>Hmmmm... I need a little bit more details about what chroot() you speak about.
>Apache uses no chroot() per default, not even in suexec. So about which
I mean chroot(1M). I didn't use chroot(2).
I rewrote bin/apachctl.
ex.
if $HTTPD -DSSL; then
->
CHROOT="/usr/sbin/chroot /newroot"
if $CHROOT $HTTPD -DSSL; then
>chroot() do you speak here? And second, even when somewhere a chroot() is used
>and it's buggy on Solaris, why does the above assignment of an RSA method
>fixes anything? Please give me more background information.
Apache1.3.4+mod_ssl2.1.7
(Sorry,my pache isn't needed on mod_ssl2.2.2. Concerned with SSL renegotiation?)
sc->prsaKey->meth is a pointer of static variable.
But it isn't valid after Apache's second initialization when I use chroot(1M)
command without my patch.
from a terminal
% chroot /newroot /usr/local/apache/bin/httpd -X -DSSL
from another terminal
% gdb /newroot/usr/local/apache/bin/httpd `cat
/newroot/usr/local/apache/logs/httpd.pid`
......
0xef677318 in poll ()
(gdb) cont
Continuing.
***** client access the server *****
Program received signal SIGSEGV, Segmentation fault.
0xef4a8b9c in RSA_flags ()
(gdb) where
#0 0xef4a8b9c in RSA_flags ()
#1 0xef494610 in ssl_set_pkey ()
#2 0xef49454c in SSL_use_RSAPrivateKey ()
#3 0xef47ed58 in ssl_hook_NewConnection ()
#4 0x4fe34 in ap_start_restart ()
#5 0x51150 in ap_child_terminate ()
#6 0x51424 in ap_child_terminate ()
#7 0x51620 in ap_child_terminate ()
#8 0x51ef4 in ap_child_terminate ()
#9 0x52a64 in main ()
then recomile with -g
from a terminal
% chroot /newroot /usr/local/apache/bin/httpd -X -DSSL
from another terminal
% gdb /newroot/usr/local/apache/bin/httpd `cat
/newroot/usr/local/apache/logs/httpd.pid`
......
0xef677318 in poll ()
(gdb) break ssl_engin_kernel.c:197
No source file named ssl_engin_kernel.c.
(gdb) break ssl_engine_kernel.c:197
Breakpoint 1 at 0xef47ed40: file ssl_engine_kernel.c, line 197.
(gdb) cont
Continuing.
***** client access the server *****
Breakpoint 1, ssl_hook_NewConnection (conn=0xed018) at ssl_engine_kernel.c:197
197 if (SSL_use_RSAPrivateKey(ssl, sc->prsaKey) <= 0) {
(gdb) print *(sc->prsaKey)
$1 = {pad = 0, version = 0, meth = 0xef5fc050, n = 0xb33f8, e = 0xb3418,
d = 0xb3438, p = 0xb3458, q = 0xb3478, dmp1 = 0xb3498, dmq1 = 0xb34b8,
iqmp = 0xb34d8, ex_data = {sk = 0x0, dummy = 1097288002}, references = 1,
flags = 6, method_mod_n = 0x0, method_mod_p = 0x0, method_mod_q = 0x0,
bignum_data = 0x0, blinding = 0x0}
(gdb) print sc->prsaKey->meth
$2 = (RSA_METHOD *) 0xef5fc050
(gdb) print *(sc->prsaKey->meth)
Cannot access memory at address 0xef5fc050.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
