Compiling Apache 2.0.63 as DSO with OpenSSL 0.9.8g (among other modules. 
Compiling completes sucessfully, but the runtime fails. This is being compiled 
on solaris. Interestingly enough, we do not have the
same issue with AIX.

Here is the output of the error_log with the failure:

[Tue May 20 15:08:11 2008] [info] mod_unique_id: using ip addr XXX.XXX.XXX.XXX
[Tue May 20 15:08:11 2008] [notice] httplog/2.1.2 XX configured -- resuming 
normal operations
[Tue May 20 15:08:12 2008] [info] ################################
[Tue May 20 15:08:12 2008] [info] Initializing the hardware engine
[Tue May 20 15:08:12 2008] [info] ################################
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(311):
Initializing the engine (I've done this 1 times)
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(314): Getting engine by id.
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(323): Getting control 
context - setting forkcheck.
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(328): Setting default with 
ENGINE_set_default...
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(336): I should not have 
gotten here.... help?
[Tue May 20 15:08:12 2008] [info] Hardware engine initialization complete
[Tue May 20 15:08:12 2008] [info] Init: Initializing OpenSSL library
[Tue May 20 15:08:12 2008] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue May 20 15:08:12 2008] [info] Loading certificate & private key of 
SSL-aware server
[Tue May 20 15:08:12 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA 
private key - pass phrase not required
[Tue May 20 15:08:12 2008] [info] Init: Generating temporary RSA private keys 
(512/1024 bits)
[Tue May 20 15:08:12 2008] [info] Init: Generating temporary DH parameters 
(512/1024 bits)
[Tue May 20 15:08:12 2008] [debug] ssl_scache_dbm.c(406): Inter-Process Session 
Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Tue May 20 15:08:12 2008] [info] Init: Initializing (virtual) servers for SSL
[Tue May 20 15:08:12 2008] [info] Configuring server for SSL protocol
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(397): Creating new SSL 
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(580): Configuring 
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(664): Configuring server 
certificate chain (4 CA certificates)
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(708): Configuring RSA 
server certificate
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(747): Configuring RSA 
server private key
[Tue May 20 15:08:12 2008] [debug] ssl_engine_init.c(397): Creating new SSL 
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue May 20 15:08:12 2008] [info] mod_ssl/2.0.63 compiled against Server: 
Apache/2.0.63, Library: OpenSSL/0.9.8g
[Tue May 20 15:08:12 2008] [notice] httplog: SIGTERM received.
Flushing buffers and exiting
[Tue May 20 15:08:12 2008] [notice] httplog/2.1.2 XX configured --
resuming normal operations
[Tue May 20 15:08:12 2008] [info] mod_unique_id: using ip addr 10.157.246.214
[Tue May 20 15:08:13 2008] [info] ################################
[Tue May 20 15:08:13 2008] [info] Initializing the hardware engine
[Tue May 20 15:08:13 2008] [info] ################################
[Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(311): Initializing the 
engine (I've done this 1 times)
[Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(314): Getting engine by id.
[Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(323): Getting control 
context - setting forkcheck.
[Tue May 20 15:08:13 2008] [debug] ssl_engine_init.c(328): Setting default with 
ENGINE_set_default...
[Tue May 20 15:08:13 2008] [error] Init: Failed to enable Crypto Device API 
`chil'
[Tue May 20 15:08:13 2008] [error] SSL Library Error: 2164682852 
error:81067064:CHIL engine:HWCRHK_INIT:already loaded
[Tue May 20 15:08:13 2008] [error] SSL Library Error: 638287981 
error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed

The issue seems to be that OpenSSL hooks into the HWCRHK_INIT twice.
Mod_ssl initializes a hardware engine through the ssl_init_Engine
function. This is found only in ssl_init_Module of
modules/ssl/ssl_engine_init.c in the apache source tree.
The ssl_init_Engine function IS being called twice, therefore the
ssl_init_Module is being called twice
mod_ssl.c registers hooks for ssl_init_Module as a post-config
action... it seems those hooks are being processed twice causing the
dual-kickoff of the ssl_init_Module function. This is nothing new...
this performed this way all the way back in 2.0.55.

We have gotten this same error with different versions of 2.0.x with
0.9.8g, so it seems there is something in the build scripts that may
be causing this.

One other note: we are including a third-party .so specific the to
hardware key device we utilize and that is the where HWCRHK_INIT method comes 
from.

Any ideas? Pointers?


--------------

I use my cat's name for a password: he is called [EMAIL PROTECTED] and I change 
his name every 60 days

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to