RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 748579 - mod_revocator does not bring down httpd server if CRLUpdate fails
Summary: mod_revocator does not bring down httpd server if CRLUpdate fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: mod_revocator
Version: 6.2
Hardware: i386
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On: 716361
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-24 21:36 UTC by Matthew Harmsen
Modified: 2012-01-16 12:48 UTC (History)
7 users (show)

Fixed In Version: mod_revocator-1.0.3-8.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 716361
Environment:
Last Closed: 2011-12-06 19:04:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1769 0 normal SHIPPED_LIVE mod_revocator bug fix update 2011-12-06 01:01:34 UTC

Comment 2 Matthew Harmsen 2011-10-24 23:35:09 UTC 
See source code check-in at https://bugzilla.redhat.com/show_bug.cgi?id=716355#c5
Comment 3 Matthew Harmsen 2011-10-24 23:49:44 UTC 
See release-engineering request at https://bugzilla.redhat.com/show_bug.cgi?id=748577#c4
Comment 6 Kaleem 2011-11-09 06:56:29 UTC 
Verified.

RHEL Version:
[root@dhcp201-155 conf]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.2 Beta (Santiago)

Mod_revocator Version:
[root@dhcp201-155 conf]# rpm -q mod_revocator
mod_revocator-1.0.3-9.el6.i686
[root@dhcp201-155 conf]#

Now when CRL is not fetched and CRLUpdateCritical is on,then mod_revocator brings down httpd and shown in error_log.

[Wed Nov 09 12:21:39 2011] [info] removed PID file /etc/httpd/run/httpd.pid (pid=1421)
[Wed Nov 09 12:21:39 2011] [notice] caught SIGTERM, shutting down
[Wed Nov 09 12:21:39 2011] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Nov 09 12:21:39 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Nov 09 12:21:39 2011] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:39 2011] [info] Init: Initializing (virtual) servers for SSL
[Wed Nov 09 12:21:39 2011] [info] Server: Apache/2.2.15, Interface: mod_nss/2.2.15, Library: NSS/3.12.9.0
[Wed Nov 09 12:21:39 2011] [info] Shutting down SSL Session ID Cache
[Wed Nov 09 12:21:39 2011] [notice] Digest: generating secret for digest authentication ...
[Wed Nov 09 12:21:39 2011] [notice] Digest: done
[Wed Nov 09 12:21:39 2011] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Wed Nov 09 12:21:39 2011] [info] LDAP: SSL support available
[Wed Nov 09 12:21:39 2011] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Wed Nov 09 12:21:39 2011] [info] Server: Apache/2.2.15, Interface: mod_nss/2.2.15, Library: NSS/3.12.9.0
[Wed Nov 09 12:21:39 2011] [info] Parent PID is 1456
[Wed Nov 09 12:21:39 2011] [notice] Apache/2.2.15 (Unix) DAV/2 mod_nss/2.2.15 NSS/3.12.9.0 configured -- resuming normal operations
[Wed Nov 09 12:21:39 2011] [info] Server built: Oct  6 2011 11:07:30
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:39 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Wed Nov 09 12:21:40 2011] [error] Error updating CRL http://cstest.pnq.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL no subject : Unable to connect to remote host
[Wed Nov 09 12:21:40 2011] [error] Unable to load Revocation module, NSS error -8187. 
[Wed Nov 09 12:21:40 2011] [info] removed PID file /etc/httpd/run/httpd.pid (pid=1456)
[Wed Nov 09 12:21:40 2011] [notice] caught SIGTERM, shutting down
Comment 7 errata-xmlrpc 2011-12-06 19:04:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1769.html
Note You need to log in before you can comment on or make changes to this bug.