[Pki-devel] Patch for review - Fix mod_revocator shutdown on 32-bit platforms . . .

* *Bugzilla Bug #716355* <https://bugzilla.redhat.com/show_bug.cgi?id=716355> - mod_revocator does not shut down httpd server if expired CRL is fetched * *Bugzilla Bug #716361* <https://bugzilla.redhat.com/show_bug.cgi?id=716361> - mod_revocator does not bring down httpd server if CRLUpdate fails Please review the attached patch (which should address both Bugzilla Bugs listed above): * https://bugzilla.redhat.com/attachment.cgi?id=529578&action=diff&... TESTING THIS PATCH ON A 32-bit RHEL 5 SYSTEM: # date Fri Oct 21 15:50:26 PDT 2011 # cd /var/log/httpd # /sbin/service httpd start # tail -f error_log [Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 4294967295 bytes [Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest authentication ... [Fri Oct 21 16:58:42 2011] [notice] Digest: done [Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 # date -s "Fri Sep 21 15:50:26 PDT 2012" Fri Sep 21 15:50:26 PDT 2012 # tail -f error_log [Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 4294967295 bytes [Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest authentication ... [Fri Oct 21 16:58:42 2011] [notice] Digest: done [Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Sep 21 15:50:28 2012] [error] CRL http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&cr... CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. Shutting down server pid 25012 [Fri Sep 21 15:50:29 2012] [notice] caught SIGTERM, shutting down # /sbin/service httpd status httpd dead but subsys locked # /sbin/service httpd restart Stopping httpd: [FAILED] Starting httpd: [ OK ] # tail -f error_log [Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 4294967295 bytes [Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest authentication ... [Fri Oct 21 16:58:42 2011] [notice] Digest: done [Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Sep 21 15:50:28 2012] [error] CRL http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&cr... CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. Shutting down server pid 25012 [Fri Sep 21 15:50:29 2012] [notice] caught SIGTERM, shutting down [Fri Sep 21 15:54:30 2012] [notice] core dump file size limit raised to 4294967295 bytes [Fri Sep 21 15:54:30 2012] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Sep 21 15:54:30 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Sep 21 15:54:31 2012] [notice] Digest: generating secret for digest authentication ... [Fri Sep 21 15:54:31 2012] [notice] Digest: done [Fri Sep 21 15:54:31 2012] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Sep 21 15:54:32 2012] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Sep 21 15:54:35 2012] [error] CRL http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&cr... CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. Shutting down server pid 25059 [Fri Sep 21 15:54:39 2012] [warn] child process 25065 still did not exit, sending a SIGTERM [Fri Sep 21 15:54:41 2012] [warn] child process 25065 still did not exit, sending a SIGTERM [Fri Sep 21 15:54:43 2012] [warn] child process 25065 still did not exit, sending a SIGTERM [Fri Sep 21 15:54:45 2012] [error] child process 25065 still did not exit, sending a SIGKILL [Fri Sep 21 15:54:46 2012] [notice] caught SIGTERM, shutting down # /sbin/service httpd status httpd dead but subsys locked # date -s "Fri Oct 21 15:50:26 PDT 2011" Fri Oct 21 15:50:26 PDT 2011 # /sbin/service httpd restart Stopping httpd: [FAILED] Starting httpd: [ OK ] # tail -f error_log [Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 4294967295 bytes [Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest authentication ... [Fri Oct 21 16:58:42 2011] [notice] Digest: done [Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2 [Fri Sep 21 15:50:28 2012] [error] CRL http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&cr... CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. Shutting down server pid 25012 [Fri Sep 21 15:50:29 2012] [notice] caught SIGTERM, shutting down [Fri Sep 21 15:54:30 2012] [notice] core dump file size limit raised to 4294967295 bytes [Fri Sep 21 15:54:30 2012] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Sep 21 15:54:30 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Sep 21 15:54:31 2012] [notice] Digest: generating secret for digest authentication ... [Fri Sep 21 15:54:31 2012] [notice] Digest: done [Fri Sep 21 15:54:31 2012] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Sep 21 15:54:32 2012] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Sep 21 15:54:35 2012] [error] CRL http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&cr... CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. Shutting down server pid 25059 [Fri Sep 21 15:54:39 2012] [warn] child process 25065 still did not exit, sending a SIGTERM [Fri Sep 21 15:54:41 2012] [warn] child process 25065 still did not exit, sending a SIGTERM [Fri Sep 21 15:54:43 2012] [warn] child process 25065 still did not exit, sending a SIGTERM [Fri Sep 21 15:54:45 2012] [error] child process 25065 still did not exit, sending a SIGKILL [Fri Sep 21 15:54:46 2012] [notice] caught SIGTERM, shutting down [Fri Oct 21 15:51:01 2011] [notice] core dump file size limit raised to 4294967295 bytes [Fri Oct 21 15:51:01 2011] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Fri Oct 21 15:51:01 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Oct 21 15:51:03 2011] [notice] Digest: generating secret for digest authentication ... [Fri Oct 21 15:51:03 2011] [notice] Digest: done [Fri Oct 21 15:51:03 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Fri Oct 21 15:51:04 2011] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 [Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2 NOTE: PATCH WAS ALSO TESTED ON A 64-BIT PLATFORM TO DETERMINE THAT NO REGRESSION OCCURRED.