Sorry for those of you that are reading this for the 2nd time, but I felt I
should sent it to modssl and openssl lists to see if I can get any help.
I've got some strange problems with the following setup:
Solaris 7
apache 1.3.12
apache Jserv 1.1
mod_ssl 2.6.3-1.3.12
openssl-0.9.5a (just upgraded today from 0.9.5, but it didn't fix the
problem described below)
I have searched the message archives, but I didn't see anything
there, so no flames please if I missed an answer to this. Occasionally,
when users connect to one of the httpd daemons (on 443), the daemon goes
nuts and allocates almost ALL of my available physical ram and swap space.
It takes about 90 seconds to allocate the ram, during which time the machine
will not respond to anything (ie. more web requests, login on console, etc).
Once this httpd request has allocated approximately 550 megs of ram, the
system becomes usable again, but obviously runs slower. If I kill the bad
httpd, the whole process will eventually repeat itself. Sometimes it
happens again in 2 minutes, sometimes not for a day or two.
In the SSL_ENGINE_LOG logfile, the only errors I see for this httpd
daemon are:
[25/Apr/2000 18:10:21 25349] [error] SSL handshake failed (server
server.address.was.here:443, client xxx.xxx.xxx.xxx) (OpenSSL library error
follows)
[25/Apr/2000 18:10:21 25349] [error] OpenSSL: error:0D06B078:asn1 encoding
routines:ASN1_get_object:header too long
[25/Apr/2000 18:10:21 25349] [error] OpenSSL: error:0D080065:asn1 encoding
routines:d2i_ASN1_INTEGER:bad object header
[25/Apr/2000 18:10:21 25349] [error] OpenSSL: error:0D067004:asn1 encoding
routines:ASN1_COLLATE_PRIMITIVE:nested asn1 error
Then about 10 seconds later:
[25/Apr/2000 18:10:29 25349] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
I would appreciate ANY help anyone can offer as this is currently
crashing an important production server on a regular basis. Thanks for your
help.
Chris Smith
Programmer
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
