On Wed, Nov 17, 1999, Marco A. Zamora Cunningham wrote:
> [...]
> Notice that file descriptor 10 --open for writing-- did not close and re-open
> (it's still on the old renamed file). Presumably, it corresponds to a
> "stderr"(?) file handle opened/dup-ed(?) by mod_ssl code somewhere.
>
> Ralph, shouldn't mod_ssl write to some Apache API instead of opening/dup-ing a
> file directly?
>
> Any workarounds/fixes/patches? Stopping and restarting the server is really not
> very workable because of the cert passphrase dialog (which I *don't* want to
> put in a command pipe).
Ok, I've found the bug. I did a dup2 to restore stderr, but forgot to close
the temporary fd I used for storing the stderr. The bug occurs for people
which use encrypted private keys only. The following patch fixes the problem
and will be included in mod_ssl 2.4.9:
Index: ssl_engine_pphrase.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_pphrase.c,v
retrieving revision 1.39
diff -u -r1.39 ssl_engine_pphrase.c
--- ssl_engine_pphrase.c 1999/10/19 10:33:17 1.39
+++ ssl_engine_pphrase.c 1999/11/18 08:47:29
@@ -498,6 +498,7 @@
* Restore STDERR to Apache error logfile
*/
dup2(STDERR_FILENO_STORE, STDERR_FILENO);
+ close(STDERR_FILENO_STORE);
#ifdef WIN32
fclose(con);
#endif
Thanks for the hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
