[peruser] peruser mod_ssl issue

Driantsov Alexander bender at x-cart.com
Fri Nov 16 04:28:16 MST 2007


Good time of a day,

We have compiled Apache 2.2.3 with peruser 0.3.0 patch and faced following issue:

First of all a cut from "ssl.conf":

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/tmp/ssl_cache
SSLSessionCacheTimeout  300
SSLMutex none
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

First of all there was an issue, that Apache creates files "ssl_cache.dir" and "ssl_cache.pag" with 644 perms flag and VirtualHost's process unable to write cache in to files due to permissions issue. We have resolved this issue, but received another issue:

We do not receive any result when trying to access to server through the HTTPS area.

error_log says that everything is fine:

[Fri Nov 16 05:22:34 2007] [debug] proxy_util.c(1625): proxy: grabbed scoreboard slot 0 in child 31803 for worker proxy:reverse
[Fri Nov 16 05:22:34 2007] [debug] proxy_util.c(1644): proxy: worker proxy:reverse already initialized
[Fri Nov 16 05:22:34 2007] [debug] proxy_util.c(1724): proxy: initialized single connection worker 0 in child 31803 for (*)
[Fri Nov 16 05:22:34 2007] [warn] invalid virtualhost for this child! ((null))
[Fri Nov 16 05:22:35 2007] [debug] proxy_util.c(1625): proxy: grabbed scoreboard slot 0 in child 31804 for worker proxy:reverse
[Fri Nov 16 05:22:35 2007] [debug] proxy_util.c(1644): proxy: worker proxy:reverse already initialized
[Fri Nov 16 05:22:35 2007] [debug] proxy_util.c(1724): proxy: initialized single connection worker 0 in child 31804 for (*)

But if we strace this process we see that things goes in this way:

[pid 30888] select(0, NULL, NULL, NULL, {1, 0} <unfinished ...>
[pid 30893] <... poll resumed> [{fd=17, events=POLLIN, revents=POLLIN}, {fd=15, events=POLLIN}, {fd=21, events=POLLIN}], 3, -1) = 1
[pid 30892] <... poll resumed> [{fd=17, events=POLLIN, revents=POLLIN}, {fd=15, events=POLLIN}, {fd=21, events=POLLIN}], 3, -1) = 1
[pid 30891] <... poll resumed> [{fd=17, events=POLLIN, revents=POLLIN}, {fd=15, events=POLLIN}, {fd=21, events=POLLIN}], 3, -1) = 1
[pid 30892] accept(17,  <unfinished ...>
[pid 30891] accept(17,  <unfinished ...>
[pid 30892] <... accept resumed> {sa_family=AF_INET6, sin6_port=htons(55452), inet_pton(AF_INET6, "::ffff:83.234.124.243", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 63
[pid 30891] <... accept resumed> 0x99db4b0, [28]) = -1 EAGAIN (Resource temporarily unavailable)
[pid 30892] gettimeofday( <unfinished ...>
[pid 30891] gettimeofday( <unfinished ...>
[pid 30892] <... gettimeofday resumed> {1195212197, 773555}, NULL) = 0
[pid 30891] <... gettimeofday resumed> {1195212197, 773569}, NULL) = 0
[pid 30892] getsockname(63,  <unfinished ...>
[pid 30891] poll( <unfinished ...>
[pid 30892] <... getsockname resumed> {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "::ffff:74.86.235.162", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
[pid 30890] <... poll resumed> [{fd=17, events=POLLIN, revents=POLLIN}, {fd=15, events=POLLIN}, {fd=21, events=POLLIN}], 3, -1) = 1
[pid 30892] time( <unfinished ...>
[pid 30890] accept(17,  <unfinished ...>
[pid 30892] <... time resumed> NULL)    = 1195212197
[pid 30890] <... accept resumed> 0x99db4b0, [28]) = -1 EAGAIN (Resource temporarily unavailable)
[pid 30893] accept(17, 0x99db4b0, [28]) = -1 EAGAIN (Resource temporarily unavailable)
[pid 30893] gettimeofday({1195212197, 773868}, NULL) = 0
[pid 30893] poll( <unfinished ...>
[pid 30892] fcntl64(63, F_GETFL <unfinished ...>
[pid 30890] gettimeofday( <unfinished ...>
[pid 30892] <... fcntl64 resumed> )     = 0x2 (flags O_RDWR)
[pid 30890] <... gettimeofday resumed> {1195212197, 773935}, NULL) = 0
[pid 30892] fcntl64(63, F_SETFL, O_RDWR|O_NONBLOCK <unfinished ...>
[pid 30890] poll( <unfinished ...>
[pid 30892] <... fcntl64 resumed> )     = 0
[pid 30892] gettimeofday({1195212197, 774035}, NULL) = 0
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] read(63, "\26\3\1\0\214\1\0\0\210\3\1\0\22{\231\371\377\277\2\371"..., 8000) = 145
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] open("/tmp/ssl_cache.dir", O_RDWR|O_CREAT|O_LARGEFILE, 0644) = 64
[pid 30892] open("/tmp/ssl_cache.pag", O_RDWR|O_CREAT|O_LARGEFILE, 0644) = 65
[pid 30892] fcntl64(64, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
[pid 30892] fstat64(64, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
[pid 30892] _llseek(65, 0, [0], SEEK_SET) = 0
[pid 30892] read(65, "\6\0\340\3H\3(\3\220\2p\2\330\1\0\0\0\0\0\0\0\0\0\0\0\0"..., 1024) = 1024
[pid 30892] fcntl64(64, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
[pid 30892] close(64)                   = 0
[pid 30892] close(65)                   = 0
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] time(NULL)                  = 1195212197
[pid 30892] writev(63, [{"\26\3\1\0J\2\0\0F\3\1G=}\245\206\0075)\313,\27\341\322"..., 138}], 1) = 138
[pid 30892] poll([{fd=63, events=POLLIN, revents=POLLIN}], 1, 120000) = 1
[pid 30892] read(63, "\24\3\1\0\1\1\26\3\1\0000i\260\243\342\323\231\264\344"..., 8000) = 784
[pid 30892] gettimeofday({1195212197, 977780}, NULL) = 0
[pid 30892] sendmsg(6, {msg_name(0)=NULL, msg_iov(5)=[{"\267\2\0\0", 4}, {"\0\0\0\0", 4}, {"p\263\235\t\0\0\0\0\0\0\0\0\234\330\0\0\n\0\0\0\34\0\0"..., 168}, {"GET /VERSION HTTP/1.1\r\nHost: gra"..., 696}, {"", 0}], msg_controllen=16, {cmsg_len=16, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {63}}, msg_flags=0}, 0) = 872
[pid 31804] <... poll resumed> [{fd=5, events=POLLIN, revents=POLLIN}, {fd=21, events=POLLIN}], 2, -1) = 1
[pid 30892] close(63)                   = 0
[pid 30892] read(19, 0xbfdf9ca3, 1)     = -1 EAGAIN (Resource temporarily unavailable)
[pid 31804] recvmsg(5,  <unfinished ...>
[pid 30892] gettimeofday( <unfinished ...>
[pid 31804] <... recvmsg resumed> {msg_name(0)=NULL, msg_iov(4)=[{"\267\2\0\0", 4}, {"\0\0\0\0", 4}, {"p\263\235\t\0\0\0\0\0\0\0\0\234\330\0\0\n\0\0\0\34\0\0"..., 168}, {"GET /VERSION HTTP/1.1\r\nHost: gra"..., 8192}], msg_controllen=16, {cmsg_len=16, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {15}}, msg_flags=0}, 0) = 872
[pid 30892] <... gettimeofday resumed> {1195212197, 978139}, NULL) = 0
[pid 30892] poll( <unfinished ...>
[pid 31804] gettimeofday({1195212197, 978340}, NULL) = 0
[pid 31804] getsockname(15, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "::ffff:74.86.235.162", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
[pid 31804] getpeername(15, {sa_family=AF_INET6, sin6_port=htons(55452), inet_pton(AF_INET6, "::ffff:83.234.124.243", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
[pid 31804] setsockopt(15, SOL_TCP, TCP_NODELAY, [1], 4) = 0
[pid 31804] time(NULL)                  = 1195212197
[pid 31804] fcntl64(15, F_GETFL)        = 0x802 (flags O_RDWR|O_NONBLOCK)
[pid 31804] fcntl64(15, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 31804] gettimeofday({1195212197, 979114}, NULL) = 0
[pid 31804] time(NULL)                  = 1195212197
[pid 31804] brk(0x9a17000)              = 0x9a17000
[pid 31804] gettimeofday({1195212197, 979466}, NULL) = 0
[pid 31804] gettimeofday({1195212197, 979537}, NULL) = 0
[pid 31804] write(23, "[Fri Nov 16 05:23:17 2007] [warn"..., 79) = 79
[pid 31804] gettimeofday({1195212197, 979638}, NULL) = 0
[pid 31804] shutdown(15, 1 /* send */)  = 0
[pid 31804] poll([{fd=15, events=POLLIN, revents=POLLIN|POLLHUP}], 1, 2000) = 1
[pid 31804] read(15, "", 512)           = 0
[pid 31804] close(15)                   = 0
[pid 31804] writev(-1, [{"<!DOCTYPE HTML PUBLIC \"-//IETF//"..., 308}], 1) = -1 EBADF (Bad file descriptor)
[pid 31804] gettimeofday({1195212198, 175905}, NULL) = 0
[pid 31804] write(44, "83.234.124.243 - - [16/Nov/2007:"..., 72) = 72
[pid 31804] gettimeofday({1195212198, 176025}, NULL) = 0
[pid 31804] close(-1)                   = -1 EBADF (Bad file descriptor)
[pid 31804] read(19, 0xbfdf9ca3, 1)     = -1 EAGAIN (Resource temporarily unavailable)
[pid 31804] gettimeofday({1195212198, 176123}, NULL) = 0
[pid 31804] poll( <unfinished ...>
[pid 30888] <... select resumed> )      = 0 (Timeout)
[pid 30888] gettimeofday({1195212198, 765101}, NULL) = 0
[pid 30888] gettimeofday({1195212198, 765135}, NULL) = 0
[pid 30888] clone(Process 31810 attached (waiting for parent)
Process 31810 resumed (parent 30888 ready)
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f25708) = 31810
[pid 31810] rt_sigaction(SIGHUP, {0x813b18f, [], SA_INTERRUPT},  <unfinished ...>
[pid 30888] waitpid(-1, 0xbfdf9df8, WNOHANG|WSTOPPED) = 0
[pid 30888] select(0, NULL, NULL, NULL, {1, 0} <unfinished ...>
[pid 31810] <... rt_sigaction resumed> {0x813b2d9, [HUP USR1], 0}, 8) = 0
[pid 31810] rt_sigaction(SIGTERM, {0x813b18f, [], SA_INTERRUPT}, {0x813b2c0, [], 0}, 8) = 0
[pid 31810] close(17)                   = 0
[pid 31810] close(15)                   = 0
[pid 31810] geteuid32()                 = 0
[pid 31810] setgid32(99)                = 0
[pid 31810] open("/etc/passwd", O_RDONLY) = 15
[pid 31810] fcntl64(15, F_GETFD)        = 0
[pid 31810] fcntl64(15, F_SETFD, FD_CLOEXEC) = 0
[pid 31810] fstat64(15, {st_mode=S_IFREG|0644, st_size=3238, ...}) = 0
[pid 31810] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f35000
[pid 31810] read(15, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3238
[pid 31810] close(15)                   = 0
[pid 31810] munmap(0xb7f35000, 4096)    = 0
[pid 31810] open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 15
[pid 31810] read(15, "65536\n", 31)     = 6
[pid 31810] close(15)                   = 0
[pid 31810] open("/etc/group", O_RDONLY) = 15
[pid 31810] fcntl64(15, F_GETFD)        = 0
[pid 31810] fcntl64(15, F_SETFD, FD_CLOEXEC) = 0
[pid 31810] fstat64(15, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
[pid 31810] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f35000
[pid 31810] _llseek(15, 0, [0], SEEK_CUR) = 0
[pid 31810] read(15, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 956
[pid 31810] read(15, "", 4096)          = 0
[pid 31810] close(15)                   = 0
[pid 31810] munmap(0xb7f35000, 4096)    = 0
[pid 31810] setgroups32(1, [99])        = 0
[pid 31810] geteuid32()                 = 0
[pid 31810] setuid32(10006)             = 0
[pid 31810] gettimeofday({1195212198, 767637}, NULL) = 0
[pid 31810] write(23, "[Fri Nov 16 05:23:18 2007] [debu"..., 128) = 128
[pid 31810] gettimeofday({1195212198, 767764}, NULL) = 0
[pid 31810] write(23, "[Fri Nov 16 05:23:18 2007] [debu"..., 103) = 103
[pid 31810] gettimeofday({1195212198, 767852}, NULL) = 0
[pid 31810] write(23, "[Fri Nov 16 05:23:18 2007] [debu"..., 124) = 124
[pid 31810] time(NULL)                  = 1195212198
[pid 31810] gettimeofday({1195212198, 768022}, NULL) = 0
[pid 31810] gettimeofday({1195212198, 768096}, NULL) = 0
[pid 31810] poll( <unfinished ...>

Could someone, please, help me to resolve this issue?

-- 
Sincerely yours,
Driantsov Alexander,
Technical Support Engineer
 
Qualiteam Software
Glavpochtamt, p/o box 5152.   [web site] http://www.x-cart.com/
432072 Ulyanovsk, Russia      [ phone  ] +7-(8422)-429037  (9:00-18:00 GMT +4)


More information about the Peruser mailing list