Bug 748579 - mod_revocator does not bring down httpd server if CRLUpdate fails
mod_revocator does not bring down httpd server if CRLUpdate fails
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: mod_revocator (Show other bugs)
6.2
i386 Linux
urgent Severity urgent
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
:
Depends On: 716361
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-24 17:36 EDT by Matthew Harmsen
Modified: 2012-01-16 07:48 EST (History)
7 users (show)

See Also:
Fixed In Version: mod_revocator-1.0.3-8.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 716361
Environment:
Last Closed: 2011-12-06 14:04:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Comment 2 Matthew Harmsen 2011-10-24 19:35:09 EDT
See source code check-in at https://bugzilla.redhat.com/show_bug.cgi?id=716355#c5
Comment 3 Matthew Harmsen 2011-10-24 19:49:44 EDT
See release-engineering request at https://bugzilla.redhat.com/show_bug.cgi?id=748577#c4
Comment 6 Kaleem 2011-11-09 01:56:29 EST
Verified.

RHEL Version:
[root@dhcp201-155 conf]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.2 Beta (Santiago)

Mod_revocator Version:
[root@dhcp201-155 conf]# rpm -q mod_revocator
mod_revocator-1.0.3-9.el6.i686
[root@dhcp201-155 conf]#

Now when CRL is not fetched and CRLUpdateCritical is on,then mod_revocator brings down httpd and shown in error_log.

[Wed Nov 09 12:21:39 2011] [info] removed PID file /etc/httpd/run/httpd.pid (pid=1421)
[Wed Nov 09 12:21:39 2011] [notice] caught SIGTERM, shutting down
[Wed Nov 09 12:21:39 2011] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Nov 09 12:21:39 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Nov 09 12:21:39 2011] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:39 2011] [info] Init: Initializing (virtual) servers for SSL
[Wed Nov 09 12:21:39 2011] [info] Server: Apache/2.2.15, Interface: mod_nss/2.2.15, Library: NSS/3.12.9.0
[Wed Nov 09 12:21:39 2011] [info] Shutting down SSL Session ID Cache
[Wed Nov 09 12:21:39 2011] [notice] Digest: generating secret for digest authentication ...
[Wed Nov 09 12:21:39 2011] [notice] Digest: done
[Wed Nov 09 12:21:39 2011] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Wed Nov 09 12:21:39 2011] [info] LDAP: SSL support available
[Wed Nov 09 12:21:39 2011] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Wed Nov 09 12:21:39 2011] [info] Server: Apache/2.2.15, Interface: mod_nss/2.2.15, Library: NSS/3.12.9.0
[Wed Nov 09 12:21:39 2011] [info] Parent PID is 1456
[Wed Nov 09 12:21:39 2011] [notice] Apache/2.2.15 (Unix) DAV/2 mod_nss/2.2.15 NSS/3.12.9.0 configured -- resuming normal operations
[Wed Nov 09 12:21:39 2011] [info] Server built: Oct  6 2011 11:07:30
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [error] Error updating CRL http://cstest.pnq.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL no subject : Unable to connect to remote host
[Wed Nov 09 12:21:40 2011] [error] Unable to load Revocation module, NSS error -8187. 
[Wed Nov 09 12:21:40 2011] [info] removed PID file /etc/httpd/run/httpd.pid (pid=1456)
[Wed Nov 09 12:21:40 2011] [notice] caught SIGTERM, shutting down
Comment 7 errata-xmlrpc 2011-12-06 14:04:05 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1769.html

Note You need to log in before you can comment on or make changes to this bug.