View previous topic :: View next topic |
Author |
Message |
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Mon Oct 15, 2007 4:19 pm Post subject: unusably short session_id provided? -Apache/PHP |
|
|
Hello All
Started seeing these in the logs today (I coincidentally restarted Apache on 3 boxes.. and now all 3 boxes are showing the error). The weird thing is that I've restarted Apache services in the past, and have not recently upgraded in the last week or so.
Code: | [Mon Oct 15 09:27:59 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:29:15 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:32:12 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:35:00 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:40:55 2007] [error] unusably short session_id provided (0 bytes) |
My version of apache (same on all 3 boxes)
Code: | [ebuild R ] www-servers/apache-2.2.6 USE="mpm-prefork no-suexec ssl -debug -doc -ldap -mpm-event -mpm-itk -mpm-peruser -mpm-worker (-selinux) -static-modules -threads" 4,664 kB |
Any ideas?
Thanks!
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
jexxie Tux's lil' helper
Joined: 12 Oct 2007 Posts: 82 Location: Vancouver, BC
|
Posted: Mon Oct 15, 2007 6:13 pm Post subject: |
|
|
First thought:
Is /dev/urandom or /dev/random still producuing pseudo-random data? |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Mon Oct 15, 2007 7:18 pm Post subject: |
|
|
Yep.. here is a snip:
Code: | 0001b9d0 a1 4f 97 3e 48 66 57 2e ca cb 36 4d 06 79 54 03 |.O.>HfW...6M.yT.|
0001b9e0 3a 31 4b 56 7e 47 36 42 9f f0 45 4f d3 5b a2 67 |:1KV~G6B..EO.[.g|
0001b9f0 1a a1 2f a7 b9 f1 dd 93 c1 fc 3f 36 fd 0a b9 80 |../.......?6....|
0001ba00 21 d3 96 66 2f ff f2 2c cb c2 35 d2 10 32 97 22 |!..f/..,..5..2."|
0001ba10 7e e6 70 22 fe ef 24 c5 51 c3 52 1d 63 f3 b5 af |~.p"..$.Q.R.c...|
0001ba20 a2 12 01 d4 fe 0d bb 49 30 83 b6 8a 4a 89 f9 0d |.......I0...J...|
0001ba30 6a 82 2e e2 f4 d3 4c 57 6f c5 1a aa 35 84 33 a9 |j.....LWo...5.3.|
0001ba40 7c df 09 60 b5 1d 8c 18 7a 4e a6 1d 07 ba ee e7 ||..`....zN......|
0001ba50 28 e0 40 de 31 90 e7 49 fe eb 0b 3e c7 6b 60 65 |(.@.1..I...>.k`e|
0001ba60 93 ca d4 cf f3 fd 89 ff 33 5c 2e 07 4c be 88 28 |........3\..L..(|
0001ba70 32 81 90 36 2e ec 1a 44 a5 a0 a8 2d f4 df e6 62 |2..6...D...-...b|
0001ba80 59 3c ff 19 d7 71 99 d0 4d 10 6d 51 8d bd 0a 1d |Y<...q..M.mQ....|
0001ba90 0b 86 62 28 c4 2d 8e 33 8f ee d4 dc 0e e9 26 6e |..b(.-.3......&n|
0001baa0 7e 17 50 5a a7 0d cd a1 93 13 1d 75 b1 30 d8 d9 |~.PZ.......u.0..|
0001bab0 2e c5 6b db 8f c7 4e 08 15 f6 c5 fd b6 81 51 19 |..k...N.......Q.| |
I wonder if this could be related to binutils upgrade? Here are the last updates I did since last 'good' apache restart (good, meaning these errors were not reported)
Code: | Mon Oct 15 06:52:43 2007 >>> sys-apps/kbd-1.13-r1
Mon Oct 15 07:06:16 2007 >>> sys-devel/binutils-2.18-r1
Mon Oct 15 07:17:36 2007 >>> dev-libs/openssl-0.9.8f
Mon Oct 15 07:30:14 2007 >>> media-libs/pdflib-7.0.2
Mon Oct 15 09:05:08 2007 >>> sys-libs/glibc-2.6.1 |
Thanks!
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Mon Oct 15, 2007 10:31 pm Post subject: |
|
|
Rebuilding apache and PHP.. maybe this will help. Google is yielding nothing on this error.. very strange.
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Mon Oct 15, 2007 10:33 pm Post subject: |
|
|
Actually.. looks like something with openssl
Code: | + if (idlen < 4) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
+ "(%u bytes)", idlen);
+ goto done;
+ } |
BTW.. I did revdep-rebuild after openssl update
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Tue Oct 16, 2007 2:32 am Post subject: |
|
|
Nope.. recompiled Apache.. problem persists. Also, reran the following:
Code: | revdep-rebuild --library libcrypto.so.0.9.7
revdep-rebuild --library libssl.so.0.9.7
|
Didn't notice anything to rebuild.
Anyone else noticing this too?
Thanks!
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
karma n00b
Joined: 15 Dec 2005 Posts: 6 Location: Strasbourg
|
Posted: Wed Oct 17, 2007 8:05 am Post subject: |
|
|
Hi,
I've got this problem too since openssl upgrade. Like you've said, re-emerging apache and openssl doesn't help, and revdep-rebuild is also clean.
I've read something about emerging previous version of openssl, but I haven't tried this yet...
Christophe |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Wed Oct 17, 2007 6:43 pm Post subject: |
|
|
karma wrote: | Hi,
I've got this problem too since openssl upgrade. Like you've said, re-emerging apache and openssl doesn't help, and revdep-rebuild is also clean.
I've read something about emerging previous version of openssl, but I haven't tried this yet...
Christophe |
Ah! So I'm not the only one on the planet with this problem. All my servers are doing this now.
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
Hideki n00b
Joined: 09 Mar 2003 Posts: 74
|
Posted: Thu Oct 18, 2007 3:25 pm Post subject: |
|
|
seeing same... |
|
Back to top |
|
|
planet-admin Apprentice
Joined: 27 Mar 2004 Posts: 213 Location: Boise, ID
|
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1500
|
Posted: Tue Oct 30, 2007 12:35 am Post subject: |
|
|
Awesome. Just upgraded and testing on one box now. Thanks for your help!
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
|