HPE Community
Operating System - HP-UX
1825061 Members
4816 Online
109679 Solutions
New Discussion юеВ

Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

 
SOLVED
Go to solution
Roland Rebstock_1
Frequent Advisor

тАО05-06-2005 12:45 PM

тАО05-06-2005 12:45 PM

Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

All, Ive been struggling all day on this with no success. This is my first time building apache for HPUX and I require mod_ssl and openssl. I have the 80 instance running but when I start the 443 instance and pass the passphrase, it states it starts and when I immediately run ps -ef | grep http I see the -DSSL process, within 2 second the process dies. I generate the csr, got a temp cert from verisigns etc..It only starts the root owned process, I never see the www process and the only thing it logs to the logs file is this: Im thinking it has something to do with /dev/random. Im using hpux 11.0. PLEASE HELP :(

[06/May/2005 20:18:42 16888] [info] Server: /1.3.33, Interface: mod_ssl/2.8.22, Library: OpenSSL/0.9.7c
[06/May/2005 20:18:42 16888] [info] Init: 1st startup round (still not detached)
[06/May/2005 20:18:42 16888] [info] Init: Initializing OpenSSL library
[06/May/2005 20:18:42 16888] [info] Init: Loading certificate & private key of SSL-aware server msutfa27.usi.net:443
[06/May/2005 20:18:42 16888] [info] Init: Requesting pass phrase via builtin terminal dialog
[06/May/2005 20:18:45 16888] [info] Init: Wiped out the queried pass phrases from memory
[06/May/2005 20:18:45 16888] [info] Init: Seeding PRNG with 136 bytes of entropy
[06/May/2005 20:18:45 16888] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[06/May/2005 20:18:47 16888] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[06/May/2005 20:18:48 16889] [info] Init: 2nd startup round (already detached)
[06/May/2005 20:18:48 16889] [info] Init: Reinitializing OpenSSL library
0 Kudos
Reply
18 REPLIES 18
Denver Osborn
Honored Contributor

тАО05-06-2005 02:08 PM

тАО05-06-2005 02:08 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

It doesn't sound like a /dev/random thing... however, what happens if you attempt to startup without using the certs?

Have you also run a syntax check to make sure the conf files aren't a problem?

httpd -t
httpd -t -DSSL


-denver
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-06-2005 11:23 PM

тАО05-06-2005 11:23 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

You may want to set LogLevel to debug to get more information in the log file.
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 12:40 AM

тАО05-07-2005 12:40 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Syntax looks good, I can also modify the port and start httpd on port 443.

msutfa27{root}:/opt/apache/bin: ./httpd -t
Syntax OK
msutfa27{root}:/opt/apache/bin: ./httpd -t -DSSL
Syntax OK
msutfa27{root}:/opt/apache/bin:
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 12:43 AM

тАО05-07-2005 12:43 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Even with log level set to debug, I still get nothing that helps

[07/May/2005 08:41:17 10504] [info] Server: /1.3.33, Interface: mod_ssl/2.8.22,
Library: OpenSSL/0.9.7c
[07/May/2005 08:41:17 10504] [info] Init: 1st startup round (still not detached
)
[07/May/2005 08:41:17 10504] [info] Init: Initializing OpenSSL library
[07/May/2005 08:41:17 10504] [info] Init: Loading certificate & private key of
SSL-aware server msutfa27.usi.net:443
[07/May/2005 08:41:17 10504] [info] Init: Requesting pass phrase via builtin te
rminal dialog
[07/May/2005 08:41:20 10504] [info] Init: Wiped out the queried pass phrases fr
om memory
[07/May/2005 08:41:20 10504] [info] Init: Seeding PRNG with 136 bytes of entrop
y
[07/May/2005 08:41:20 10504] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[07/May/2005 08:41:21 10504] [info] Init: Configuring temporary DH parameters (
512/1024 bits)
[07/May/2005 08:41:22 10505] [info] Init: 2nd startup round (already detached)
[07/May/2005 08:41:22 10505] [info] Init: Reinitializing OpenSSL library
msutfa27{root}:/opt/apache/logs:

[Sat May 7 08:41:21 2005] [info] mod_unique_id: using ip addr 10.200.154.103
[Sat May 7 08:41:22 2005] [warn] pid file /opt/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?

0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 12:44 AM

тАО05-07-2005 12:44 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

msutfa27{root}:/opt/apache/bin: sh -x apachectl startssl
+ PIDFILE=/opt/apache/adm/httpd.pid
+ HTTPD=/opt/apache/bin/httpd
+ LYNX=lynx -dump
+ STATUSURL=http://localhost/server-status
+ ERROR=0
+ ARGV=startssl
+ [ xstartssl = x ]
+ [ -f /opt/apache/adm/httpd.pid ]
+ STATUS=httpd (no pid file) not running
+ RUNNING=0
+ [ 0 -eq 1 ]
+ /opt/apache/bin/httpd -DSSL
/1.3.33 mod_ssl/2.8.22 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server msutfa27.usi.net:443 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
+ echo apachectl startssl: httpd started
apachectl startssl: httpd started
+ exit 0
msutfa27{root}:/opt/apache/bin:

Still no processes
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-07-2005 11:10 AM

тАО05-07-2005 11:10 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Please try using SSLLogLevel and SSLLog to get more informaion.

SSLLog /ssl_engine_log
SSLLogLevel debug

Are you using prngd as your source of entropy?
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО05-07-2005 01:16 PM

тАО05-07-2005 01:16 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

would it be possible to see your ssl.conf and httpd.conf files?

also the output from "ldd mod_ssl.so", "httpd -l", and the permissions of httpd and the apache dirs.

If you have tusc installed on your box, it might be easy enough to figure out what's wrong by seeing the tusc output.

tusc -fnvo /tmp/tusc.out httpd -f /path/httpd.conf -DSSL

-denver
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 02:31 PM

тАО05-07-2005 02:31 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Here is the debug from SSL
[07/May/2005 22:29:19 19790] [info] Server: /1.3.33, Interface: mod_ssl/2.8.22,
Library: OpenSSL/0.9.7c
[07/May/2005 22:29:19 19790] [info] Init: 1st startup round (still not detached
)
[07/May/2005 22:29:19 19790] [info] Init: Initializing OpenSSL library
[07/May/2005 22:29:19 19790] [info] Init: Loading certificate & private key of
SSL-aware server msutfa27.usi.net:443
[07/May/2005 22:29:19 19790] [info] Init: Requesting pass phrase via builtin te
rminal dialog
[07/May/2005 22:29:22 19790] [info] Init: Wiped out the queried pass phrases fr
om memory
[07/May/2005 22:29:22 19790] [info] Init: Seeding PRNG with 136 bytes of entrop
y
[07/May/2005 22:29:22 19790] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[07/May/2005 22:29:24 19790] [info] Init: Configuring temporary DH parameters (
512/1024 bits)
[07/May/2005 22:29:25 19791] [info] Init: 2nd startup round (already detached)
[07/May/2005 22:29:25 19791] [info] Init: Reinitializing OpenSSL library
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 02:34 PM

тАО05-07-2005 02:34 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Here is the httpd.conf attached, I dont have a ssl.conf, never used it
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 02:35 PM

тАО05-07-2005 02:35 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

output of httpd -l
msutfa27{root}:/opt/apache/bin: ./httpd -l
Compiled-in modules:
http_core.c
mod_so.c
suexec: disabled; invalid wrapper /opt/apache/bin/suexec
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 02:56 PM

тАО05-07-2005 02:56 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

the apache was configured with SSL so doesnt that mean that under lib it will have libssl.so

is this bad?
msutfa27{root}:/opt/apache/lib/modules: ldd libssl.so
ldd: Invalid file type: "libssl.so". 64-bit shared executable or shared library expected.
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-07-2005 03:26 PM

тАО05-07-2005 03:26 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Ive even just tried the simple way here...
right from modssl's site.
and 443 still wont start.

$ cd mod_ssl-2.8.22-1.3.33
$ ./configure \
--with-apache=../apache_1.3.33 \
--with-ssl=../openssl-0.9.7e \
--prefix=/usr/local/apache
$ cd ..
$ cd apache_1.3.33
$ make
$ make certificate
$ make install
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-07-2005 07:31 PM

тАО05-07-2005 07:31 PM

Solution

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

ldd output tells us that your build didn't produce working mod_ssl shared module (library).

Are you openssl libraries shared (.sl) or archive (.a)?

See this note in mod_ssl INSTALL file.

--- START NOTE ---
Additionally OpenSSL has problems under DSO situations on some
platforms. For instance under smart ix86 platforms like Linux
and FreeBSD when you compile a the standard OpenSSL
libcrypto.a/libssl.a libraries and link those to a mod_ssl DSO
libssl.so all works fine. While on other platforms like Solaris
2.6 on a SPARC OpenSSL's code will dump core under run-time.
When this is the case for you, then try to recompile OpenSSL
with Position Independent Code (PIC) by adding a `-fPIC' (for
GCC) or `-KPIC' (for SVR4-style compilers) to the platform
configuration line in OpenSSL's `Configure' script. The
-fPIC option above when you build OpenSSL.
--- END NOTE ---

So you may need to build openssl with -fPIC if you are using gcc or +Z if you are using HP's ANSI cc.
Reply
Ermin Borovac
Honored Contributor

тАО05-07-2005 07:45 PM

тАО05-07-2005 07:45 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

And just in case you didn't consider this, HP's webserver is based on apache 2.0.53 and includes mod_ssl. Download is at

http://www.hp.com/go/webserver
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-08-2005 12:52 AM

тАО05-08-2005 12:52 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

sutfa27{root}:/opt/USIopenssl/lib: ls -la
total 10100
drwxr-xr-x 3 root sys 1024 May 6 19:43 .
drwxr-xr-x 9 root sys 1024 May 6 19:43 ..
-rw-r--r-- 1 root sys 2310292 Oct 10 2003 libcrypto.a
lrwxr-xr-x 1 root sys 14 May 6 19:43 libcrypto.sl -> libcrypto.sl.0
lrwxr-xr-x 1 root sys 18 May 6 19:43 libcrypto.sl.0 -> libcrypto.sl.0.9.7
-r-xr-xr-x 1 root sys 2072576 Oct 10 2003 libcrypto.sl.0.9.7
-rw-r--r-- 1 root sys 358448 Oct 10 2003 libssl.a
lrwxr-xr-x 1 root sys 11 May 6 19:43 libssl.sl -> libssl.sl.0
lrwxr-xr-x 1 root sys 15 May 6 19:43 libssl.sl.0 -> libssl.sl.0.9.7
-r-xr-xr-x 1 root sys 339968 Oct 10 2003 libssl.sl.0.9.7
-rwxr-xr-x 1 root sys 86000 Oct 9 2003 libz.a
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-08-2005 01:01 AM

тАО05-08-2005 01:01 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

IM running hpux 11.0
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-08-2005 02:21 PM

тАО05-08-2005 02:21 PM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

When you configured mod_ssl with -with-ssl= option, which directory did you use? /opt/USlopenssl or separate openssl source directory. If it's latter, does this openssl source directory have libssl.sl and libcrypto.sl?

It would help if you posted your build output (configure, make etc).
0 Kudos
Reply
Roland Rebstock_1
Frequent Advisor

тАО05-09-2005 12:47 AM

тАО05-09-2005 12:47 AM

Re: Apache 1.3.33 with openssl 0.9.7c and mod_ssl 2.8.22-1.3.33

Im pretty sure the issue was resolved. I had to rebuild openssl with gcc/flex and options fPIC, and then recompile mod_ssl and apache. Im getting a temp cert and will test again.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.