RE: Problem with apr_time_exp_lt (localtime_r) on AIX
lekha, Firstly apr_time_exp_lt() is just a wrapper around the native UNIX (aix) calls, and is therefore subject to all of UNIX's limitations. The problem is that UNIX has a know date limit which is Tue, 19 Jan 2038 03:14:07 GMT The reason for this is that a time_t is a 32 bit signed number. The maximum positive value that can be represented in one is 2147483647. The reason you have a problem and others don't is your timezone. To convert to local time, you have to add your timezone offset (or in my case subtract my timezone offset) from GMT. (This is what localtime does.) You are 5 hours ahead of GMT, so you would add (5 * 60 * 60) 18,000 seconds to the time_t variable... thereby overflowing it... Its hex contents become: 0x8000464f which is -2147465649 -tony From: Lekha Menon [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 01, 2006 12:18 AMTo: dev@httpd.apache.orgSubject: Re: Problem with apr_time_exp_lt (localtime_r) on AIX Sorry.The test program worked fine. However, call to API apr_time_exp_lt () fails. Itreturns year1 with 214748364700. When iput is 2147, it returns year as 138. My local time zone setting is PAKST (GMT +5). Is this causing the problem? Thanks Regards,Lekha MenonExtn - 5329 - Original Message - From: Bennett, Tony - CNF To: dev@httpd.apache.org Sent: Tuesday, February 28, 2006 9:51 PM Subject: RE: Problem with apr_time_exp_lt (localtime_r) on AIX Lekha, I wrote the sample program below, and ran it on both AIX 4.3.3 AIX 5.1 in both threaded and unthreaded mode (xlc vs. xlc_r compiler). In both cases it returned 138. #ifdef _THREAD_SAFE#include pthread.h#endif #include stdio.h#include time.h main(){ struct tm wk_localtime; struct tm *my_localtime; time_t my_time = 2147483647; #ifdef _THREAD_SAFE memset(wk_localtime, '\0', sizeof(wk_localtime)); my_localtime = localtime_r(my_time, wk_localtime); #else my_localtime = localtime(my_time); #endif printf("my_localtime-tm_year=%hd\n", my_localtime-tm_year); } From: Lekha Menon [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 4:57 AMTo: dev@httpd.apache.orgSubject: Problem with apr_time_exp_lt (localtime_r) on AIX Hi, I am facing a strange problem with apr_time_exp_lt. On AIX, when i call apr_time_exp_lt with 2nd arg as 214748364700LL, it sets the yr as 1 instead on 138. The same works on Linux properly. I investigated the code found that apr_time_exp_lt internally calls explode_time(). Here, localtime_r is called with arguments (tt, tm) where tt=2147483647. localtime_r seems to be having some issue! For checking localtime_r, i wrote a sample program. There also, while passing tt=2147483647, it returned 1 instead of 138. Is this AIX specific? Please help! Thanks in adv! Regards, Lekha http://www.patni.comWorld-Wide Partnerships. World-Class Solutions. _ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _ http://www.patni.comWorld-Wide Partnerships. World-Class Solutions. _ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _
RE: Problem with apr_time_exp_lt (localtime_r) on AIX
Lekha, I wrote the sample program below, and ran it on both AIX 4.3.3 AIX 5.1 in both threaded and unthreaded mode (xlc vs. xlc_r compiler). In both cases it returned 138. #ifdef _THREAD_SAFE#include pthread.h#endif #include stdio.h#include time.h main(){ struct tm wk_localtime; struct tm *my_localtime; time_t my_time = 2147483647; #ifdef _THREAD_SAFE memset(wk_localtime, '\0', sizeof(wk_localtime)); my_localtime = localtime_r(my_time, wk_localtime); #else my_localtime = localtime(my_time); #endif printf("my_localtime-tm_year=%hd\n", my_localtime-tm_year); } From: Lekha Menon [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 4:57 AMTo: dev@httpd.apache.orgSubject: Problem with apr_time_exp_lt (localtime_r) on AIX Hi, I am facing a strange problem with apr_time_exp_lt. On AIX, when i call apr_time_exp_lt with 2nd arg as 214748364700LL, it sets the yr as 1 instead on 138. The same works on Linux properly. I investigated the code found that apr_time_exp_lt internally calls explode_time(). Here, localtime_r is called with arguments (tt, tm) where tt=2147483647. localtime_r seems to be having some issue! For checking localtime_r, i wrote a sample program. There also, while passing tt=2147483647, it returned 1 instead of 138. Is this AIX specific? Please help! Thanks in adv! Regards, Lekha http://www.patni.comWorld-Wide Partnerships. World-Class Solutions. _ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _
RE: problem starting apache - __mcount runtime defn not found.
If you compiled your module with a -p or -pg argument, then the compiler will insert a call to mcount() at the beginning of each function. This could explain how you have an unresolved reference. It could be that the system's profile libraries were not included in the library search path. Here's what they are (taken from /etc/vac.cfg): AIX 4.3.3: -L/usr/vacpp/lib/profiled,-L/lib/profiled,-L/usr/lib/profiled AIX 5.1.0: -L/usr/vacpp/lib/profiled,-L/lib/profiled,-L/usr/lib/profiled For more specific compiling and DSO questions, you might consider posting on the comp.unix.aix newsgroup: http://groups-beta.google.com/group/comp.unix.aix?hl=enlr=ie=UTF-8 -tony -Original Message- From: Jeff Trawick [mailto:[EMAIL PROTECTED] Sent: Friday, May 06, 2005 5:17 AM To: dev@httpd.apache.org Subject: Re: problem starting apache - __mcount runtime defn not found. On 5/5/05, Balaji [EMAIL PROTECTED] wrote: I have built an apache dso using the make system on AIX. But when I do an apachectl startssl, it throws the following error: Cannot load /home/rbalaji/usr/local/apache2/modules/mod_dyso.so into server: rtl d: 0712-001 Symbol __mcount was referenced\n from module /home/rbalaji/usr/ Maybe that symbol will be familar to folks on the aix usenet group. ... I am using makeC++SharedLib to link and xlC_r to compile my sources. Check how apxs+libtool will compile a plain C module, and take those commands and change as little as necessary to deal with C++ (maybe just change linker and compiler to xlC_r???) and see if that helps. Set environment variable LTFLAGS to a space prior to invoking apxs so that you'll see the low-level commands which get issued.
RE: apache httpd with C++ on AIX
Here's how I configureApache 2.0.52 for AIX, prior to issuing a 'make': CC="xlc_r"; export CCCPPFLAGS="-D_THREAD_SAFE"; export CPPFLAGS"./configure" \"--prefix=/usr/local/apache" \"--with-mpm=worker" \"--without-berkeley-db" \"--enable-dav=static" \"--enable-dav_fs=static" \"--with-ssl=/usr/local/ssl" \"--enable-ssl=static" \"--with-egd=/etc/entropy" \ HTH, -tony From: Balaji [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 3:11 PMTo: dev@httpd.apache.orgSubject: apache httpd with C++ on AIX Hi, I am trying to compile an apache httpd module using a makefile and not using apxs. But when I try to boot apache, it throws the following error Syntax error on line 238 of /home/rbalaji/usr/local/apache2/conf/httpd.conf: Cannot load /home/rbalaji/usr/local/apache2/modules/mod_dyso.so into server: \t0 509-026 System error: Cannot run a file that does not have a valid format. Looks like apxs binds in some flags and generates some register functions into the files before compiling. I am really not sure what it does. But originally, if I have a class keyword in my source files, apxs doesnot compile it at all. I am using xlc compiler on AIX and I have configured apache to use this compiler before the configure stage itself. Can anybody tell me what the missing link is? Is it impossible to work with C++ on apache. (sounds illogical though) Your help will really really be significant to solve one of our problems. Regards,Balaji
RE: apache httpd with C++ on AIX
Sorry, I can't help you with APXS... ...I've never used it I've always "built from scratch". -tony From: Balaji [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 4:02 PMTo: dev@httpd.apache.orgSubject: RE: apache httpd with C++ on AIX Hi Tony, Thanks for the info. I will try configure with these options. But which is the parameter here that will make a difference. I had exported CC earlier. You are suggesting to set CPPFLAGS. But how will this preprocessor directive make a difference? Sorry if I am asking too many questions but I am trying to understand. Regards, Balaji From: Bennett, Tony - CNF [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 3:49 PMTo: dev@httpd.apache.orgSubject: RE: apache httpd with C++ on AIX Here's how I configureApache 2.0.52 for AIX, prior to issuing a 'make': CC="xlc_r"; export CCCPPFLAGS="-D_THREAD_SAFE"; export CPPFLAGS"./configure" \"--prefix=/usr/local/apache" \"--with-mpm=worker" \"--without-berkeley-db" \"--enable-dav=static" \"--enable-dav_fs=static" \"--with-ssl=/usr/local/ssl" \"--enable-ssl=static" \"--with-egd=/etc/entropy" \ HTH, -tony From: Balaji [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 04, 2005 3:11 PMTo: dev@httpd.apache.orgSubject: apache httpd with C++ on AIX Hi, I am trying to compile an apache httpd module using a makefile and not using apxs. But when I try to boot apache, it throws the following error Syntax error on line 238 of /home/rbalaji/usr/local/apache2/conf/httpd.conf: Cannot load /home/rbalaji/usr/local/apache2/modules/mod_dyso.so into server: \t0 509-026 System error: Cannot run a file that does not have a valid format. Looks like apxs binds in some flags and generates some register functions into the files before compiling. I am really not sure what it does. But originally, if I have a class keyword in my source files, apxs doesnot compile it at all. I am using xlc compiler on AIX and I have configured apache to use this compiler before the configure stage itself. Can anybody tell me what the missing link is? Is it impossible to work with C++ on apache. (sounds illogical though) Your help will really really be significant to solve one of our problems. Regards,Balaji
RE: apache httpd with C++ on AIX
Balaji, If you want to use DSO, then you need to modify the directives to NOT use "=static"... but instead use "=shared". BTW, xlc is NOT a C++ compiler... xlC (note capital c) is the C++ compiler interface I can't help you on using C++ in Apache... ...Apache's written in C and all of my modules are written in C. If you are going to use a "threaded" model, then you must specify the "threaded" interface to the C (or C++) compiler... which is why the "_r" is appended to the compiler name (i.e. xlc_r or for C++ xlC_r). Lastly, here are a couple of links to this topic being discussed on this list in the past: http://marc.theaimsgroup.com/?l=apache-httpd-devm=110932301429869w=2 http://marc.theaimsgroup.com/?l=apache-httpd-devm=110932347318524w=2 http://marc.theaimsgroup.com/?l=apache-httpd-devm=110932503111874w=2 http://marc.theaimsgroup.com/?l=apache-httpd-devm=110932582316449w=2 http://marc.theaimsgroup.com/?l=apache-httpd-devm=110933082716866w=2 HTH -tony From: Balaji [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 4:29 PMTo: dev@httpd.apache.orgSubject: RE: apache httpd with C++ on AIX Hi Tony, Thats exactly what I want to do. I dont intend to use apxs. Even, I want to build my dsos using make. What I basically wanted to understand is whether I can build and invoke c++ objects from my apache C module. I am trying to make this possible by compiling the whole apache server with a C++ compiler (xlc). Can you please tell me whether running the configure script with the parameters you have suggested makes working with C++ possible? This info would really be helpful to us. Regards,Balaji From: Bennett, Tony - CNF [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 4:17 PMTo: dev@httpd.apache.orgSubject: RE: apache httpd with C++ on AIX Sorry, I can't help you with APXS... ...I've never used it I've always "built from scratch". -tony From: Balaji [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 04, 2005 4:02 PMTo: dev@httpd.apache.orgSubject: RE: apache httpd with C++ on AIX Hi Tony, Thanks for the info. I will try configure with these options. But which is the parameter here that will make a difference. I had exported CC earlier. You are suggesting to set CPPFLAGS. But how will this preprocessor directive make a difference? Sorry if I am asking too many questions but I am trying to understand. Regards, Balaji From: Bennett, Tony - CNF [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 04, 2005 3:49 PMTo: dev@httpd.apache.orgSubject: RE: apache httpd with C++ on AIX Here's how I configureApache 2.0.52 for AIX, prior to issuing a 'make': CC="xlc_r"; export CCCPPFLAGS="-D_THREAD_SAFE"; export CPPFLAGS"./configure" \"--prefix=/usr/local/apache" \"--with-mpm=worker" \"--without-berkeley-db" \"--enable-dav=static" \"--enable-dav_fs=static" \"--with-ssl=/usr/local/ssl" \"--enable-ssl=static" \"--with-egd=/etc/entropy" \ HTH, -tony From: Balaji [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 04, 2005 3:11 PMTo: dev@httpd.apache.orgSubject: apache httpd with C++ on AIX Hi, I am trying to compile an apache httpd module using a makefile and not using apxs. But when I try to boot apache, it throws the following error Syntax error on line 238 of /home/rbalaji/usr/local/apache2/conf/httpd.conf: Cannot load /home/rbalaji/usr/local/apache2/modules/mod_dyso.so into server: \t0 509-026 System error: Cannot run a file that does not have a valid format. Looks like apxs binds in some flags and generates some register functions into the files before compiling. I am really not sure what it does. But originally, if I have a class keyword in my source files, apxs doesnot compile it at all. I am using xlc compiler on AIX and I have configured apache to use this compiler before the configure stage itself. Can anybody tell me what the missing link is? Is it impossible to work with C++ on apache. (sounds illogical though) Your help will really really be significant to solve one of our problems. Regards,Balaji
RE: Auth LDAP ssl/tls differences
Regarding LDAP, Apache is a client which must adhere to how the LDAP server is configured, be that a secure port (ldaps://) or via an unsecure connection (ldap://) that can be upgraded with a StartTLS. It appears, from the OpenLdap perspective, that use of ldaps:// is depricated in favor of StartTLS over ldap://. See the following links on OpenLdap website: http://www.openldap.org/faq/index.cgi?_highlightWords=ldapsfile=605 http://www.openldap.org/lists/openldap-software/200201/msg00042.html http://www.openldap.org/lists/openldap-software/200206/msg00387.html HTH, -tony -Original Message- From: Brad Nicholes [mailto:[EMAIL PROTECTED] Sent: Thursday, January 06, 2005 8:13 AM To: dev@httpd.apache.org; [EMAIL PROTECTED] Subject: Re: Auth LDAP ssl/tls differences I guess I am still a little unclear on what the advantage is to using ldap:// + start_tls vs. ldaps://. The end result is the same except that you have a secure connection to the LDAP server on 389 rather than 636. Is that the only reason? Administrators don't want to open a dedicated SSL port to their LDAP server? I thought that the advantage of start_tls was to be able to initiate an unsecure long-lived connection and then when required, converting it to a secure connection for a period time and then possible back to unsecure again. In other words, the ability to bounce back and forward from an unsecure connection to a secure connection. Since the ldap communication between the httpd server and the ldap server is basically a single authorization request and response, there is no point in which an initial unsecure connection can be converted to a secure connection except when the connection is established initially. The connection is either entirely secure or not. As far as util_ldap is concerned, it seems like just another way of doing the same thing. If you want a secure connection to the LDAP server, just use ldaps://. Unless I am missing something, ldap:// + start_tls isn't really buying you anything. Something to think about - what about ldap connection caching? Are the ldap://+start_tls connections cached separately from ldap:// and ldaps:// connections? Or do they keep flip-flopping back and forth as required by the http request? If they keep flip-flopping, it seems like a lot of overhead just to get a secure connection. If they are cached separately then we are just implementing another secure connection cache when we already have one. If I am completely missing the point, then please correct me. Brad [EMAIL PROTECTED] Tuesday, January 04, 2005 12:40 PM It seems that our support for ssl/tls with mod_ldap is considerably confusing and frustrating for users. The recent interest in fixing support for the Solaris/Netscape/Mozilla library reminded me of the fact that we need to finish thinking this through. Fast summary for those less familiar; there are two SSL schemas for LDAP communications. . Solaris/Netscape/Mozilla support is based on explicit SSLv3 connection to the ldaps:// port, 636. . OpenLDAP supports ldaps://, it also supports STARTTLS protocol over port 389. STARTTLS should not be invoked by the scheme ldaps:// (it's a semantic error - ldaps:// should not refer to an upgraded SSL connection, and would imply port 636 which is not correct for this protocol.) The correct scheme/port for STARTTLS LDAP connections is ldap:// with port 389 implicit. We need a mechanism to clarify to mod_ldap that TLS security is desired. Incident http://issues.apache.org/bugzilla/show_bug.cgi?id=31443 offers a solution which we should consider adopting. As I was asking for some offline feedback - Graham mentioned that some implementations use the URL to specify that STARTTLS is desired. But without some references the proposal seems to be a better option - we shouldn't be redefining the ldap:// URI space. Does anyone have any references to specifying STARTTLS as part of the URI to the ldap server? Any other comments on this patch before I integrate into httpd-2.1? Bill
RE: Is there a limit to using with-module directive ???
If it is a limit, then how do I add multiple modules ??? -Original Message- From: Rici Lake [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 7:08 PM To: [EMAIL PROTECTED] Subject: Re: Is there a limit to using with-module directive ??? On 18-Oct-04, at 9:03 PM, Bennett, Tony - CNF wrote: It only builds the module specified in the last --with-module directive. Is this a limitation with that directive ??? Yes, the directive only handles one module.
RE: Is there a limit to using with-module directive ???
Rici, Thanks for the patch... the line numbers were of course different, but I integrated the change it implements as you suggested and reran the following configure, which worked: CC=xlc_r; export CC CPPFLAGS=-D_THREAD_SAFE; export CPPFLAGS ./configure.new \ --prefix=/usr/local/apache \ --with-mpm=worker \ --without-berkeley-db \ --enable-dav=static \ --enable-dav_fs=static \ --with-ssl=/usr/local/ssl \ --enable-ssl=static \ --with-egd=/etc/entropy \ --with-module=aaa:auth_extern aaa:dms_apr \ $@ Just for the archives, note --with-module can still only be used once, but you can specify multiple modules... just separate them with white space. Thanks again, Rici... Lets hope they integrate this into the base configure script. -tony -Original Message- From: Rici Lake [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 7:59 AM To: Bennett, Tony - CNF Subject: Re: Is there a limit to using with-module directive ??? On 19-Oct-04, at 9:22 AM, Bennett, Tony - CNF wrote: If it is a limit, then how do I add multiple modules ??? You might find the following patch helpful (I haven't tried it with 2.0.52) --- httpd-2.0.50/configure Mon Jun 28 19:11:29 2004 +++ httpd-2.0.50-bak/configure Wed Aug 4 20:56:04 2004 @@ -13296,7 +13296,8 @@ # Check whether --with-module or --without-module was given. if test ${with_module+set} = set; then - withval=$with_module + withvals=$with_module + for withval in $withvals; do modtype=`echo $withval | sed -e's/\(.*\):.*/\1/'` pkg=`echo $withval | sed -e's/.*:\(.*\)/\1/'` @@ -13334,6 +13335,7 @@ MODLIST=$MODLIST $module echo $as_me:$LINENO: result: added $withval 5 echo ${ECHO_T}added $withval 6 +done else echo $as_me:$LINENO: result: no extra modules 5
Is there a limit to using with-module directive ???
Title: Is there a limit to using with-module directive ??? I have tried adding two different home-grown modules to be statically linked when attempting to configure httpd 2.0.52 on AIX 5.1. My configure command: CC=xlc_r; export CC CPPFLAGS=-D_THREAD_SAFE; export CPPFLAGS ./configure \ --prefix=/usr/local/apache \ --with-mpm=worker \ --without-berkeley-db \ --enable-dav=static \ --enable-dav_fs=static \ --with-ssl=/usr/local/ssl \ --enable-ssl=static \ --with-egd=/etc/entropy \ --with-module=aaa:dms_apr \ --with-module=aaa:auth_extern \ $@ It only builds the module specified in the last --with-module directive. Is this a limitation with that directive ??? If so, how do I add two modules that are to be statically linked? Thanks, -tony
Any plans for RFC3744
Title: Any plans for RFC3744 Are there any plans afoot to implement support for RFC3744 - WebDav ACL, either as a stand-alone module or by modifying mod_dav/mod_dav_fs ??? -tony
RE: ap_max_requests_per_child isn't part of the API, is it?
Jeff, You referred to formal definition of our API Is it documented somewhere? -tony -Original Message- From: Jeff Trawick [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 5:25 AM To: [EMAIL PROTECTED] Subject: Re: ap_max_requests_per_child isn't part of the API, is it? Jeff Trawick wrote: Some level of mod_php (presumably recent) won't load with Apache 2 on AIX, and the reason is that the decl of that variable in mpm_common.h isn't formally exported (AP_DECLARE_DATA). PHP should be using ap_mpm_query(), right? See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21046 Can anybody agree that something like this is is part of the formal definition of our API? Apache header files contain declarations for a number of variables and functions. Many of these are part of the API, while some of these are simply necessary for the division of the Apache implementation across many source files. Any such variables that are considered part of the API are declared with the AP_DECLARE_DATA qualifier. Here is an example from scoreboard.h: AP_DECLARE_DATA extern scoreboard *ap_scoreboard_image; Any such functions that are considered part of the API are declared with AP_DECLARE() or AP_DECLARE_NONSTD(). Examples include: AP_DECLARE(void) ap_add_common_vars(request_rec *r); AP_DECLARE_NONSTD(int) ap_rvputs(request_rec *r,...); In addition, hooks are declared with AP_DECLARE_HOOK() or APR_DECLARE_EXTERNAL_HOOK(). If the declaration of a variable or function does not include these special qualifiers, it is not part of the API, and beyond the fact that it is not intended for module use, modules will not be able to access the variable or function on all platforms, leading to obscure failures for the users of such modules.
RE: Apache/2.1.0-dev, mod_ssl and insufficient entry
JW, Do you really mean /usr/local/add-on/egd/bin/egd.pl ^ -tony -Original Message- From: J. W. Ballantine [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 6:37 AM To: [EMAIL PROTECTED] Subject: Apache/2.1.0-dev, mod_ssl and insufficient entry I tried this question with users and was directed here. If that is wrong, please let me know. Thanks I'm trying to start Apache/2.1.0-dev with mod_ssl enabled and all I keep getting is the dreaded: [Wed Jun 18 15:31:59 2003] [warn] Init: PRNG still contains insufficient entropy! [Wed Jun 18 15:31:59 2003] [error] Init: Failed to generate temporary 512 bit RSA private key Configuration Failed I understand that this is controlled by SSLRandomSeed in the httpd.conf file, and I've tried the following pairs to generate enough entropy: SSLRandomSeed startup exec:`/usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool` SSLRandomSeed connect exec:`/usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool` SSLRandomSeed startup egd:/etc/local/openssh/egd-pool SSLRandomSeed connect egd:/etc/local/openssh/egd-pool SSLRandomSeed startup file:/etc/local/openssh/httpd_ssl.seed SSLRandomSeed connect file:/etc/local/openssh/httpd_ssl.seed SSLRandomSeed startup builtin SSLRandomSeed connect builtin where /etc/local/openssh/httpd_ssl.seed was created by: /usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool read 255 and /etc/local/openssh/egd-pool is the socket from egd.pl ( which works fine with pnrgd for opensshd ). Any thoughts/pointers will be greatly appreciated. The cvs date is 20030612 and other info on httpd are: Server version: Apache/2.1.0-dev Server built: Jun 12 2003 12:14:31 Server version: Apache/2.1.0-dev Server built: Jun 12 2003 12:14:31 Server's Module Magic Number: 20030213:1 Architecture: 32-bit Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT=/local/APACHE/Apache2 -D SUEXEC_BIN=/local/APACHE/Apache2/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_default.c mod_auth_basic.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c
RE: Apache/2.1.0-dev, mod_ssl and insufficient entry
So did changing it from egc.pl to egd.pl solve your insufficient entropy error ??? -tony -Original Message- From: J. W. Ballantine [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 8:06 AM To: [EMAIL PROTECTED] Subject: Re: Apache/2.1.0-dev, mod_ssl and insufficient entry Yes, that is the name of the perl script that reads from the pool for seed generation. -- In Response to your message - Date: Thu, 19 Jun 2003 07:47:05 -0700 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] From: Bennett, Tony - CNF [EMAIL PROTECTED] Subject: RE: Apache/2.1.0-dev, mod_ssl and insufficient entry JW, Do you really mean /usr/local/add-on/egd/bin/egd.pl ^ -tony -Original Message- From: J. W. Ballantine [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 6:37 AM To: [EMAIL PROTECTED] Subject: Apache/2.1.0-dev, mod_ssl and insufficient entry I tried this question with users and was directed here. If that is wrong, please let me know. Thanks I'm trying to start Apache/2.1.0-dev with mod_ssl enabled and all I keep getting is the dreaded: [Wed Jun 18 15:31:59 2003] [warn] Init: PRNG still contains insufficient entropy! [Wed Jun 18 15:31:59 2003] [error] Init: Failed to generate temporary 512 bit RSA private key Configuration Failed I understand that this is controlled by SSLRandomSeed in the httpd.conf file, and I've tried the following pairs to generate enough entropy: SSLRandomSeed startup exec:`/usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool` SSLRandomSeed connect exec:`/usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool` SSLRandomSeed startup egd:/etc/local/openssh/egd-pool SSLRandomSeed connect egd:/etc/local/openssh/egd-pool SSLRandomSeed startup file:/etc/local/openssh/httpd_ssl.seed SSLRandomSeed connect file:/etc/local/openssh/httpd_ssl.seed SSLRandomSeed startup builtin SSLRandomSeed connect builtin where /etc/local/openssh/httpd_ssl.seed was created by: /usr/local/add-on/egd/bin/egc.pl /etc/local/openssh/egd-pool read 255 and /etc/local/openssh/egd-pool is the socket from egd.pl ( which works fine with pnrgd for opensshd ). Any thoughts/pointers will be greatly appreciated. The cvs date is 20030612 and other info on httpd are: Server version: Apache/2.1.0-dev Server built: Jun 12 2003 12:14:31 Server version: Apache/2.1.0-dev Server built: Jun 12 2003 12:14:31 Server's Module Magic Number: 20030213:1 Architecture: 32-bit Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT=/local/APACHE/Apache2 -D SUEXEC_BIN=/local/APACHE/Apache2/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_default.c mod_auth_basic.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c
RE: mod_dav overhaul
If this is a wish list... I'd kinda like to see dav_fs_set_headers() (in repos.c) be able to handle content-type. Here's the comment contained in that function: /* ### how to set the content type? */ /* ### until this is resolved, the Content-Type header is busted */ -tony -Original Message- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: Re: mod_dav overhaul At 02:50 PM 5/28/2003, Cliff Woolley wrote: On Wed, 28 May 2003, William A. Rowe, Jr. wrote: It makes me wonder... today we have to create and destroy the pool. But what about reuse? The overhead of creating the pool itself? It seems like a good extention to the apr_pool api if we had an apr_pool_recycle function that would do the usual pool cleanups and frees, but let us reuse the pool's own memory without getting tangled in thread locking. For any symmetrical use of pools (where each recycle is generally similar in footprint to the prior allocations) this could be pretty sweet. You can do what you suggest by just doing an apr_pool_clear() and then reuse the pool, no? There's the max_mem_free thing, but other than that... Ok, I was caught unaware :-) Time to refactor some bits of mod_autoindex :-)
AIX Compilation messages in 2.0.45
FYI: When compiling 2.0.45 on AIX 4.3.3 I am getting loads of Informational messages like (but not limited to): 1506-304 (I) No function prototype given for _Errno 1506-304 (I) No function prototype given for strcasecmp 1506-304 (I) No function prototype given for strncasecmp 1506-304 (I) No function prototype given for yy_flex_alloc 1506-304 (I) No function prototype given for yy_fatal_error 1506-304 (I) No function prototype given for yy_flex_alloc 1506-304 (I) No function prototype given for ssl_expr_yy_init_buffer 1506-304 (I) No function prototype given for ldap_unbind_s 1506-304 (I) No function prototype given for ldap_init It does successfully compile, and all modules seem to work fine. In case it matters, here is my config.nice: CC=cc_r; export CC CPPFLAGS=-qcpluscmt; export CPPFLAGS ./configure \ --with-mpm=worker \ --prefix=/usr/local/apache \ --enable-dav=static \ --enable-dav_fs=static \ --enable-ssl=static \ --with-ldap=yes \ --with-ldap-include=/usr/local/include \ --with-ldap-lib=/usr/local/lib \ --enable-ldap=static \ --enable-auth_ldap=static \ $@ -tony
RE: Apache 2.0.44 w/ auth_ldap build errors
Don't know if it will help, but here's my config.nice for configuring apache 2.0.44 on AIX: CC=cc_r; export CC CPPFLAGS=-qcpluscmt;export CPPFLAGS ./configure \ --with-mpm=worker \ --prefix=/usr/local/apache \ --enable-dav=static \ --enable-dav_fs=static \ --enable-ssl=static \ --with-ldap=yes \ --with-ldap-include=/usr/local/include \ --with-ldap-lib=/usr/local/lib \ --enable-ldap=static \ --enable-auth_ldap=static \ $@ -Original Message- From: Trevor Hurst [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 2:04 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Apache 2.0.44 w/ auth_ldap build errors Anyone in users have this problem, or should I say how mny out there have successfully compiled apache2.0.44 with ldap and auth-ldap support? Did anyone have the same problem I'm experiencing? - Trev Trevor Hurst wrote: Cliff Woolley wrote: On Thu, 27 Feb 2003, Jeff Trawick wrote: it would be useful if ./configure --help for Apache would also display apr and apr-util --help screen if the Apache configure is going to configure apr and apr-util as well ++1! Please, someone try to help me out here again... argh! ;-/ I've installed OpenLDAP to use the headers and libs but still to no avail...same error when I pass it the info for the configure: ./configure --with-ldap --enable-ldap --enable-auth-ldap --with-ldap-include=/usr/freeware/include/ \ --with-ldap-lib=/usr/freeware/lib32 --with-ldap=libldap.so.3 checking for ldap support... setting APRUTIL_INCLUDES to -I/usr/freeware/include/ setting APRUTIL_LDFLAGS to -L/usr/freeware/lib32 checking for ldap_init in -l... no configure: error: could not find an LDAP library configure failed for srclib/apr-util ---oOo--- Why doesn't it like/see my ldap library I'm pointing it to? Am I supposed to use some development libraries instead?? I'm at a complete loss of what in the world it's wanting!? Any ideas guys? Thanks, -- Trev
RE: Webdav
We operate a WebDav site, currently on Apache 2.0.42, but operating in the same manner since 2.0.16... ...Our users are able to create, move, copy, and delete files. We have Apache running as user nobody and group nobody (but started as root)... ...we are using the worker model. The all of the DAV filesystem tree must be owned by user nobody and group nobody. The same goes for the DavLockDB file and its directory. -tony -Original Message- From: Martin Ouimet [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 8:11 AM To: Apache dev mailing list (E-mail) Subject: Webdav Hi folks, I'm an network administrator using webdav to share users folder and im running it as root since user need to create, move, copy, delete files. I was wondering first is there a patch or any hack to lower down priviledge because I dislike my server having apache 2.0 running as root. If it doesnt seem to exists i'll code one. So the question is, if I start a patch to lower down down webdav privilege will I loose my time? Martin Ouimet
RE: Group not working properly
FWIW, on AIX 4.3.3 I had to change it to Group nobody -Original Message- From: Greg Ames [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 2:13 PM To: [EMAIL PROTECTED] Subject: Re: Group not working properly Graham Leggett wrote: Hi all, While testing mod_ldap, I noticed it was creating a shared memory file like so: [minfrin@jessica httpd-2.0]$ ls -al /tmp/mod_ldap_cache -rw-r--r--1 nobody 42949672954 Jan 22 14:09 /tmp/mod_ldap_cache The groupid is set to 4294967295 - which is bogus. The default config file says (said) this: User nobody Group #-1 That #-1 has caused me grief before when testing just the httpd core on some platforms (OS/390? Linux? FreeBSD?...can't remember). I'd prefer to replace it if we had a more portable alternative. Greg
RE: [Auth_ldap] util_ldap_cache shared memory failure
Title: Message I just discovered that this is an already reported bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12757 Is anyone working on this Thanks, -tony -Original Message-From: Bennett, Tony - CNF [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 2:44 PMTo: '[EMAIL PROTECTED]'Cc: [EMAIL PROTECTED]Subject: [Auth_ldap] util_ldap_cache shared memory failure Sorry for the cross post, but I'm not sure which group is appropriate. I am getting the following message in my apache error log [Wed Dec 18 11:23:18 2002] [debug] util_ldap_cache.c(307): (17)Do not specify an existing file. I believe I have tracked this down to a problem with util_ldap_cache.c. util_ldap.c has registered its util_ldap_init_module() function to be called during "child_init" as follows: ap_hook_child_init(util_ldap_init_module, NULL, NULL, APR_HOOK_MIDDLE); util_ldap_init_module() in turn calls util_ldap_cache_init() (contained in util_ldap_cache.c). util_ldap_cache_init() tries to create a shared memory segment by calling apr_shm_create() as follows: result = apr_shm_create(util_ldap_shm, reqsize, "/tmp/ldap_cache", pool); This call fails for all but the first time it is called... with the message shown at the top. The failure causes util_ldap_cache_init() to return immediately... and not complete the function. The failure is because apr_shm_create() expects the file, "/tmp/ldap_cache", to be non-existent... ...and it will create it... if it exists, then the function fails. If I'm not mistaken, I don't believe the shared memory should be "created" for each child. Using mod_auth_digest, and mod_ssl as a model... it appears it should be created in a ap_hook_post_config() hook. Does this seem correct??? Here's my Environment: Version: Apache 2.0.42 OS: AIX 4.3.3 Compiler: IBM C for AIX version 6.0 Thanks, -tony
util_ldap_cache shared memory failure
Title: Message Graham, Is the problem I reported at the bottom the same as the problem you reported on 12-09-02, in this posting and if so did you fix it? List: apache-httpd-devSubject: mod_ldap and threaded MPMsFrom: Graham Leggett minfrin () sharp ! fmDate: 2002-12-09 8:46:01Hi all,When httpd is compiled with the worker MPM (threaded), mod_ldap's connection pool fails - many connections to the LDAP server are opened until connections run out. The prefork MPM seems to work fine.I don't have much time this week to look at this, if someone who knows threads and locking could look at this I would be very grateful :)Regards,Graham-- -[EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..." -Tony -Original Message-From: Bennett, Tony - CNF [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 2:44 PMTo: '[EMAIL PROTECTED]'Cc: [EMAIL PROTECTED]Subject: [Auth_ldap] util_ldap_cache shared memory failure Sorry for the cross post, but I'm not sure which group is appropriate. I am getting the following message in my apache error log [Wed Dec 18 11:23:18 2002] [debug] util_ldap_cache.c(307): (17)Do not specify an existing file. I believe I have tracked this down to a problem with util_ldap_cache.c. util_ldap.c has registered its util_ldap_init_module() function to be called during "child_init" as follows: ap_hook_child_init(util_ldap_init_module, NULL, NULL, APR_HOOK_MIDDLE); util_ldap_init_module() in turn calls util_ldap_cache_init() (contained in util_ldap_cache.c). util_ldap_cache_init() tries to create a shared memory segment by calling apr_shm_create() as follows: result = apr_shm_create(util_ldap_shm, reqsize, "/tmp/ldap_cache", pool); This call fails for all but the first time it is called... with the message shown at the top. The failure causes util_ldap_cache_init() to return immediately... and not complete the function. The failure is because apr_shm_create() expects the file, "/tmp/ldap_cache", to be non-existent... ...and it will create it... if it exists, then the function fails. If I'm not mistaken, I don't believe the shared memory should be "created" for each child. Using mod_auth_digest, and mod_ssl as a model... it appears it should be created in a ap_hook_post_config() hook. Does this seem correct??? Here's my Environment: Version: Apache 2.0.42 OS: AIX 4.3.3 Compiler: IBM C for AIX version 6.0 Thanks, -tony
RE: Webdav
You don't have to run Apache 2.0 as root in order to provide webdav capability... ...If you are running as user 'nobody', just ensure that the directory tree that is dav enabled is owned by user 'nobody'. -tony -Original Message- From: Martin Ouimet [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 8:11 AM To: Apache dev mailing list (E-mail) Subject: Webdav Hi folks, I'm an network administrator using webdav to share users folder and im running it as root since user need to create, move, copy, delete files. I was wondering first is there a patch or any hack to lower down priviledge because I dislike my server having apache 2.0 running as root. If it doesnt seem to exists i'll code one. So the question is, if I start a patch to lower down down webdav privilege will I loose my time? Martin Ouimet
RE: Webdav
Notice: I have cross-posted this into the dav-dev list where it more aptly belongs. mod_dav was designed assuming it owns all resources in its repository... whether that repository is a file-system (like the out-of-the-box version of mod_dav mod_dav_fs), or whether that repository is a data-base (like catacomb: http://www.webdav.org/catacomb/). mod_dav does not provide authentication, authorization, or access control. -tony -Original Message- From: Martin Ouimet [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 12:33 PM To: [EMAIL PROTECTED] Subject: RE: Webdav this is impossible because im sharing all my user's home directory via webdav. -Original Message- From: Bennett, Tony - CNF [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 11:48 AM To: '[EMAIL PROTECTED]' Subject: RE: Webdav You don't have to run Apache 2.0 as root in order to provide webdav capability... ...If you are running as user 'nobody', just ensure that the directory tree that is dav enabled is owned by user 'nobody'. -tony -Original Message- From: Martin Ouimet [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 8:11 AM To: Apache dev mailing list (E-mail) Subject: Webdav Hi folks, I'm an network administrator using webdav to share users folder and im running it as root since user need to create, move, copy, delete files. I was wondering first is there a patch or any hack to lower down priviledge because I dislike my server having apache 2.0 running as root. If it doesnt seem to exists i'll code one. So the question is, if I start a patch to lower down down webdav privilege will I loose my time? Martin Ouimet
RE: apache 2.0.43: %b not showing bytes sent but bytes requested
I believe the %b gets its value from the request_rec's bytes_sent member. This field is filled in by the content_length output filter. It is not filled in during the actual send operation. Even if it was filled in following each send, that doesn't mean it was received by the client... in the event of a disconnect, I believe the bytes_sent will always be off. -tony -Original Message- From: David Burry [mailto:[EMAIL PROTECTED]] Sent: Friday, October 11, 2002 1:59 AM To: [EMAIL PROTECTED] Subject: Re: apache 2.0.43: %b not showing bytes sent but bytes requested ok serious problems still... I've sucessfully installed mod_logio (finally), and %O is STILL not logging the actual bytes transferred, but the bytes apache is INTENDING to eventually transfer... if I stop it in the middle by canceling or disconnecting, this number is horribly too big Of course it's a couple bytes larger than %b because of the headers included, but this is still totally useless for the purpose of figuring out if/when/whether the whole file was actually downloaded. Anyone have any ideas why this is so and how to fix it? Is the logging happening completely before the request is finished, could that be the problem? This should also be a concern for anyone who's using mod_logio to charge for bandwidth, because customers should be concerned about some serious overcharging going on here! I had to install libtool 1.4 and m4 1.4 and this was my configure line: ./configure --prefix=/usr/local/apache_2.0.43+logio --enable-logio --enable- usertrack --enable-file-cache --enable-cache --enable-mem-cache --enable-sta tic-support --disable-cgid --disable-cgi --enable-rewrite --with-mpm=worker --disable-userdir Dave - Original Message - From: David Burry [EMAIL PROTECTED] Yes, I've been thinking of experimenting with mod_logio, but I'm a bit hesitant to hack out a patch from (or use whole-hog) CVS HEAD into a production site that gets 3 terabytes of traffic per day and I'm embarassed to admit how much revenue depends on... ;o) Thanks for the link, I'll try that. It won't be as accurate as getting the byte count without the headers, but at least it should be something better than nothing if it works as described... If we're not going to fix %s shouldn't we at least fix the documentation to be more accurate? 2.0 and 1.3 really are quite different here. Dave - Original Message - From: Bojan Smojver [EMAIL PROTECTED] Have you tried using mod_logio? If won't only give you the body bytes, but also the headers bytes. It reports the number of input bytes too and should understand encryption and compression. You can either check it out from Apache CVS (HEAD), or download the patch for 2.0.43 here: http://www.rexursive.com/software.html. You'd use it with %I (for input) and %O (for output). It would be interesting to know if it reports accurately in the case you described...
[PATCH] add datatype to creationdate and getlastmodified property
This is a change that was implemented in mod_dav version 1.0.3. It hasn't been ported to the version of mod_dav included with httpd V 2.0.X. (i.e. modules/dav). This change enables Windows clients using WebFolders to display the value of the creationdate and getlastmodified properties. This is my first submission, so if I've done it incorrectly, please let me know how to do it. Thanks, -tony --- modules/dav/fs/repos.c Fri Nov 30 22:43:02 2001 +++ modules/dav/fs/repos.c.old Fri Nov 30 22:38:32 2001 @@ -1741,7 +1741,6 @@ apr_pool_t *p = resource-info-pool; const dav_liveprop_spec *info; int global_ns; -char *attribs = ; /* an HTTP-date can be 29 chars plus a null term */ /* a 64-bit size can be 20 chars plus a null term */ @@ -1769,9 +1768,6 @@ resource-info-finfo.ctime, buf); value = buf; -attribs = xmlns:b=\urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\ - b:dt=\dateTime.tz\; - break; case DAV_PROPID_getcontentlength: @@ -1792,9 +1788,6 @@ resource-info-finfo.mtime, buf); value = buf; -attribs = xmlns:b=\urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\ - b:dt=\dateTime.rfc1123\; - break; case DAV_PROPID_FS_executable: @@ -1828,8 +1821,8 @@ /* DBG3(FS: inserting lp%d:%s (local %d), ns, scan-name, scan-ns); */ if (what == DAV_PROP_INSERT_VALUE) { -s = apr_psprintf(p, lp%d:%s%s%s/lp%d:%s DEBUG_CR, - global_ns, info-name, attribs, value, global_ns, info-name); + s = apr_psprintf(p, lp%d:%s%s/lp%d:%s DEBUG_CR, + global_ns, info-name, value, global_ns, info-name); } else if (what == DAV_PROP_INSERT_NAME) { s = apr_psprintf(p, lp%d:%s/ DEBUG_CR, global_ns, info-name);