You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Schettler, Marty L." <Ma...@leidos.com> on 2018/10/12 20:26:44 UTC
[users@httpd] Reverse proxy not sending certificate
My reverse proxy config doesn't work with SSL any more as I try to upgrade from 2.4.29 to 2.4.34.
My config:
SSLProxyEngine On
SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt
SSLProxyCACertificatePath /etc/cacerts
<Location /proxy>
ProxyPass https://host01:9443/p
ProxyPassReverse https://host01:9443/p
SSLVerifyClient require
</Location>
Again, this works just fine with 2.4.29. However, in 2.4.34 I get a 502 in my browser "Error reading from remote server" and my httpd log file has a warning "AH02268: Proxy client callback: (host01:443) downstream server wanted client certificate but none are configured." Is this possible related to PR 62232? If so, I thought it would have been fixed in 2.4.32.
Any help is greatly appreciated!!
Marty
Re: [users@httpd] Reverse proxy not sending certificate
Posted by Rainer Jung <ra...@kippdata.de>.
Am 18.10.2018 um 17:32 schrieb Schettler, Marty L.:
> Good advice. Thanks! However, I just retested with 2.4.35 and I get the
> exact same results as with 2.4.34. Any other ideas? I’d welcome a
> workaround too.
Could well be
http://svn.apache.org/viewvc?rev=1844226&view=rev
which is still missing in 2.4.35. It will be part of the fortcoming
2.4.37, but you can also easily apply the small change to your 2.4.35
sources if you build yourself. You only need to add the two lines marked
with a leading "+" sign here:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?r1=1844226&r2=1844225&pathrev=1844226
Regards,
Rainer
> *From:*William A Rowe Jr [mailto:wrowe@rowe-clan.net]
> *Sent:* Friday, October 12, 2018 6:26 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Reverse proxy not sending certificate
>
> A number of regressions are fixed in 2.4.35, please retest against that
> version.
>
> On Fri, Oct 12, 2018, 15:27 Schettler, Marty L.
> <Martin.L.Schettler@leidos.com <ma...@leidos.com>>
> wrote:
>
> My reverse proxy config doesn’t work with SSL any more as I try to
> upgrade from 2.4.29 to 2.4.34.
>
> My config:
>
> SSLProxyEngine On
>
> SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt
>
> SSLProxyCACertificatePath /etc/cacerts
>
> <Location /proxy>
>
> ProxyPass https://host01:9443/p
>
> ProxyPassReverse https://host01:9443/p
>
> SSLVerifyClient require
>
> </Location>
>
> Again, this works just fine with 2.4.29. However, in 2.4.34 I get a
> 502 in my browser “Error reading from remote server” and my httpd
> log file has a warning “AH02268: Proxy client callback: (host01:443)
> downstream server wanted client certificate but none are
> configured.” Is this possible related to PR 62232? If so, I thought
> it would have been fixed in 2.4.32.
>
> Any help is greatly appreciated!!
>
> Marty
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Reverse proxy not sending certificate
Posted by "Schettler, Marty L." <Ma...@leidos.com>.
Good advice. Thanks! However, I just retested with 2.4.35 and I get the exact same results as with 2.4.34. Any other ideas? I’d welcome a workaround too.
Thanks!
From: William A Rowe Jr [mailto:wrowe@rowe-clan.net]
Sent: Friday, October 12, 2018 6:26 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Reverse proxy not sending certificate
A number of regressions are fixed in 2.4.35, please retest against that version.
On Fri, Oct 12, 2018, 15:27 Schettler, Marty L. <Ma...@leidos.com>> wrote:
My reverse proxy config doesn’t work with SSL any more as I try to upgrade from 2.4.29 to 2.4.34.
My config:
SSLProxyEngine On
SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt
SSLProxyCACertificatePath /etc/cacerts
<Location /proxy>
ProxyPass https://host01:9443/p
ProxyPassReverse https://host01:9443/p
SSLVerifyClient require
</Location>
Again, this works just fine with 2.4.29. However, in 2.4.34 I get a 502 in my browser “Error reading from remote server” and my httpd log file has a warning “AH02268: Proxy client callback: (host01:443) downstream server wanted client certificate but none are configured.” Is this possible related to PR 62232? If so, I thought it would have been fixed in 2.4.32.
Any help is greatly appreciated!!
Marty
Re: [users@httpd] Reverse proxy not sending certificate
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
A number of regressions are fixed in 2.4.35, please retest against that
version.
On Fri, Oct 12, 2018, 15:27 Schettler, Marty L. <
Martin.L.Schettler@leidos.com> wrote:
> My reverse proxy config doesn’t work with SSL any more as I try to upgrade
> from 2.4.29 to 2.4.34.
>
>
>
> My config:
>
>
>
> SSLProxyEngine On
>
> SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt
>
> SSLProxyCACertificatePath /etc/cacerts
>
>
>
> <Location /proxy>
>
> ProxyPass https://host01:9443/p
>
> ProxyPassReverse https://host01:9443/p
>
> SSLVerifyClient require
>
> </Location>
>
>
>
>
>
> Again, this works just fine with 2.4.29. However, in 2.4.34 I get a 502 in
> my browser “Error reading from remote server” and my httpd log file has a
> warning “AH02268: Proxy client callback: (host01:443) downstream server
> wanted client certificate but none are configured.” Is this possible
> related to PR 62232? If so, I thought it would have been fixed in 2.4.32.
>
>
>
> Any help is greatly appreciated!!
>
>
>
> Marty
>