View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003255||unreal||ircd||public||2007-03-04 21:48||2012-10-16 11:06|
|Status||closed||Resolution||unable to duplicate|
|Summary||0003255: Rehashing SSL data radomly fails|
|Description||i can't expalin it but...|
on some of my servers, randomly when trying to load a new certificate with /rehash -ssl, i get:
[Mon Mar 5 04:42:26 2007] - djGrrr (djgrrr@localhost) requested a reload of all SSL related data (/rehash -ssl)
[Mon Mar 5 04:42:26 2007] - Failed to load SSL certificate server.cert.pem
[Mon Mar 5 04:42:26 2007] - SSL Reload failed.
and no matter how many times i try /rehash -ssl it won't work, then randomly on some servers it starts working again, but a few i tried several hundred times and nothing.
the certificates are perfectly fine, there are no permission issues, and some of the servers work perfectly.
i don't really know any more info on why its not working, and i don't really know how to debug this further...
|Tags||No tags attached.|
|3rd party modules|
||i wouldn't consider this to be minor, especially considering once you /rehash -ssl and it fails, no further new ssl connections are possible, it just disconnects you instantly|
You didn't mention this in your report.
It was designed (and thus, meant to be) failsafe: if /rehash -ssl failed it should be using the old key/cert/etc, just as if you hadn't done the /rehash -ssl at all.
Are you absolutely sure that SSL worked at first and after a failed /rehash -ssl it didn't? Because such a testcase has been tested by multiple people (including me)
So if that would be the case, that would be... odd...
As for the cause of the failed rehash, Failed to load..., I suppose we should append some additional error information to that message so you can find out WHY ;)
yes, i am indeed 100% sure that it worked before the rehash, and failed after;
all the existing connections stayed connected just fine, but all new ssl connections would fail.
and it makes no sense why it would fail at all, since after trying /rehash -ssl a few hundred times it works again, without changing anything.
some additional error information would be great for a failed ssl rehash, but i still don't see how it would just fail to work, then without changing anything, start working again
||the resolution in that post is irrelevant, I was remotely rehashing on SSL, and it even happened when i was locally connected via ssl|
||perhaps not every comment I post here is specially targetted to you...........................|
Heh what a 'nice' last comment from me ;P
Anyway, there have only been two reports in 2007 of this, and I was never able to reproduce it (nor anyone else AFAICT). Perhaps it had to do with older OpenSSL versions? Perhaps it's fixed by now in UnrealIRCd?
I'm closing this for now. If anyone still experiences this issue, please re-report! I would love to have a reproducible testcase.
|2007-03-04 21:48||djGrrr||New Issue|
|2007-03-05 20:00||syzop||Severity||major => minor|
|2007-03-05 21:25||djGrrr||Note Added: 0013275|
|2007-03-06 11:18||syzop||Note Added: 0013276|
|2007-03-06 11:28||syzop||Note Added: 0013277|
|2007-03-06 13:33||djGrrr||Note Added: 0013278|
|2007-03-06 13:41||syzop||Severity||minor => major|
|2007-04-03 10:05||syzop||Relationship added||child of 0003111|
|2007-04-03 10:05||syzop||Note Added: 0013339|
|2007-04-05 09:22||djGrrr||Note Added: 0013344|
|2007-04-05 15:14||syzop||Note Added: 0013346|
||Status||new => acknowledged|
|2012-10-16 11:06||syzop||Note Added: 0017180|
|2012-10-16 11:06||syzop||Status||acknowledged => closed|
|2012-10-16 11:06||syzop||Assigned To||=> syzop|
|2012-10-16 11:06||syzop||Resolution||open => unable to duplicate|