From owner-freebsd-questions@FreeBSD.ORG Thu Apr 8 04:49:45 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B338C16A4CF for ; Thu, 8 Apr 2004 04:49:45 -0700 (PDT) Received: from ptb-relay02.plus.net (ptb-relay02.plus.net [212.159.14.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25BA943D2F for ; Thu, 8 Apr 2004 04:49:43 -0700 (PDT) (envelope-from eric@epetech.plus.com) Received: from [212.56.102.148] (helo=epetech.plus.com) by ptb-relay02.plus.net with esmtp (Exim) id 1BBY2P-000OwY-Nc; Thu, 08 Apr 2004 11:49:41 +0000 Message-ID: <40753C24.6060903@epetech.plus.com> Date: Thu, 08 Apr 2004 12:48:52 +0100 From: Eric Penfold User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en, en-us MIME-Version: 1.0 To: RYAN vAN GINNEKEN Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: startssl at boot time X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2004 11:49:45 -0000 (side note, I'm a lurker, not a subscriber, so this response will probably break threading. If anyone has suggestions on how best to reply, without needing to subscribe and be swamped by email, I'd be grateful). I'm slightly confused as to what your actual problem is, as the logs you've posted make sense to me with regard to how you generated them. Referring back to your post (http://docs.freebsd.org/cgi/mid.cgi?4074751E.2070607): RYAN vAN GINNEKEN wrote: >This is right ??? the reason i ask is because apache does not start on a >reboot no ssl or even regular apache. You then go on to show the log output from doing "apachectl start" vs "apachectl startssl". Note that the difference between these is very subtle, and not simply an issue of Is SSL initialised or not. Specifically, all that additionally happens with "startssl" is that "SSL" flag is defined, such that blocks will be evaluted. Note that with the default ssl.conf, this is where SSLSessionCache, and SSLRandomSeed are defined (among other things). So, this explains why you see: >here is the log output of an >apache stop then apache start using the script listed below when i use >apache start only regular apache starts so i then have to issue the >apache startssl command. >[... snip ...] >[Wed Apr 07 13:20:08 2004] [info] Init: Initializing OpenSSL library >[Wed Apr 07 13:20:08 2004] [info] Init: Seeding PRNG with 0 bytes of entropy >[... snip ...] >[Wed Apr 07 13:20:08 2004] [warn] Init: Session Cache is not configured >[hint: SSLSess As you say, you have to use startssl. The likely cause, as Matthew suggested, is lack of randomness. However, it would help, if you were to post log output from apache starting up *after a reboot*, rather than from manual startssl/stop, since this is where (as far as I can understand) the problem lies. Cheers, Eric.