View Issue Details

IDProjectCategoryView StatusLast Update
0003255unrealircdpublic2012-10-16 11:06
ReporterdjGrrr Assigned Tosyzop  
Status closedResolutionunable to duplicate 
Platform*OS*OS Version*
Product Version3.2.6 
Summary0003255: Rehashing SSL data radomly fails
Descriptioni can't expalin it but...
on some of my servers, randomly when trying to load a new certificate with /rehash -ssl, i get:
[Mon Mar 5 04:42:26 2007] - djGrrr (djgrrr@localhost) requested a reload of all SSL related data (/rehash -ssl)
[Mon Mar 5 04:42:26 2007] - Failed to load SSL certificate server.cert.pem
[Mon Mar 5 04:42:26 2007] - SSL Reload failed.

and no matter how many times i try /rehash -ssl it won't work, then randomly on some servers it starts working again, but a few i tried several hundred times and nothing.

the certificates are perfectly fine, there are no permission issues, and some of the servers work perfectly.

i don't really know any more info on why its not working, and i don't really know how to debug this further...
TagsNo tags attached.
3rd party modules


child of 0003111 closed 3.2.7 Release 



2007-03-05 21:25

reporter   ~0013275

i wouldn't consider this to be minor, especially considering once you /rehash -ssl and it fails, no further new ssl connections are possible, it just disconnects you instantly


2007-03-06 11:18

administrator   ~0013276

You didn't mention this in your report.

It was designed (and thus, meant to be) failsafe: if /rehash -ssl failed it should be using the old key/cert/etc, just as if you hadn't done the /rehash -ssl at all.


2007-03-06 11:28

administrator   ~0013277

Are you absolutely sure that SSL worked at first and after a failed /rehash -ssl it didn't? Because such a testcase has been tested by multiple people (including me)
So if that would be the case, that would be... odd...

As for the cause of the failed rehash, Failed to load..., I suppose we should append some additional error information to that message so you can find out WHY ;)


2007-03-06 13:33

reporter   ~0013278

yes, i am indeed 100% sure that it worked before the rehash, and failed after;
all the existing connections stayed connected just fine, but all new ssl connections would fail.
and it makes no sense why it would fail at all, since after trying /rehash -ssl a few hundred times it works again, without changing anything.

some additional error information would be great for a failed ssl rehash, but i still don't see how it would just fail to work, then without changing anything, start working again


2007-04-03 10:05

administrator   ~0013339



2007-04-05 09:22

reporter   ~0013344

the resolution in that post is irrelevant, I was remotely rehashing on SSL, and it even happened when i was locally connected via ssl


2007-04-05 15:14

administrator   ~0013346

perhaps not every comment I post here is specially targetted to you...........................


2012-10-16 11:06

administrator   ~0017180

Heh what a 'nice' last comment from me ;P

Anyway, there have only been two reports in 2007 of this, and I was never able to reproduce it (nor anyone else AFAICT). Perhaps it had to do with older OpenSSL versions? Perhaps it's fixed by now in UnrealIRCd?
I'm closing this for now. If anyone still experiences this issue, please re-report! I would love to have a reproducible testcase.

Issue History

Date Modified Username Field Change
2007-03-04 21:48 djGrrr New Issue
2007-03-05 20:00 syzop Severity major => minor
2007-03-05 21:25 djGrrr Note Added: 0013275
2007-03-06 11:18 syzop Note Added: 0013276
2007-03-06 11:28 syzop Note Added: 0013277
2007-03-06 13:33 djGrrr Note Added: 0013278
2007-03-06 13:41 syzop Severity minor => major
2007-04-03 10:05 syzop Relationship added child of 0003111
2007-04-03 10:05 syzop Note Added: 0013339
2007-04-05 09:22 djGrrr Note Added: 0013344
2007-04-05 15:14 syzop Note Added: 0013346
2007-04-18 05:37 stskeeps Status new => acknowledged
2012-10-16 11:06 syzop Note Added: 0017180
2012-10-16 11:06 syzop Status acknowledged => closed
2012-10-16 11:06 syzop Assigned To => syzop
2012-10-16 11:06 syzop Resolution open => unable to duplicate