So with the latest update for openssl (dev-libs/openssl-0.9.8f), I've been seeing the following in my error_log with SSL sites:
[Tue Oct 23 10:45:46 2007] [error] unusably short session_id provided (0 bytes)
[Tue Oct 23 10:45:52 2007] [error] unusably short session_id provided (0 bytes)
[Tue Oct 23 11:04:13 2007] [error] unusably short session_id provided (0 bytes)
[Tue Oct 23 11:04:14 2007] [error] unusably short session_id provided (0 bytes)
[Tue Oct 23 11:45:57 2007] [error] unusably short session_id provided (0 bytes)
[Tue Oct 23 11:45:57 2007] [error] unusably short session_id provided (0 bytes)
[Tue Oct 23 11:58:26 2007] [error] unusably short session_id provided (0 bytes)This is definitely a message from Apache related to SSL. In the ssl_scache_shmcb_kill() method in the Apache source code, you can see this chunk of code:
+ if (idlen < 4) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
+ "(%u bytes)", idlen);
+ goto done;
+ }I've posted this on the Gentoo forum, but just getting the 'me too' posts. Anybody know more about this? Anybody know how to fix this?
Thanks!
This is a known problem in openssl-0.9.8f, and you can update to openssl-0.9.8g to fix it. Simply add it to your package.keywords/unmask, and make sure to revdep-rebuild when complete.
Links to more info can be found in your gentoo forum post.
Michael S. Moody
Sr. Systems Engineer
Global Systems Consulting
Direct: (650) 265-4154
Web: http://www.GlobalSystemsConsulting.com