN ... ----
---END ... ----

seperate it into 2 if it's got 2 sections.

the public file goes into the apache option SSLCertificateFile
the private file goes into SSLCertificateKeyFile

the 2 certificate files I have are approx 1k.

chr15t0 01-21-2003 02:55 AM

I was worth checking, but nope - the crt only has one section in it - it's just fairly long 31 lines in total. BTW, I have transferred the crt from another machine, where it has bee working fine... and I brought the key over with it too and I'm using the same domain name - it's just a different physical machine. I'm wondering if that'll make a difference ?

thanks niknah
christo

chr15t0 01-21-2003 03:59 AM

I have just tried with a self-signed certificate and still no joy - so I think I'll drop back to apache 1.3.26 and modssl to fit - and see if that solves it

*sigh*

:) christo


All times are GMT -5. The time now is 09:38 AM.