Xen users - Jul 2006 - xen domu and apache2 using ssl

Hello

I''m running debian sarge under xen 3.0.2, kernel 2.6.16.27. I use
customized libc6 packages that work around the libc6 tls problem.

Almost everything works so far, the only thing I can''t get to run is
apache2 using ssl. Apache2 HTTP works. SSL access only leads to
segfaulting apache processes. I''m really at a loss at where to look. I
have recompiled openssl apache2 from scratch.

However as soon as I access a ssl host, the apache child serving the
request crashes.

I doubt it''s a debian bug as this package is stable and no special
tweaks are applied. Does anyone have an Idea what and where I could
look?

Kind regards and thank you

flavio Curti

--
http://no-way.org/~fcu/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

This is a back-trace to my Problem:

(gdb) bt full
#0  0xb798f403 in ssl_engine_disable ()
   from /usr/lib/apache2/modules/mod_ssl.so
   No symbol table info available.
   #1  0x08085a7c in ap_run_pre_connection ()
   No symbol table info available.
   #2  0x08085c56 in ap_process_connection ()
   No symbol table info available.
   #3  0x08076c81 in ap_graceful_stop_signalled ()
   No symbol table info available.
   #4  0x0807744a in ap_graceful_stop_signalled ()
   No symbol table info available.
   #5  0xb7c45196 in apr_threadattr_stacksize_set () from
   /usr/lib/libapr-0.so.0
   No symbol table info available.
   #6  0xb7be7b63 in start_thread () from /lib/tls/libpthread.so.0
   No symbol table info available.
   #7  0xb7b8620a in clone () from /lib/tls/libc.so.6
   No symbol table info available.

I wonder if it''s somethingin pthreads?

On Tue, Jul 25, 2006 at 07:07:22AM +0200, Flavio Curti
wrote:
> Almost everything works so far, the only thing I can''t get to run
is
> apache2 using ssl. Apache2 HTTP works. SSL access only leads to
> segfaulting apache processes. I''m really at a loss at where to
look. I
> have recompiled openssl apache2 from scratch.
> However as soon as I access a ssl host, the apache child serving the
> request crashes.
--
http://no-way.org/~fcu/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 7/25/06, Flavio Curti <lists.fcu@no-way.org>
wrote:
> Hello
>
> I''m running debian sarge under xen 3.0.2, kernel 2.6.16.27.
Are these the Debian Packages from backports? Doesn''t sound like the
kernel version that comes with xen stable sources.
> I use
> customized libc6 packages that work around the libc6 tls problem.
Is this selfmade, or also from some packages? Might be important info
for people to help you...

I don''t know too much about apachae''s dependency on tls libs,
but If
in doubt, the first I''d do is report a bug to the people who built the
packages, which, in case of backports xen packages, is the debian xen
team.

Henning

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Folks,

just to be sure things are not mixed up... there are TWO tls in linux world. 

Transport Layer Security - the thing used for SSL 

Thread Local Storage - the issue with xen

So in other words, to disable tls when using xen has NO effect on SSL
connections of a webserver at all!

cheers,

Mathias


___
www.evoconcept.de


----Original Message----
On 7/25/06, Flavio Curti <lists.fcu@no-way.org>
wrote:
> Hello
>
> I''m running debian sarge under xen 3.0.2, kernel 2.6.16.27.
Are these the Debian Packages from backports? Doesn''t sound like the
kernel version that comes with xen stable sources.
> I use
> customized libc6 packages that work around the libc6 tls problem.
Is this selfmade, or also from some packages? Might be important info
for people to help you...

I don''t know too much about apachae''s dependency on tls libs,
but If
in doubt, the first I''d do is report a bug to the people who built the
packages, which, in case of backports xen packages, is the debian xen
team.

Henning

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 7/25/06, Flavio Curti <lists.fcu@no-way.org>
wrote:
>
> Hello
>
> I''m running debian sarge under xen 3.0.2, kernel 2.6.16.27. I use
> customized libc6 packages that work around the libc6 tls problem.
>
> Almost everything works so far, the only thing I can''t get to run
is
> apache2 using ssl. Apache2 HTTP works. SSL access only leads to
> segfaulting apache processes. I''m really at a loss at where to
look. I
> have recompiled openssl apache2 from scratch.

Just wondering, but did you build your own libssl using your customized
libc6? There might be other dependencies. I think you should check the
dependencies of the packages involved and rebuild those that apache2 depends
of and have dependencies with libssl or libc6.

However as soon as I access a ssl host, the apache child serving
the
> request crashes.
>
> I doubt it''s a debian bug as this package is stable and no special
> tweaks are applied. Does anyone have an Idea what and where I could
> look?

I don''t think this is a Debian bug. You should recheck the dependencies
of
the packages you installed.

Good luck!


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 7/26/06, md@evoconcept.de <md@evoconcept.de>
wrote:
> [...]
> Transport Layer Security - the thing used for SSL
>
> Thread Local Storage - the issue with xen
Yeah, didn''t relize that. thanks for the hint!
>
> So in other words, to disable tls when using xen has NO effect on SSL
connections of a webserver at all!
That might be true, but still, I didn''t even think that Favio
suspected  the root of his problem because of the name similarity, but
because in general some applications can be affected by removing the
tls libs, or installing tls libs which are maybe broken.

Henning

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hello

On Wed, Jul 26, 2006 at 01:07:40PM +0200, Henning Sprang
wrote:
> On 7/25/06, Flavio Curti <lists.fcu@no-way.org> wrote:
> >I''m running debian sarge under xen 3.0.2, kernel 2.6.16.27.
> Are these the Debian Packages from backports? Doesn''t sound like
the
> kernel version that comes with xen stable sources.
No, I built it myself using xen-3.0.2 patch hg9697.
> >I use
> >customized libc6 packages that work around the libc6 tls problem.
> Is this selfmade, or also from some packages? Might be important info
> for people to help you...
I used I package I found[1][2] (after trying the normal ways). In the meantime
I also tried the packages (libc6-xen, apache2, libssl) from debian
testing (etch). Also, the same behaviour.
> I don''t know too much about apachae''s dependency on tls
libs, but If
> in doubt, the first I''d do is report a bug to the people who built
the
> packages, which, in case of backports xen packages, is the debian xen
> team.
I wonder if I have a kernel option enabled that leads to this strange
behaviour...

Kind regards

Flavio

[1] http://www.hodek.net/debian
[2] https://einstein.ki.iif.hu/~szferi/xen/debian/

--
http://no-way.org/~fcu/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users