You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/10 18:21:29 UTC

DO NOT REPLY [Bug 34846] New: - Segmentation fault when using client certificates

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34846>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34846

           Summary: Segmentation fault when using client certificates
           Product: Apache httpd-2.0
           Version: 2.0.53
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apache.org@tisc.de


I created a simple SSL-Setup with client certificates. It initially worked on
another machine (even with same Apache version), but now fails when going into
production.

I have a VirtualHost _default_:443 configured to handle SSL (the machine has
only 1 IP) like this:

<VirtualHost _default_:443>
  # ...ServerName, DocumentRoot, ServerAdmin, Logfiles...

  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
  # first: Server certificate settings
  # server certificate signed by self-made CA
  SSLCertificateFile /etc/apache2/ssl.crt/server2.crt
  # 1024 Bit RSA key without passphrase
  SSLCertificateKeyFile /etc/apache2/ssl.key/server2.key
  # self-signed CA certificate
  SSLCertificateChainFile /etc/apache2/ssl.crt/cacert.crt
 
  # client certificate settings, uses same certificate
  SSLCACertificateFile /etc/apache2/ssl.crt/cacert.crt
  # no CRLs there yet
  SSLCARevocationPath /etc/apache2/ssl.crl
 
  SSLVerifyClient optional
  SSLVerifyDepth 2

  # standard config for IE bugs
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

  # ...some RewriteRules...
</VirtualHost>

When accessing this, the browser correctly prompts for the client certificate.
If I do not chose any, it works. It also works if I disable SSLClientVerify.
As soon as Apache gets a certificate, it fails.

Stack trace (sorry, no debug info):
Program received signal SIGSEGV, Segmentation fault.
0x4041605b in CRYPTO_get_ex_data () from /usr/lib/libcrypto.so.0.9.7
(gdb) bt
#0  0x4041605b in CRYPTO_get_ex_data () from /usr/lib/libcrypto.so.0.9.7
#1  0x00000000 in ?? ()
#2  0x00000000 in ?? ()
#3  0x404712bd in CRYPTO_lock () from /usr/lib/libcrypto.so.0.9.7
#4  0x403b6d0c in ?? () from /usr/lib/libssl.so.0.9.7
#5  0x00000000 in ?? ()
#6  0x00000000 in ?? ()
#7  0x403ac60d in SSL_get_ex_data () from /usr/lib/libssl.so.0.9.7
#8  0x00000000 in ?? ()
#9  0x4037efc4 in ?? () from /usr/lib/apache2-prefork/mod_ssl.so
#10 0x40367e95 in ssl_callback_SSLVerify () from /usr/lib/apache2-prefork/mod_ssl.so
#11 0x40454310 in internal_verify () from /usr/lib/libcrypto.so.0.9.7
#12 0x40367e60 in ssl_callback_SSLVerify_CRL ()
   from /usr/lib/apache2-prefork/mod_ssl.so
Previous frame inner to this frame (corrupt stack?)

I set LogLevel to debug and got this in the VirtualHost-specific log file:
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1786): OpenSSL:
Handshake: start
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
before/accept initialization
[Tue May 10 18:16:58 2005] [debug] ssl_engine_io.c(1621): OpenSSL: read 11/11
bytes from BIO#82821d8 [mem: 8289858] (BIO dump follows)
[...]
[Tue May 10 18:16:58 2005] [debug] ssl_engine_io.c(1621): OpenSSL: read 94/94
bytes from BIO#82821d8 [mem: 8289863] (BIO dump follows)
[...]
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
SSLv3 read client hello A
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
SSLv3 write server hello A
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
SSLv3 write certificate A
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1178): handing out
temporary 1024 bit DH key
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
SSLv3 write key exchange A
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
SSLv3 write certificate request A
[Tue May 10 18:16:58 2005] [debug] ssl_engine_kernel.c(1794): OpenSSL: Loop:
SSLv3 flush data
[Tue May 10 18:17:01 2005] [debug] ssl_engine_io.c(1621): OpenSSL: read 5/5
bytes from BIO#82821d8 [mem: 8289858] (BIO dump follows)
[...]
[Tue May 10 18:17:01 2005] [debug] ssl_engine_io.c(1621): OpenSSL: read
1115/1115 bytes from BIO#82821d8 [mem: 828985d] (BIO dump follows)
[... lots of data containing client certificate...]

That's it. Then, the global error_log says:
[Tue May 10 18:17:01 2005] [notice] child pid 27886 exit signal Segmentation
fault (11)

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org