Date: Tue, 29 Mar 2005 20:53:33 +0300 (EEST) From: Pekka Savola <pekkas@netcore.fi> To: freebsd-stable@freebsd.org Subject: Re: Apache Signal 11 Message-ID: <Pine.LNX.4.61.0503292041500.4724@netcore.fi> In-Reply-To: <Pine.LNX.4.61.0503201108560.19276@netcore.fi> References: <Pine.LNX.4.61.0503201108560.19276@netcore.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
FWIW, It may be that our issue was this: http://www.freebsd.org/cgi/query-pr.cgi?pr=78776 What I have since then tried: - setting up irqs as sources for /dev/random pool, (in my case vmstat -i shows a lot of activity at 2, 10, 0 and 8, and I used the first two with rndcontrol and then in rc.conf w/ rand_irqs=) - installing prngd, and using it for SSL seeding - replacing SSLRandomSeed with different values (egd, builtin, urandom) At first. just commenting out the openssl php module didn't work, but now that I have more activity in /dev/random due to using irqs, removing openssl php module was apparently a sufficient short-term fix for my problem at least.. and it works now. However, I have no idea why it had suddenly ceased working; if I'd have to guess, this might have had something to with php4's openssl revision 1.84 at ports/lang/php4/Makefile (a compilation option to build openssl statically). HTH.. On Sun, 20 Mar 2005, Pekka Savola wrote: > I've started to experience the same thing which Kyle Mott and "Vlad" reported > with apache+mod_ssl crashing when SSL is enabled: > > #0 0x2840b63c in engine_table_select () from /usr/lib/libcrypto.so.3 > #1 0x283ebc88 in ENGINE_get_default_RAND () from /usr/lib/libcrypto.so.3 > #2 0x283eaf6e in RAND_get_rand_method () from /usr/lib/libcrypto.so.3 > #3 0x283eb07c in RAND_seed () from /usr/lib/libcrypto.so.3 > #4 0x2830be47 in ssl_rand_seed () from /usr/local/libexec/apache/libssl.so > #5 0x28307dac in ssl_init_Module () from /usr/local/libexec/apache/libssl.so > #6 0x8055714 in ap_init_modules () > #7 0x805d8fe in standalone_main () > #8 0x805e08b in main () > #9 0x804fcde in _start () > > A few salient points: > - running FreeBSD-4.11 stable, and the latest apache+mod_ssl port w/ PHP > - the crash occurs before httpd creates the child processes > - disabling PHP does not work; disabling SSL works around this > problem (but is not an acceptable solution, of course :) > - I don't have any cryptocards, nor have I made any significant > changes to the system since this started happening. The system > uptime was around 40 days, so the process has at least started fine > 40 days ago. > - rebuilding world and apache+mod_ssl does not help > - /dev/{u,}random seem to be fine > - my /tmp is mounted nodev,noexec,nosuid but this has worked with it > in the past, so should not be an issue. > > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.61.0503292041500.4724>