mod_admserv attempts to clear SSL cache without checking if NSS has been initialized which causes an assertion to fail in NSS. #0 0xc000000000325890:0 in kill+0x30 () from /usr/lib/hpux64/libc.so.1 #1 0xc00000000024a1d0:0 in raise+0x30 () from /usr/lib/hpux64/libc.so.1 #2 0xc0000000002e6f90:0 in abort+0x190 () from /usr/lib/hpux64/libc.so.1 #3 0xc000000000b01520:0 in PR_Assert+0xd0 () from /opt/dirsrv/lib/libnspr4.so #4 0xc000000000ffb750:0 in initSessionCacheLocksLazily+0x100 () from /opt/dirsrv/lib/libssl3.so #5 0xc000000000b24e80:0 in PR_CallOnce+0xb0 () from /opt/dirsrv/lib/libnspr4.so #6 0xc000000000ffb850:0 in ssl_InitSessionCacheLocks+0xa0 () from /opt/dirsrv/lib/libssl3.so #7 0xc000000000ffb940:0 in lock_cache+0x30 () from /opt/dirsrv/lib/libssl3.so #8 0xc000000000ffd260:0 in SSL_ClearSessionCache+0x20 () from /opt/dirsrv/lib/libssl3.so #9 0xc00000000094b200:0 in mod_admserv_unload+0x30 () from /opt/dirsrv/lib/modules/mod_admserv.so #10 0xc000000000762e50:0 in apr_pool_clear () at memory/unix/apr_pools.c:2063 #11 0x4000000000058320:0 in main () at main.c:695
Created attachment 434568 [details] fix proposal
This may be the same as https://bugzilla.redhat.com/show_bug.cgi?id=555296
commit 24fd9c4c1af99b2a3c067b633c26c76bf672fb31 Author: Rich Megginson <rmeggins> Date: Wed Oct 20 11:14:24 2010 -0600 Branch: master Fix Description: Check NSS_IsInitialized before clearing caches. We also do an NSS_Shutdown here - with the new NSS fips mode, you cannot load the softoken after a fork unless you have first shutdown NSS - Apache loads and unloads its modules several times during the startup phase, so we have to make sure we completely shutdown NSS when the module is unloaded so that we can load it again and start the NSS engine when the module is re-loaded. Finally, change ldap_unbind_ext_s to just ldap_unbind_ext - ldap_unbind is always asynchronous. This should also fix https://bugzilla.redhat.com/show_bug.cgi?id=555296 Platforms tested: RHEL5 x86_64, Fedora 14 x86_64 Flag Day: no
*** Bug 555296 has been marked as a duplicate of this bug. ***
[root@rheltest etc]# /usr/lib64/dirsrv/modules/mod_admserv.so Segmentation fault (core dumped) [05/May/2011:16:01:45 +051800] - slapd shutting down - signaling operation threads [05/May/2011:16:01:45 +051800] - slapd shutting down - closing down internal subsystems and plugins [05/May/2011:16:01:45 +051800] - Waiting for 4 database threads to stop [05/May/2011:16:01:46 +051800] - All database threads now stopped [05/May/2011:16:01:46 +051800] - slapd stopped. [05/May/2011:16:01:53 +051800] - 389-Directory/1.2.8.3 B2011.123.1759 starting up [05/May/2011:16:01:53 +051800] - slapd started. Listening on All Interfaces port 389 for LDAP requests 271,1 Bot Please guide with steps.
(In reply to comment #5) > [root@rheltest etc]# /usr/lib64/dirsrv/modules/mod_admserv.so > Segmentation fault (core dumped) Running a shared library directly is not supported. > > [05/May/2011:16:01:45 +051800] - slapd shutting down - signaling operation > threads > [05/May/2011:16:01:45 +051800] - slapd shutting down - closing down internal > subsystems and plugins > [05/May/2011:16:01:45 +051800] - Waiting for 4 database threads to stop > [05/May/2011:16:01:46 +051800] - All database threads now stopped > [05/May/2011:16:01:46 +051800] - slapd stopped. > [05/May/2011:16:01:53 +051800] - 389-Directory/1.2.8.3 B2011.123.1759 starting > up > [05/May/2011:16:01:53 +051800] - slapd started. Listening on All Interfaces > port 389 for LDAP requests > > 271,1 Bot > > Please guide with steps. Confirm that you can start, stop, restart, and connect to the admin server using the web interface and the console. Then, configure admin server to use TLS/SSL and try all of the above again. The crash usually happens during admin server startup or shutdown.
When I tried to stop the admin server from the Java Console, it promted back with the below message: Once the Admin Server is stopped, it can not be started remotly from the console. Are you sure you want to stop the server? Yes/ No Clicked yes - Server stopped successfully then executed /etc/init.d/dirsrv-admin start then, Configured SSL for Admin-Server [root@testvm admin-serv]# certutil -d . -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Admin-Cert u,u,u CA certificate CT,, Stopped the Admin server from Java Console [root@testvm admin-serv]# /etc/init.d/dirsrv-admin status dirsrv-admin is stopped Started from Command line [root@testvm admin-serv]# /etc/init.d/dirsrv-admin start Starting dirsrv-admin: [ OK ] [root@testvm admin-serv]# I did not face any server crash here. Hence marking the bug as VERIFIED.