Received: (qmail 44671 invoked by uid 501); 20 Jul 2001 16:23:19 -0000 Message-Id: <20010720162319.44670.qmail@apache.org> Date: 20 Jul 2001 16:23:19 -0000 From: Vojtech Minarik Reply-To: vminarik@ips-ag.cz To: submit@bugz.apache.org Subject: Service startup of Apache+modssl in WinNT4 X-Send-Pr-Version: 3.110 >Number: 8055 >Category: os-windows >Synopsis: Service startup of Apache+modssl in WinNT4 >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: suspended >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Jul 20 09:30:01 PDT 2001 >Closed-Date: >Last-Modified: Mon Sep 24 10:11:17 PDT 2001 >Originator: vminarik@ips-ag.cz >Release: 2.0 >Organization: >Environment: Win NT4.0 Server SP6, MSIE 5.5 >Description: I have already posted this problem to mod_ssl bug report pages, but there was no response for 7 days and I also think that such a problem will occur with any module, which has a bit longer startup, and is therefore more general and not related only to mod_ssl. So I decided to put it here. Any help would be very appreciated. There is a problem if we start Apache 1.3.20 (with modssl-2.8.4-1.3.20) as a Windows service when using "SSLPassPhraseDialog exec:....." in httpd.conf, i.e. external pass phrase program to supply password for server's private key. The Apache service starts succesfully, but it takes too long and during the execution of the external pass phrase program Apache does not report its service status to the Windows Service Manager. So if the whole mod_ssl startup including the pass phrase program takes too long, some kind timeout in Windows is reached and we get the following Windows error message box: "Could not start the Apache service on \\computer error 2186. The service is not responding to the control function." The error message box can be safely ignored because the service starts succesfully anyway but it is very unpleasant. All this is especially noticable in Windows NT4 on a slow computer (200Mhz, slow harddisk). Even a simple .bat file which immediately sends the password is not quick enough and the mod_ssl startup takes too long. If we use an external GUI pass phrase program, which must wait for the user to type in the pass phrase, it is naturally even worse. Note: it is necessary to allow service interaction with desktop for this. >How-To-Repeat: In Windows NT4, build, install and configure Apache 1.3.20 with mod_ssl 2.8.4-1.3.20. In httpd.conf, set the SSLPassPhraseDialog parameter like this: SSLPassPhraseDialog "exec:c:/sendpass.bat" and make the .bat file wait for several seconds and after that actually send the passphrase with "@echo passphrase". Try to start the Apache service. If the .bat file executes long enough (10 second should be more than enough), you should get the behavior descripted above. >Fix: Maybe before any module initialization a new Apache thread could be created, which would then report the service "starting" status to Windows and stop reporting it after all modules are initialized and Apache is actually running. After that Apache would report its "running" status as usually. >Release-Note: >Audit-Trail: State-Changed-From-To: open-suspended State-Changed-By: wrowe State-Changed-When: Mon Sep 24 10:11:17 PDT 2001 State-Changed-Why: Nothing to do with our distribution, mod_ssl is developed by others. I'm flagging as suspended, as we may need to review this bug in Apache 2.0, and your report is logged for other 1.3 users to search. Release-Changed-From-To: 1.3.20-2.0 Release-Changed-By: wrowe Release-Changed-When: Mon Sep 24 10:11:17 PDT 2001 >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]