With the SSLMutex option the user could (in 1.3.x) ask for file based or semaphore based locking. Now mod_ssl asks apr for the default mechanism. Which is not a bad thing, but the option values should reflect what is provided. I suggest using the same options as for the AcceptMutex option or using a backward compatible style: sem = sysvsem file: = flock | fcntl (whatever is preferred on the platform)
Created attachment 1794 [details] new config behaviour
The patch changes the SSLMutex command and offers these options: default | yes none | no fcntl flock sysvsem posixsem pthread sem = sysvsem | posixsem file: = fcntl | flock The meaning of "yes" changes to "default", "sem" will use either Sys V or Posix semaphores (the former are preferred) and file will use either Fcntl or Flock (preferring Fcntl). The command remains (reasonably) backward compatible and is now in sync with the AcceptMutex command.
Created attachment 1801 [details] Remove debug output in ssl_engine_config.c else same as the previous which is btw a proposed fix.
[This is a mass bug update.] This bug reports a problem in an older version of Apache 2. Could you please update to the most recent version and see if you can reproduce this problem. If the bug still exists, please update the bug with the latest version number. If the bug no longer exists, please close the bug report. Sorry for this impersonal response, but we get many more bug reports than our volunteers can keep up with. Thanks for using Apache!
[This is a mass bug update.] [Resolve-20021102] No response from submitter; assuming issue is resolved. If the problem still exists in the lastest version, please reopen this report and update appropriately.
This is a behavior change. I don't see where we have considered this patch yet, so reopening the report. Thanks for keeping up with the stale reports, Joshua!
S'funny. I didn't even see this (old) "bug" and had just send email to dev@ proposing the same sort of thing. I'm a very big +1 on this.
Can you please verify the options available now in the latest source base (HEAD includes Jim's patch), and close the PR if you think the problem is resolved. Thanks -Madhu
Sounds ok looking at the code. In ssl_engine_mutex.c it would have been nice to us verbose eror reporting in ssl_mutex_init and friends. See below for the relevant code of my original patch (it did help a lot while tracking bugs): + status = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, mc->nMutexMech, p); + if (status != APR_SUCCESS) { + char buf[120]; + + apr_strerror(status, buf, sizeof(buf)); + if (mc->szMutexFile) + ssl_log(s, SSL_LOG_ERROR, + "Failed to create global mutex lock using file `%s': %s", + mc->szMutexFile, buf); + else + ssl_log(s, SSL_LOG_ERROR, + "Failed to create global mutex lock: %s", buf);
Ok, the patch is backported to 2.0.45 to honor the full range of SSLMutex flavors, mirroring the AcceptMutex core directive.
Please look at bug 19182, ssl.conf needs to be updated.