Using Apache 1.3.12 with mod_ssl 2.6.4 on NT. I created a certificate key with a password. When I started Apache, it asked for the pass phrase. Then I connected to the server from a Netscape browser (using the httpds port). It went through the certificate check and before displaying the server page the child process died with a segmentation error. Running the server under debug and using the -X option, I could see that it was dying in ssl_log and was called from ssl_io_suck_read. In ssl_io_suck_read, I noticed that len is truncated to no more than ss->pendlen but then ss->pendptr is copied to buf (see code segment below). I added another check to truncate len if it was longer than buf. Recompiling this change and running the server again, everything worked fine. Does this make sense to people who know the code better than me? Thanks, Bruce (line 263) rv = -1; if (r != NULL) { ss = ap_ctx_get(r->ctx, "ssl::io::suck"); if (ss != NULL) { if (ss->active && ss->pendlen > 0) { /* ok, there is pre-sucked data */ len = (ss->pendlen > len ? len : ss->pendlen); /* here is where I add my check for strlen(buf) < len */ memcpy(buf, ss->pendptr, len); ss->pendptr += len; ss->pendlen -= len; ssl_log(r->server, SSL_LOG_TRACE, "I/O: injecting %d bytes of pre-sucked data " "into Apache I/O layer", len); rv = len; } } ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]