Re: BUG: mod_ssl daemons don't close and re-open error_log on HUP or USR1

Fri, 15 Jan 1999 23:48:41 -0800 

On Wed, Nov 17, 1999, Marco A. Zamora Cunningham wrote:

> If you try the usual Unix log rotation strategy (rename files + `kill -s HUP`
> or USR1 with `apachectl restart` or `apachectl graceful`) on an SSL-enable
> httpd, the old logfile is not closed, even though a new logfile is created.
> 
> (Ralph, this bug has been around for some time now. I reported it through BugDB
> on 1999-07-21 2:57:41.)
> 
> Contrast the normal (correct) functioning on an non-ssl-enabled httpd vs. a
> mod_ssl-enabled daemon:
> 
>         COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF INODE NAME
>         httpd   5907  root    2w  VREG 64,0x8      140 72931 error_log
> ----->  httpd   5907  root   10w  VREG 64,0x8      218 72922 error_log.1
>         httpd   5907  root   15w  VREG 64,0x8      140 72931 error_log
>         httpd   5907  root   16w  VREG 64,0x8        0 72932 error_log.ssl
>         httpd   5907  root   19w  VREG 64,0x8      787 72935 ssl_engine_log
>         httpd   5907  root   21w  VREG 64,0x8        0 72939 extended_log
>         httpd   5907  root   22w  VREG 64,0x8        0 72939 extended_log
>         httpd   5907  root   23w  VREG 64,0x8        0 72940 ssl_request_log
>         ...(ditto)...
> 
> Notice that file descriptor 10 --open for writing-- did not close and re-open
> (it's still on the old renamed file).  Presumably, it corresponds to a
> "stderr"(?) file handle opened/dup-ed(?) by mod_ssl code somewhere. 
> 
> Ralph, shouldn't mod_ssl write to some Apache API instead of opening/dup-ing a
> file directly?

It uses the Apache API for writing to the error_log, of course.  I guess the
open filedescriptor comes from the pass phrase dialog which had to fiddle
around a little bit to be able to display the dialog. I'll look at this...
 
> Any workarounds/fixes/patches? Stopping and restarting the server is really not
> very workable because of the cert passphrase dialog (which I *don't* want to
> put in a command pipe). 

I'll try to find the source of the problem and post a patch.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to