Apache 2: Großes error_log nach Einbindung von SSL Zertifikat

Apache, Lighttpd, nginx, Cherokee
marvet
Posts: 36
Joined: 2006-07-11 10:44

Apache 2: Großes error_log nach Einbindung von SSL Zertifikat

Post by marvet » 2007-09-04 17:08

Hallo zusammen,

ich habe unter Debian einen Apache 2.2.4 / OpenSSL 0.9.8c mit einem Vhost konfiguriert, für den auch ein SSL Zertifikat (Thawte) vorliegt. Das Zertifikat ist installiert und der Zugriff per SSL/HTTPS auf den Vhost funktioniert auch.

Seitdem ich das Zertifikat für den Vhost eingerichtet habe, wird das error_log für den Vhost bei jedem Request mit Einträgen (debug) wie im Anhang beschrieben. Diese Einträge enthalten jeweils einen "BIO DUMP", der meißt wesentlich länger ist als in dem Auszug im Anhang. Ein Eintrag im error_log für einen einzelnen Request kann auch 300-500 Zeilen lang sein. Das Resultat sind extrem große error_logs.

Hat jemand eine Idee, woher diese Einträge stammen und wie ich diese unterbinden kann?

Vorab Vielen Dank für Eure Untersützung!

Beste Grüße,
Markus

Code: Select all

Vhost
<VirtualHost xxx.xxx.xxx.xxx:443>
    ServerName xxxxxxxx.com
    [...]
    SSLEngine on
    SSLCertificateFile /usr/local/apache/conf/ssl/xxxxxxxx.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl/xxxxxxxx.key
    SSLCACertificatePath /usr/local/apache/conf/ssl/
    SSLSessionCacheTimeout 300
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    [ ... ]
    CustomLog logs/xxxxxxxx/access_log
    ErrorLog logs/xxxxxxxx/error_log
</VirtualHost>


Code: Select all

Auszug aus error_log (1 Request MSIE 7.0.5730.11, 128 Bit Verschlüssleungsstärke)

[Mon Sep 03 17:33:05 2007] [info] [client xxx.xxx.xxx.xxx] Connection to child 2 established (server xxxxxxxx.com:443)
[Mon Sep 03 17:33:05 2007] [info] Seeding PRNG with 136 bytes of entropy
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#83e5b58 [mem: 8360708] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0000: 16 03 01 00 61 01 00 00-5d 03 01                 ....a...]..      |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 91/91 bytes from BIO#83e5b58 [mem: 8360713] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0000: 46 dd 6c 86 97 a1 0d 87-a9 49 45 e6 61 17 74 24  F.l......IE.a.t$ |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0010: 24 5c 84 0f 96 ec bf ce-7f e9 6c 6d 4c b6 e3 73  $\........lmL..s |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0020: 20 fb 16 26 e4 30 99 da-41 e9 1c 54 2b a8 16 00   ..&.0..A..T+... |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0030: 06 86 44 08 c1 d8 c8 16-9d f8 87 8e e2 97 db e3  ..D............. |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0040: fc 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00  ............d.b. |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0050: 03 00 06 00 13 00 12 00-63 01                    ........c.       |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1751): | 0091 - <SPACES/NULS>
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(720): inside shmcb_retrieve_session
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(732): id[0]=251, masked index=27
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(1195): entering shmcb_lookup_session_id
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(983): entering shmcb_expire_division
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(1205): loop=0, count=1, curr_pos=0
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(1209): idx->s_id2=22, id[1]=22, offset=0
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(1226): at index 0, found possible session match
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(1245): a match!
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(748): leaving shmcb_retrieve_session
[Mon Sep 03 17:33:05 2007] [debug] ssl_scache_shmcb.c(435): shmcb_retrieve had a hit
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1598): Inter-Process Session Cache: request=GET status=FOUND id=FB1626E43099DA41E91C542BA8160006864408
C1D8C8169DF8878EE297DBE3FC (session reuse)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change cipher spec A
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 5/5 bytes from BIO#83e5b58 [mem: 8360708] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0000: 14 03 01 00 01                                   .....            |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 1/1 bytes from BIO#83e5b58 [mem: 836070d] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0000: 01                                               .                |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 5/5 bytes from BIO#83e5b58 [mem: 8360708] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0000: 16 03 01                                         ...              |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1751): | 0005 - <SPACES/NULS>
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 32/32 bytes from BIO#83e5b58 [mem: 836070d] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0000: 70 66 12 04 e5 98 35 d4-a7 9c bc 59 73 3c 5a 9f  pf....5....Ys<Z. |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1747): | 0010: fe f1 1b 05 fb b1 9c de-b4 80 95 14 4c 67 6a cb  ............Lgj. |
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read finished A
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done
[Mon Sep 03 17:33:05 2007] [info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 5/5 bytes from BIO#83e5b58 [mem: 8360708] (BIO dump follows)
[Mon Sep 03 17:33:05 2007] [info] Initial (No.1) HTTPS request received for child 2 (server xxxxxxxx.com:443)
[Mon Sep 03 17:33:05 2007] [info] [client xxx.xxx.xxx.xxx] Connection closed to child 2 with unclean shutdown (server xxxxxxxx.com:443)
[Mon Sep 03 17:33:05 2007] [info] [client xxx.xxx.xxx.xxx] Connection to child 3 established (server xxxxxxxx.com:443)
[Mon Sep 03 17:33:05 2007] [info] Seeding PRNG with 136 bytes of entropy
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Mon Sep 03 17:33:05 2007] [debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#83e5b58 [mem: 8360708] (BIO dump follows)

rootsvr
Posts: 538
Joined: 2005-09-02 11:12

Re: Apache 2: Großes error_log nach Einbindung von SSL Zertifikat

Post by rootsvr » 2007-09-04 19:20

Du hast irgendwo dein logging auf debug geschaltet.. das ist ne Nummer zu hoch!

marvet
Posts: 36
Joined: 2006-07-11 10:44

Re: Apache 2: Großes error_log nach Einbindung von SSL Zertifikat

Post by marvet » 2007-09-04 19:32

Ich habe jetzt wirklich mit allem gerechnet, aber nicht mit so einer Kleinigkeit... ;-)

Vielen Dank!

Beste Grüße,
Markus