Jan Dries wrote:

> Steve Hay wrote:
> >
> > I still can't get Apache+mod_ssl running as a service under NT.
> >
> > When trying to start the service I either get "Error 1067: The process
> > terminated unexpectedly" or else my machine hangs completely.
>
> What happens here is probably that Apache spawns a child process, and
> subsequently it dies, after which Apache will spawn a new process that
> again dies etc. I've seen this a few times on my machine when playing
> with Apache + NT Service. The real nice thing is when the service is on
> automatic, because then it will hang your machine as soon as you reboot
> it.
>
> What are the log files saying?

Nothing at all is written to error.log or access.log.

Adding the configuration lines:

    SSLLog    logs/ssl_error.log
    SSLLogLevel    debug

to my httpd.conf file I get the following lines written into ssl_error.log:

    [info]  Init: Loading certificate & private key of SSL-aware server
pilchard.uk.radan.com:443
    [info]  Init: Requesting pass phrase from dialog filter program
(d:/apache/conf/ppfilter.exe)
    [error] Init: Pass phrase incorrect (OpenSSL library error follows)
    [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad
tag
    [error] OpenSSL: error:0D09D082:asn1 encoding
routines:d2i_RSAPrivateKey:parsing
    [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1
lib

The PassPhraseDialog program ppfilter.exe is just a compiled version of the
following Perl script (obviously intended only for testing purposes...):

    if (scalar @ARGV == 2 and $ARGV[0] =~ /pilchard/i and $ARGV[0] =~ /443/
and $ARGV[1] =~ /rsa/i) {
        print "ntpc99\n";
    }
    else {
        exit 1;
    }

This program works fine when starting Apache as a Console App, so I don't know
where the "Pass phrase incorrect" error above is coming from.  The
ssl_error.log gets the following lines written to it when starting Apache as a
Console App:

    [info]  Init: Loading certificate & private key of SSL-aware server
pilchard.uk.radan.com:443
    [info]  Init: Requesting pass phrase from dialog filter program
(d:/apache/conf/ppfilter.exe)
    [trace] Init: (pilchard.uk.radan.com:443) encrypted RSA private key - pass
phrase requested
    [info]  Init: Configuring server pilchard.uk.radan.com:443 for SSL
protocol
    [trace] Init: (pilchard.uk.radan.com:443) Creating new SSL context
(protocols: SSLv2, SSLv3, TLSv1)
    [trace] Init: (pilchard.uk.radan.com:443) Configuring RSA server
certificate
    [trace] Init: (pilchard.uk.radan.com:443) Configuring RSA server private
key
    [info]  Init: Loading certificate & private key of SSL-aware server
pilchard.uk.radan.com:443
    [info]  Init: Requesting pass phrase from dialog filter program
(d:/apache/conf/ppfilter.exe)
    [trace] Init: (pilchard.uk.radan.com:443) encrypted RSA private key - pass
phrase requested
    [info]  Init: Configuring server pilchard.uk.radan.com:443 for SSL
protocol
    [trace] Init: (pilchard.uk.radan.com:443) Creating new SSL context
(protocols: SSLv2, SSLv3, TLSv1)
    [trace] Init: (pilchard.uk.radan.com:443) Configuring RSA server
certificate
    [trace] Init: (pilchard.uk.radan.com:443) Configuring RSA server private
key

I'm using the same certificate and key files, the same
PassPhraseDialog-emitting program and the same httpd.conf file when trying to
run as a Service and as a Console App.  The ONLY difference is whether I type
"net start apache" or "apache" to start it.

> > Has anyone else got this running as a service or can shed any more light
> > on the problem?
>
> I planned to take a look at this when I read your previous posting, but
> I haven't yet found time to do so. And I probably won't have time for it
> until the weekend.

I hope you do get some time sometime.  I'd really appreciate any help I can
get.

Thanks,

Steve Hay


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to