Eh, all that stuff was unhelpful in my situation (but then again, all
the regulars on the mailing list know I'm an idiot by now, so here's a
disclaimer: the following are merely the ravings of a madman and you
will probably melt your server and be fired if you follow them).
Here's what worked, on Linux 2.2.8, on a dual PII, for us -- not
expiring the shmem cache:
SSLSessionCacheTimeout 86400
and adding the following to root's crontab:
0 3 * * * /opt/www/sbin/apachectl graceful >&/dev/null;
YES, IT'S BUTT UGLY. However, the server no longer crashes and I don't
get erroneous "client certificate missing" error messages from clients
who have valid certs. The main
reason we are using SSL is for client-side authentication; we do not
deal in volume.
HOWEVER, I am aware that this is an ugly fix, and useless for
higher-volume sites. Sorry.
Feel free to flame me as necessary. I am not 100% sure of the
ramifications of this hack.
--
"When it is not necessary to make a decision,
it is necessary not to make a decision."
--Lord Falkland
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
