You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2015/10/11 16:08:26 UTC
SSLProxyMachineCertificateFile: file '.../t/conf/ssl/ca/asf/proxy/client_ok.pem'
does not exist or is empty
I am trying to run the test framework with ssl and http2 on AIX.
There is no system openssl 1.0.2, and the system perl is 32-bit and
also rather old.
I have a 32-bit and 64-bit openssl squirreld away in ~. I initially
had some problems with httpd under the test framework and openssl
command line tools in my path, as well as some CPAN modules to be
forced to use the new openssl. AFAICT they are all resolved.
But where I'm at now is this complaint at startup:
SSLProxyMachineCertificateFile: file
'/home/covener/SRC/httpd-framework/t/conf/ssl/ca/asf/proxy/client_ok.pem'
does not exist or is empty
That directory is empty, but no errors are issued after t/TEST -clean
and t/TEST and even removing everything under t/conf and svn up'ing.
Any ideas on debugging this?
Re: SSLProxyMachineCertificateFile: file
'.../t/conf/ssl/ca/asf/proxy/client_ok.pem' does not exist or is empty
Posted by Rainer Jung <ra...@kippdata.de>.
Am 11.10.2015 um 16:08 schrieb Eric Covener:
> I am trying to run the test framework with ssl and http2 on AIX.
>
> There is no system openssl 1.0.2, and the system perl is 32-bit and
> also rather old.
>
> I have a 32-bit and 64-bit openssl squirreld away in ~. I initially
> had some problems with httpd under the test framework and openssl
> command line tools in my path, as well as some CPAN modules to be
> forced to use the new openssl. AFAICT they are all resolved.
>
> But where I'm at now is this complaint at startup:
>
> SSLProxyMachineCertificateFile: file
> '/home/covener/SRC/httpd-framework/t/conf/ssl/ca/asf/proxy/client_ok.pem'
> does not exist or is empty
>
>
> That directory is empty, but no errors are issued after t/TEST -clean
> and t/TEST and even removing everything under t/conf and svn up'ing.
>
> Any ideas on debugging this?
I've got three pem files there:
6275 Oct 11 12:04 t/conf/ssl/ca/asf/proxy/client_ok.pem
5808 Oct 11 12:04 t/conf/ssl/ca/asf/proxy/client_revoked.pem
5813 Oct 11 12:04 t/conf/ssl/ca/asf/proxy/client_snakeoil.pem
The generation e.g. of the ok file happens at the test startup. I get
the following output (maybe because of t/TEST -v):
[ info] openssl genrsa -out keys/client_ok.pem 2048
Generating RSA private key, 2048 bit long modulus
..............+++
.........................................................................................+++
e is 65537 (0x10001)
[ info] openssl req -new -key keys/client_ok.pem -out
csr/client_ok.csr -passin pass:httpd -passout pass:httpd -config
conf/client_ok.cnf
[ info] openssl ca -policy policy_anything -in csr/client_ok.csr -out
certs/client_ok.crt -passin pass:httpd -config conf/client_ok.cnf -batch
-extensions client_ok_ext
Using configuration from conf/client_ok.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :ASN.1 12:'California'
localityName :ASN.1 12:'San Francisco'
organizationName :ASN.1 12:'ASF'
organizationalUnitName:ASN.1 12:'httpd-test'
commonName :ASN.1 12:'client_ok'
emailAddress :IA5STRING:'test-dev@httpd.apache.org'
Certificate is to be certified until Oct 10 10:04:20 2016 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
[ info] openssl pkcs12 -export -in certs/client_ok.crt -inkey
keys/client_ok.pem -out export/client_ok.p12 -passin pass:httpd -passout
pass:httpd
[ info] generating proxy cert: proxy/client_ok.pem
I think they are generated using
Apache-Test/lib/Apache/TestSSLCA.pm
which contains the following line:
my $openssl = $ENV{APACHE_TEST_OPENSSL_CMD} || 'openssl';
So maybe setting APACHE_TEST_OPENSSL_CMD to the full path of your 1.0.2
openssl commandline binary will help.
Regards,
Rainer