[Fedora-directory-devel] Re: Fedora-directory-devel Digest, Vol 7, Issue 2
Rob Crittenden
rcritten at redhat.com
Wed Jan 4 18:50:42 UTC 2006
Peter Djalaliev wrote:
>
>
> I haven't done tracing in mod_nss for a very long time but it did work
> early in the development of the module.
>
> I'm a little confused what you mean about Apache "debug" versus "normal"
> mode. Are you referring to the -X flag? I use that frequently myself.
>
> What problem are you trying to solve?
>
> I believe the error -8174 is a bad database error. This shouldn't cause
> a segfault. Are you seeing this when not doing debugging?
>
> Is it dropping a core file?
>
> thanks
>
> rob
>
>
> Rob,
>
> Yes, by the debug mode and normal mode I mean using -X as opposed to not
> using it.
>
> Yes, I see the -8174 error w/ or w/o debugging, but Apache with mod_nss
> was working ok in normal mode (w/o -X) despite of the -8174 error, so I
> guess I just ignored it. I'll rebuild my database I guess.
>
> I don't find any core files in the 'bin' directory, where I run 'httpd
> -X -k start -DSSL'. Should I be looking for them elsewhere?
>
> What I am doing in essence is that I am extending the TLS/SSL3
> implementation in the NSS package to incorporate an extension (as
> defined in RFC3546). Then, I use this modified NSS in Firefox 1.5 and
> Apache 2.0.54 w/ mod_nss to test my modifications to the TLS handshake.
>
> Inside NSS, I am using the SSL_TRC macros for debugging. It works fine
> with Firefox, but I needed Apache to stay attached to the shell, so I
> can see the SSL_TRC output. Alternatively, I am trying to get NSS to
> ouput the debugging information to the Apache log files, but this might
> be more of a hack than the right way to do it. Do you have any
> alternative suggestions here?
>
> So, just to confirm, you are using Apache 2 with mod_nss and the -X flag
> and it works OK, right?
>
> Thanks,
> Peter
I just re-tested this with an Apache 2.0.54 I had lying about and it
works ok for me.
I built a fresh copy of NSPR 4.4.1, DBM 1.61 and NSS 3.11 (with TRACE)
and was able to fire up the server with no problems:
% bin/httpd -X -k start
SSL: tracing set to 10
SSL: debugging set to 99
25854: SSL: grow buffer from 0 to 18432
25854: SSL: grow buffer from 0 to 18432
25854: SSL[156374648]: closing, rv=0 errno=-8190
SSL: tracing set to 10
SSL: debugging set to 99
25854: SSL: grow buffer from 0 to 18432
25854: SSL: grow buffer from 0 to 18432
25854: SSL: grow buffer from 0 to 18432
25854: SSL: grow buffer from 0 to 18432
25854: SSL[156279504]: handshake gathering, rv=-2
25854: SSL[156279504]: handshake blocked (need 2)
25854: SSL: grow buffer from 0 to 18432
25854: SSL3[156279504]: handle client_hello handshake
25854: SSL3[156279504]: server, lookup client session-id for
0x0000000000000000ffff00000100a8c0
25854: SSL3[156279504]: begin send server_hello sequence
25854: SSL3[156279504]: send server_hello handshake
25854: SSL: grow buffer from 0 to 18432
25854: SSL3[156279504]: Set XXX Pending Cipher Suite to 0x0035
25854: SSL3[156279504]: send certificate handshake
25854: SSL3[156279504]: send server_hello_done handshake
25854: SSL3[156279504] SendRecord type: handshake (22) bytes=1187
25854: SSL[156279504]: Send record (plain text) [Len: 1187]
[ snip ]
I'm not sure why I'm getting the -8190 (a bad data error I believe) but
otherwise it seems to work fine.
I'd work on verifying/fixing your cert database first, that error is
very suspicious, particularly since you say it works with all debugging
disabled.
To get a core file be sure that your ulimit allows one. I typically do:
ulimit -c unlimited.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20060104/74982ec5/attachment.bin>
More information about the Fedora-directory-devel
mailing list