Re: MozNSS crash in apache?

Fri, 02 Sep 2011 14:18:33 -0700 

Hello all again,

So, looking through the source of the openldap TLS stuff, I've found where the 
message is happening:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/tls_m.c;h=c85d322014fa838341f3fefdea9a5f693fadc079;hb=f7a0fc9f8b7fa9cfecd6a075b2867abd149dd0de#l1669

according to a comment a couple of lines up:
"/* no moznss db found, or not using moznss db */"

I have also done an strace on apache, here are the (I think) most relevant 
parts:
--------------------------------------------------------------------------------
stat("/etc/openldap/cacerts/secmod.db", 0x7fffe681c1c0) = -1 ENOENT (No such 
file or directory)
open("/etc/openldap/cacerts/secmod.db", O_RDONLY) = -1 ENOENT (No such file or 
directory)
stat("/etc/openldap/cacerts/cert8.db", 0x7fffe681c580) = -1 ENOENT (No such 
file or directory)
open("/etc/openldap/cacerts/cert8.db", O_RDONLY) = -1 ENOENT (No such file or 
directory)
stat("/etc/openldap/cacerts/cert7.db", 0x7fffe681c5b0) = -1 ENOENT (No such 
file or directory)
open("/etc/openldap/cacerts/cert7.db", O_RDONLY) = -1 ENOENT (No such file or 
directory)
open("/pkcs11.txt", O_RDONLY)           = -1 ENOENT (No such file or directory)
access("/secmod.db", F_OK)              = -1 ENOENT (No such file or directory)
stat("/key3.db", 0x7fffe681c590)        = -1 ENOENT (No such file or directory)
open("/key3.db", O_RDONLY)              = -1 ENOENT (No such file or directory)
write(2, "TLS: could not initialize moznss"..., 68) = 68
write(2, "TLS: could perform TLS system in"..., 46) = 46
write(2, "TLS: error: could not initialize"..., 91) = 91
write(2, "TLS: can't create ssl handle.\n", 30) = 30
write(2, "ldap_err2string\n", 16)       = 16
write(2, "[Fri Sep 02 13:57:00 2011] [erro"..., 175) = 175
write(2, "ldap_err2string\n", 16)       = 16
-----------------------------------------------------------------------------------

So, it's looking for certs but I don't have those installed - nor do I think I 
should, as I think moznss is *supposed* to be a drop in replacement for openssl 
afaik. How do I get apache/php to act like a proper ldap query agent and just 
use the .pem file located in /etc/openldap/cacerts/?

I have a .pem file located in /etc/openldap/cacerts/<certname>.pem that seems 
to work fine with like every other LDAPS query I do...?? :\

Thanks for any help!

-Chris

Reply via email to