HHVM versus PHP-FPM 5.4 vs PHP-FPM 5.5: performance comparison

If you haven't heard of HHVM in the last 2 years, I recommend checking out the website. I won't go into details here. I've even mentioned it briefly on this blog in 2010.

But I was curious: given a stock PHP-FPM 5.4 with APC or 5.5 with OpCache enabled, how much faster would HHVM 3.1.0 be? I decided to load a working Drupal site into a Vagrant VM and do some benchmarks. It's a stock Drupal with Memcached configured, but Drupal's page cache disabled. After all, I want to test PHP's performance (PHP parsing of modules & execution etc.), not serving cached pages. I want it load and execute every module, on every pageload. Read more ›

Tagged with:
Posted in php

HTTPd: Cannot load mod_status.so into server: undefined symbol: ap_copy_scoreboard_worker

Red Hat Enterprise Linux has published a new advisory on July 23rd, RHSA-2014:0920-1. This involves a security update for the Apache2 webserver for configurations that use mod_status in combination with ITK. CentOS then mirrored this update to their repositories as well.

However, if you execute the update, your previous configs may be broken due to the following error.

~# service httpd start
Starting httpd: httpd.itk: Syntax error on line 60 of /etc/httpd/conf/httpd.conf: 
Cannot load /etc/httpd/modules/mod_status.so into server:
/etc/httpd/modules/mod_status.so: undefined symbol: ap_copy_scoreboard_worker


The following bug reports have been reported upstream;

Read more ›

Posted in Devops, Webdevelopment

PHP-FPM environment variables are limited to 1024 chars

Here's something I didn't know: environment variables passed via PHP-FPM to PHP code, are hard-limited to 1024 characters. Not a very big problem per se, but if your environment variables pass the length of 1024 characters, you'll find yourself scratching your head why the PHP-FPM pool won't start. Read more ›

Posted in Devops, php

CVE-2014-0185: PHP-FPM sockets unavailable after updating PHP

Reference: CVE-2014-0185 Read more ›

Tagged with:
Posted in php, Security

OpenSSL: validate that certificate matches / signs the private key

You could probably just try to install your new certificate and private key, reload your webserver config, and see if it works. But that's not very convenient if you want to validate your private key and certificate beforehand.

So, how do you verify that a private key matches your certificate and that they're valid?

Calculate MD5 hash of private key

$ openssl rsa -noout -modulus -in /path/to/your/private.key  2> /dev/null | openssl md5
(stdin)= 3a5a1682678d243b6b8337360b55ff10

Calculate MD5 hash of certificate

$ openssl x509 -noout -modulus -in /path/to/your/certificate.crt 2> /dev/null | openssl md5
(stdin)= 3a5a1682678d243b6b8337360b55ff10

Check if they match

The MD5 hash from the private key and the certificate should be the exact same. If they're not, the private key can not be used together with the certificate and something in the CSR process has probably gone wrong. This can mean a wrong CSR was used, a wrong private key was stored, ... Up to you to find out. ;-)

Tagged with:
Posted in Security