 Relationships |
|
| Anonymous | Login | 2024-04-25 04:04 CEST |
| Main | My View | View Issues |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0005252 | [apache24] | crash | have not tried | 2015-09-17 20:15 | 2016-08-04 17:02 | ||
| Reporter | dragongeek | View Status | public | ||||
| Assigned To | cgrzemba | ||||||
| Priority | normal | Resolution | unable to reproduce | ||||
| Status | closed | ||||||
| Summary | 0005252: Cannot start SSL with Apache24 2.4.12 | ||||||
| Description | When I enable SSL and restart the Apache svc, it immediately goes into Maintenance mode. It seems to indicate something is broken with the SSLCipherSuite and related options, in that it isn't parsing what are valid options. (I tried the defaults, which worked in Apache 2.2, then some specifics which also work on 2.2 from an older implementation of Apache 2.2 we have running.) | ||||||
| Additional Information |
[ Sep 17 10:39:21 Stopping because service restarting. ] [ Sep 17 10:39:21 Executing stop method ("/var/opt/csw/svc/method/svc-cswapache24 stop"). ] AH00526: Syntax error on line 58 of /etc/opt/csw/apache2/extra/httpd-ssl.conf: Invalid command 'SSLProxyCipherSuite', perhaps misspelled or defined by a module not included in the server configuration [ Sep 17 10:39:21 Method "stop" exited with status 1. ] [ Sep 17 10:39:21 Executing stop method ("/var/opt/csw/svc/method/svc-cswapache24 stop"). ] AH00526: Syntax error on line 58 of /etc/opt/csw/apache2/extra/httpd-ssl.conf: Invalid command 'SSLProxyCipherSuite', perhaps misspelled or defined by a module not included in the server configuration [ Sep 17 10:39:21 Method "stop" exited with status 1. ] [ Sep 17 10:39:21 Executing stop method ("/var/opt/csw/svc/method/svc-cswapache24 stop"). ] AH00526: Syntax error on line 58 of /etc/opt/csw/apache2/extra/httpd-ssl.conf: Invalid command 'SSLProxyCipherSuite', perhaps misspelled or defined by a module not included in the server configuration [ Sep 17 10:39:21 Method "stop" exited with status 1. ] Also, below is "pkgutil -l" for reference: root@oralin# pkgutil -l CSWalternatives CSWapache2 CSWapache2-manual CSWapache2-utils CSWapache24 CSWapache24-manual CSWapache2c CSWapache2rt CSWbdb48 CSWbinutils CSWcas-initsmf CSWcas-postmsg CSWcas-preserveconf CSWcas-sslcert CSWcas-texinfo CSWcommon CSWcoreutils CSWgcc4core CSWggettext-data CSWggrep CSWgm4 CSWgmake CSWgsed CSWiconv CSWisaexec CSWlib-gnu-awt-xlib15 CSWlibapr-dev CSWlibapr1-0 CSWlibaprutil-dev CSWlibaprutil1-0 CSWlibaprutil1-dbm-db CSWlibaprutil1-ldap CSWlibatomic1 CSWlibcharset1 CSWlibcilkrts5 CSWlibexpat1 CSWlibfbopenssl0 CSWlibfl2 CSWlibgcc-s1 CSWlibgcj-tools15 CSWlibgcj15 CSWlibgdbm4 CSWlibgij15 CSWlibgmp10 CSWlibgo5 CSWlibgomp1 CSWlibgpg-error0 CSWlibiconv2 CSWlibintl8 CSWlibitm1 CSWliblber2-4-2 CSWlibldap2-4-2 CSWliblua5-2 CSWliblzma5 CSWlibmpc3 CSWlibmpfr4 CSWlibnspr4 CSWlibnss3 CSWlibnssutil3 CSWlibpcre1 CSWlibplc4 CSWlibplds4 CSWlibquadmath0 CSWlibsasl2-2 CSWlibssl1-0-0 CSWlibssp0 CSWlibstdc++6 CSWlibtasn1-6 CSWlibuuid1 CSWlibxml2-2 CSWlibz1 CSWopenssl-utils CSWperl CSWpkgutil CSWsslscan |
||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0011053) dragongeek (reporter) 2015-09-17 23:31 |
Forgot to mention, this is on the x86 architecture. We will however, also want to install the latest versions of Apache and SSL on SPARC, after we complete all testing and security configuration documentation. |
|
(0011054) dam (administrator) 2015-09-22 10:21 |
Essentially this should work, please verify that you actually loaded the ssl module and see if there is anything suspicious in the logs at load time. |
|
(0011055) cgrzemba (developer) 2015-09-22 16:54 |
for SSL to work you have change the CSW config: --- httpd.conf.CSW Thu Jul 16 16:48:54 2015 +++ httpd.conf Tue Sep 22 16:10:56 2015 @@ -407,7 +407,7 @@ </IfModule> # Secure (SSL/TLS) connections -#Include /etc/opt/csw/apache2/extra/httpd-ssl.conf +Include /etc/opt/csw/apache2/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent and --- modules.load.CSW Tue Sep 22 16:48:03 2015 +++ modules.load Tue Sep 22 16:53:45 2015 @@ -23,7 +23,7 @@ #LoadModule cache_module lib/apache2/modules/mod_cache.so #LoadModule cache_disk_module lib/apache2/modules/mod_cache_disk.so #LoadModule cache_socache_module lib/apache2/modules/mod_cache_socache.so -#LoadModule socache_shmcb_module lib/apache2/modules/mod_socache_shmcb.so +LoadModule socache_shmcb_module lib/apache2/modules/mod_socache_shmcb.so #LoadModule socache_dbm_module lib/apache2/modules/mod_socache_dbm.so #LoadModule socache_memcache_module lib/apache2/modules/mod_socache_memcache.so #LoadModule watchdog_module lib/apache2/modules/mod_watchdog.so @@ -77,7 +77,7 @@ #LoadModule session_dbd_module lib/apache2/modules/mod_session_dbd.so #LoadModule slotmem_shm_module lib/apache2/modules/mod_slotmem_shm.so #LoadModule slotmem_plain_module lib/apache2/modules/mod_slotmem_plain.so -#LoadModule ssl_module lib/apache2/modules/mod_ssl.so +LoadModule ssl_module lib/apache2/modules/mod_ssl.so #LoadModule dialup_module lib/apache2/modules/mod_dialup.so #LoadModule lbmethod_byrequests_module lib/apache2/modules/mod_lbmethod_byrequests.so #LoadModule lbmethod_bytraffic_module lib/apache2/modules/mod_lbmethod_bytraffic.so |
|
(0011056) dragongeek (reporter) 2015-09-22 18:06 |
I did uncomment the httpd-ssl.conf. There is no 'modules.load.CSW' in my httpd.conf file, just the modules.load in and IFDefine block. The LoadModule socache_shmcb_module does not appear in either the httpd.conf, or the httpd-ssl.conf, and neither is the ssl_module entry, so I added both to the httpd-ssl.conf, yet it still goes into maintenance mode upon restart. root@oralin# svcadm enable svc:/network/cswapache24:default root@oralin# svcs \*apache\* STATE STIME FMRI disabled Sep_16 svc:/network/http:apache22 disabled Sep_17 svc:/network/cswapache2:default maintenance 9:03:12 svc:/network/cswapache24:default root@oralin# svcs -l svc:/network/cswapache24:default fmri svc:/network/cswapache24:default enabled true state maintenance next_state none state_time September 22, 2015 09:03:12 AM PDT logfile /var/svc/log/network-cswapache24:default.log restarter svc:/system/svc/restarter:default contract_id manifest /var/opt/csw/svc/manifest/network/cswapache24.xml dependency require_all/none svc:/system/filesystem/local (online) dependency require_all/none svc:/network/loopback (online) root@oralin# tail -8 /var/svc/log/network-cswapache24:default.log AH00526: Syntax error on line 73 of /etc/opt/csw/apache2/extra/httpd-ssl.conf: Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration [ Sep 17 10:44:45 Method "start" exited with status 1. ] [ Sep 17 16:41:04 Leaving maintenance because disable requested. ] [ Sep 17 16:41:04 Disabled. ] [ Sep 22 09:03:11 Enabled. ] [ Sep 22 09:03:11 Executing start method ("/var/opt/csw/svc/method/svc-cswapache24 start"). ] [ Sep 22 09:03:12 Method "start" exited with status 1. ] root@oralin# |
|
(0011059) cgrzemba (developer) 2015-10-07 13:09 edited on: 2015-10-07 13:26 |
apache should load the following modules: /opt/csw/sbin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) authn_file_module (shared) authn_core_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_core_module (shared) access_compat_module (shared) auth_basic_module (shared) socache_shmcb_module (shared) reqtimeout_module (shared) filter_module (shared) mime_module (shared) log_config_module (shared) env_module (shared) headers_module (shared) setenvif_module (shared) version_module (shared) ssl_module (shared) mpm_event_module (shared) unixd_module (shared) status_module (shared) autoindex_module (shared) dir_module (shared) alias_module (shared) do you see the ssl_module and socache_shmcb_module here? Then you should take a look in the Apache error log. |
|
(0011060) cgrzemba (developer) 2015-10-07 13:28 |
Try to upgrade to 2.4.16, there is 'SSLProxyCipherSuite' contained |
|
(0011061) dragongeek (reporter) 2015-10-07 16:46 |
(FYI - I've answered, below, but I'm going to disable this package and build/install from source code. Seems the most expedient at this point.) I upgraded to 2.4.16 and checked the packages. It shows socache_shmcb_module and ssl_module loaded. root@oralin# pkgutil -u apache24 Solving needed dependencies ... Solving dependency order ... 22 CURRENT packages: CSWapache24-2.4.16,REV=2015.07.17 CSWcas-initsmf-1.50,REV=2015.01.17 CSWcas-preserveconf-1.50,REV=2015.01.17 CSWcas-sslcert-1.50,REV=2015.01.17 CSWcommon-1.5,REV=2010.12.11 CSWisaexec-0.2,REV=2009.03.26 CSWlibapr1-0-1.5.1,REV=2014.12.24 CSWlibaprutil1-0-1.5.4,REV=2015.08.26 CSWlibexpat1-2.1.0,REV=2013.01.01 CSWlibgcc-s1-4.9.2,REV=2014.11.07 CSWlibiconv2-1.14,REV=2011.08.07 CSWliblber2-4-2-2.4.40,REV=2015.06.23 CSWlibldap2-4-2-2.4.40,REV=2015.06.23 CSWliblua5-2-5.2.2,REV=2013.10.08 CSWliblzma5-5.0.5,REV=2013.07.05 CSWlibpcre1-8.37,REV=2015.04.30 CSWlibsasl2-2-2.1.25,REV=2012.05.06 CSWlibssl1-0-0-1.0.1p,REV=2015.07.09 CSWlibuuid1-1.0.2,REV=2014.08.12 CSWlibxml2-2-2.9.1,REV=2013.08.16 CSWlibz1-1.2.8,REV=2013.09.23 CSWopenssl-utils-1.0.1p,REV=2015.07.09 Nothing to do. root@oralin# svcs \*apache\* STATE STIME FMRI disabled 15:20:11 svc:/network/http:apache22 disabled 15:20:11 svc:/network/cswapache2:default maintenance 15:20:31 svc:/network/cswapache24:default root@oralin# svcadm clear svc:/network/cswapache24:default root@oralin# svcs \*apache\* STATE STIME FMRI disabled 15:20:11 svc:/network/http:apache22 disabled 15:20:11 svc:/network/cswapache2:default maintenance 7:41:45 svc:/network/cswapache24:default root@oralin# tail /var/svc/log/network-cswapache24:default.log [ Oct 6 15:20:27 Executing start method ("/var/opt/csw/svc/method/svc-cswapache24 start"). ] [ Oct 6 15:20:31 Method "start" exited with status 1. ] [ Oct 6 15:20:31 Executing start method ("/var/opt/csw/svc/method/svc-cswapache24 start"). ] [ Oct 6 15:20:31 Method "start" exited with status 1. ] [ Oct 6 15:20:31 Executing start method ("/var/opt/csw/svc/method/svc-cswapache24 start"). ] [ Oct 6 15:20:31 Method "start" exited with status 1. ] [ Oct 7 07:41:45 Leaving maintenance because clear requested. ] [ Oct 7 07:41:45 Enabled. ] [ Oct 7 07:41:45 Executing start method ("/var/opt/csw/svc/method/svc-cswapache24 start"). ] [ Oct 7 07:41:45 Method "start" exited with status 1. ] root@oralin# /opt/csw/sbin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) authn_file_module (shared) authn_core_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_core_module (shared) access_compat_module (shared) auth_basic_module (shared) reqtimeout_module (shared) filter_module (shared) mime_module (shared) log_config_module (shared) env_module (shared) headers_module (shared) setenvif_module (shared) version_module (shared) mpm_event_module (shared) unixd_module (shared) status_module (shared) autoindex_module (shared) dir_module (shared) alias_module (shared) socache_shmcb_module (shared) ssl_module (shared) root@oralin# |
|
(0011174) cgrzemba (developer) 2016-08-04 17:00 |
This occure if 64bit is enabled. # /usr/bin/svcprop -p general/enable_64bit cswapache24 true # so also /opt/csw/sbin/64/apachectl -M has to run for test. This starts httpd with option '-D 64bit' which in turn loads module from /etc/opt/csw/64/apache2/extra/modules.load There have the be the module enabled also |
|
(0011175) cgrzemba (developer) 2016-08-04 17:02 |
solution: check if 64bit is used and modules enabled in /etc/opt/csw/64/apache2/extra/modules.load |
| Copyright © 2000 - 2008 Mantis Group |  |
