PostgreSQL 8.2.3 + OpenSSL + Apache2 + trac 0.10.3.1
jmt4b04d4v
I recently switched from trac 0.10.2 (windows based with PostgreSQL
8.1.x backend w/o SSL connection) to trac 0.10.3.1 (linux based with
PostgreSQL 8.2.3 backend, new pg uses SSL connections) and now apache
fails to serve our enviroments, see ordinary psql session log:
{{{
Welcome to psql 8.1.8 (server 8.2.3), the PostgreSQL interactive
terminal.
...
...
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
pgprompt=>
}}}
Maybe an Apache2 + OpenSSL issue.
First we switched to trac 0.10.3.1 (Apache-2.0.59 + mod_python-3.3.1)
with our old PostgreSQL backend (8.1.x) and everything was fine.
Then I switched the DB backend to '''PostgreSQL 8.2.3''' (our new
64bit server) and now Apache2 fails to serve our enviroments, pointing
to ''TracEnvParentDir'' I got:
{{{
Available Projects
* project1: Error
(SSL error: cipher or hash unavailable )
* project2: Error
(SSL error: cipher or hash unavailable )
...
}}}
And error_log still shows no valuable information (still not breaks
apache).
But when I enter (explicity) to an specific enviroment I got (an 500
HTTP response):
{{{
Internal Server Error
----
The server encountered an internal error or misconfiguration and was
unable to complete your request.
...
----
Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.8b DAV/2 SVN/1.4.3
mod_python/3.3.1 Python/2.4.4 Server at 192.168.2.52 Port 443
}}}
Then, error_log reveals the problem (LogLevel debug):
{{{
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/db/postgres_backend.py", line
40, in get_connection\n return PostgreSQLConnection(path, user,
password, host, port, params)
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/db/postgres_backend.py", line
114, in __init__\n client_encoding='utf-8', unicode_results=True)
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/pyPgSQL/PgSQL.py", line 2210, in
connect\n return Connection(connInfo, client_encoding,
unicode_results)
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/pyPgSQL/PgSQL.py", line 2365, in
__init__\n raise DatabaseError, m
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52]
DatabaseError: SSL error: cipher or hash unavailable\n
[Thu Apr 05 19:25:43 2007] [debug] ssl_engine_kernel.c(1787): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 05 19:25:43 2007] [info] Connection to child 4 closed with
standard shutdown(server PCDCOM:443, client 192.168.2.52)
}}}
I hardly found ''cipher or hash unavailable'' in google, but none
related to this problem.
As I understand it means ''((Apache/mod_python)?SSL client process
fails to connect to an SSL PostgreSQL secured server''.
I thought it was a python (or pyPgSQL) issue, but '''tracd''' works
fine, then I thought ''mod_python'', but it not depends directly on
SSL (as I know from the build instructions).
Then I thought, an Apache/SSL missconfiguration, but I tested:
{{{
openssl s_client -connect localhost:433 -state -debug
}}}
And didn't found noticeable errors.
I think is a missconfiguration in trac-apache2, maybe a missing
'''PythonOption'''.
Has anybody tried successfully this stack before?:
* Subversion 1.4.3 (works OK with apache)
* Apache-2.0.59
* mod_python-3.3.1
* Python-2.4.4
* trac-0.10.3.1
* OpenSSL-0.9.8b
* PostgreSQL-8.2.3
* some other ones...
Thanks,
jmt4b04d4v
jmt4b04d4v
topics have already recieved responses.
¡Come on!, please, give me a hand.
¿Does mi nickname sound like a Spammer or something like that?, I just
picked this nickname for segurity reasons (suscribed to another
bugzilla based isseu trackers).
On 5 abr, 19:19, "jmt4b04d4v" <jmt4b04...@gmail.com> wrote:
> Help please.
> ...
> ...
> Has anybody tried successfully this stack before?:
>
> * Subversion 1.4.3 (works OK with apache)
> * Apache-2.0.59
> * mod_python-3.3.1
> * Python-2.4.4
> * trac-0.10.3.1
> * OpenSSL-0.9.8b
> * PostgreSQL-8.2.3
> * some other ones...
>
> Thanks,
> jmt4b04d4v
I appreciate any response, even saying ''no clue''...
True identity (mask off),
Johans Marvin Taboada Villca
Emmanuel Blot
> topics have already recieved responses.
May be other topics have easier answers ;-)
There is no guarantee you'll get an answer for every question you ask...
> ¿Does mi nickname sound like a Spammer or something like that?
No, nothing related to your name or nickname.
I can't remember an email in this ML with a similar issue.
Are the other web applications running fine on your server (when using SSL)?
BTW, no need to add ¿ or ¡ in english language
Cheers,
Manu
jmt4b04d4v
To all list, please forgive my disturbance, I'm just in a tight spot.
You are right, no garantee of answer, but I'm confident this is the
best source of solution.
About ''other applications'', no one, it's (still) a dedicated web
server, only serves Subversion repos & trac enviroments (for our dev-
group).
Subversion + Apache2 works fine, even via HTTPS (in this case, apache2
plays the role of SSL server).
tracd works fine, even using the SSL secured DB server.
But using '''apache2+mod_python+trac''', when accessing the SSL
secured DB server, PostgreSQL 8.2.3 (via pyPgSQL) (in this case,
'''apache2+mod_python''' plays the role of SSL client) it drops a
'''DatabaseError''' wich wraps a '''SSL error: cipher or hash
unavailable''' thrown by pyPgSQL ($PYTHON_HOME/site-packages/pyPgSQL/
PgSQL.py, line 2365).
If I'm right, the error is thrown by invoking:
{{{
#$PYTHON_HOME/site-packages/pyPgSQL/PgSQL.py, line 2365
...=PQconnectdb(connInfo)
}}}
Wich I suppose invokes:
$PYTHON_HOME/site-packages/pyPgSQL/libpq/libpqmodule.so
#the real root of problems
BTW, last file has exec permission (755).
I hope this clarifies the escenario.
Thanks again,
Johans Marvin Taboada Villca
John Hampton
> To all list, please forgive my disturbance, I'm just in a tight spot.
If you're in a tight spot, it might be time to look for other options
than apache2+mod_python.
If tracd works, you could try Nginx+tracd[1] or perhaps apache2+fastcgi
works.
Also, I've never experienced your issue, nor have any idea why it might
be so, but the other thing to try is using psycopg2 instead of pyPgSql.
Good luck ;)
-John
jmt4b04d4v
> If you're in a tight spot, it might be time to look for other options
> than apache2+mod_python.
> If tracd works, you could try Nginx+tracd[1] or perhaps apache2+fastcgi
> works.
Thanks for the suggestions John, but I can't switch to another HTTP
server as I have plans to install it (in some time) to a well
stablished server (in my university's server), wich I don't and won't
administer:
* PostgreSQL 8.2.3
* Apache 2.0.59
* Python 2.2.4
* some others described above, and some ones that I will imposse ...
Maybe I will try ''apache2+fastcgi'' tomorrow.
> Also, I've never experienced your issue, nor have any idea why it might
> be so, but the other thing to try is using psycopg2 instead of pyPgSql.
I tried Psycopg 2, and now I have another error-trace:
{{{
...
[Mon Apr 09 22:03:32 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/env.py", line 182, in get_db_cnx
\n return DatabaseManager(self).get_connection()
[Mon Apr 09 22:03:32 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/db/api.py", line 75, in
get_connection\n return self._cnx_pool.get_cnx(self.timeout or
None)
[Mon Apr 09 22:03:32 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/db/pool.py", line 101, in
get_cnx\n cnx = self._connector.get_connection(**self._kwargs)
[Mon Apr 09 22:03:32 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/db/postgres_backend.py", line
40, in get_connection\n return PostgreSQLConnection(path, user,
password, host, port, params)
[Mon Apr 09 22:03:32 2007] [error] [client 192.168.2.52] File "/usr/
local/lib/python2.4/site-packages/trac/db/postgres_backend.py", line
110, in __init__\n cnx = psycopg.connect(' '.join(dsn))
[Mon Apr 09 22:03:32 2007] [error] [client 192.168.2.52]
OperationalError: SSL error: cipher or hash unavailable\n
[Mon Apr 09 22:03:33 2007] [debug] ssl_engine_kernel.c(1787): OpenSSL:
Write: SSL negotiation finished successfully
[Mon Apr 09 22:03:33 2007] [info] Connection to child 1 closed with
standard shutdown(server PCDCOM:443, client 192.168.2.52)
}}}
'''''SSL error: cipher or hash unavailable''''' is still present, only
wrapped by another exception.
> Good luck ;)
Thanks, I could be delayed, but I'll never surrender,
Johans Marvin Taboada Villca
Noah Kantrowitz
> On 9 abr, 15:42, John Hampton <pacopa...@pacopablo.com> wrote:
>> If you're in a tight spot, it might be time to look for other options
>> than apache2+mod_python.
> ...
>> If tracd works, you could try Nginx+tracd[1] or perhaps apache2+fastcgi
>> works.
>
> Thanks for the suggestions John, but I can't switch to another HTTP
> server as I have plans to install it (in some time) to a well
> stablished server (in my university's server), wich I don't and won't
> administer:
>
> * PostgreSQL 8.2.3
> * Apache 2.0.59
> * Python 2.2.4
Do you really mean 2.2? If so you may be out of luck. Trac supports
2.3-2.5, but 2.2 is just too out-of-date for a lot of things.
--Noah
jmt4b04d4v
> jmt4b04d4v wrote:
> > * Python 2.2.4
> Do you really mean 2.2? If so you may be out of luck. Trac supports
OK, this is more that a misspelling! &-D
Sorry, I meant (Python) 2.4.4 (as stated in the first mail, I hope).
Thanks for the correction.
--Johans Marvin Taboada Villca
jmt4b04d4v
-OK, this is more that a misspelling! &-D
+OK, this is more than a misspelling! &-D
Still found no solution, I'll use tracd meanwhile.
I'm asking to openss...@openssl.org about clarifiying me '''cipher
or hash unavailable'''? (SSL Error #138,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE), personally I don't understand it :-
\
I'll be back in the thread anytime.
Greetings, and thanks for your valuable suggestions ;-)
Johans Marvin Taboada Villca
jmt4b04d4v
> ...
> I'll be back in the thread anytime.
>
> Greetings, and thanks for your valuable suggestions ;-)
> Johans Marvin Taboada Villca
SOLVED, I asked same issue at mod_python mailing list and found
positive resolution. It was my fault after all.
I post resolution thread for those interested (and closing thread
purposes):
* http://www.modpython.org/pipermail/mod_python/2007-May/thread.html#23634
Thanks again
--------------------------------------------------------
Johans Marvin Taboada Villca -`^_^´- .o0O( 2007-04-24, Bienvenida
Bebecita )
--------------------------------------------------------
Adm. Laboratorio de Desarrollo de Software
Carreras de Informática y Sistemas
UMSS, Cochabamba
Bolivia
--------------------------------------------------------