startssl at boot time
Eric Penfold
eric at epetech.plus.com
Thu Apr 8 04:49:45 PDT 2004
(side note, I'm a lurker, not a subscriber, so this response will probably
break threading. If anyone has suggestions on how best to reply, without
needing to subscribe and be swamped by email, I'd be grateful).
I'm slightly confused as to what your actual problem is, as the logs you've
posted make sense to me with regard to how you generated them. Referring
back to your post (http://docs.freebsd.org/cgi/mid.cgi?4074751E.2070607):
RYAN vAN GINNEKEN wrote:
>This is right ??? the reason i ask is because apache does not start on a
>reboot no ssl or even regular apache.
You then go on to show the log output from doing "apachectl start" vs
"apachectl startssl". Note that the difference between these is very subtle,
and not simply an issue of Is SSL initialised or not.
Specifically, all that additionally happens with "startssl" is that "SSL"
flag is defined, such that <IfDefine SSL> blocks will be evaluted. Note that
with the default ssl.conf, this is where SSLSessionCache, and SSLRandomSeed
are defined (among other things).
So, this explains why you see:
>here is the log output of an
>apache stop then apache start using the script listed below when i use
>apache start only regular apache starts so i then have to issue the
>apache startssl command.
>[... snip ...]
>[Wed Apr 07 13:20:08 2004] [info] Init: Initializing OpenSSL library
>[Wed Apr 07 13:20:08 2004] [info] Init: Seeding PRNG with 0 bytes of entropy
>[... snip ...]
>[Wed Apr 07 13:20:08 2004] [warn] Init: Session Cache is not configured
>[hint: SSLSess
As you say, you have to use startssl.
The likely cause, as Matthew suggested, is lack of randomness.
However, it would help, if you were to post log output from apache starting
up *after a reboot*, rather than from manual startssl/stop, since this is
where (as far as I can understand) the problem lies.
Cheers,
Eric.
More information about the freebsd-questions
mailing list