You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Simon Donally <si...@vcontractor.co.za> on 2003/02/21 10:28:54 UTC

[users@httpd] https page cannot be displayed

Hi List Users

I have installed apache 1.3.27 and openSSL-0.9.6g on a Solaris 2.6 machine, I downloaded these packages in precompiled form and installed them using pkgadd. 

When I initially installed the packages and started apache using httpd -DSSL, I could access both the usual unencrypted page on port 8080 using http and the encrypted page on port 8443 using https.

I used curl and the http address of the encrypted page to try and grab the secure page, the version of curl I'm using utilizes a different version of openssl namely 0.96b. This resulted in apache crashing.

>From this time onwards I am unable to access the secure page, apache starts up correctly and appears to carry out all the communications with openssl that it used to.

I have tried removing and reinstalling both apache and openssl, I have tried changing the port to 8444, I have activated all the logs that I can find in the httpd file as shown below. I have also removed the old version of openssl and curl.

I use the command bash-2.02# openssl s_client -connect localhost:8444 -state -debug to test the handshaking between openssl and apache, I don't appear to receive a page. The handshaking however appears to be normal.

When I query the processes I notice that there are eight httpd sessions when I only started one. I'm not sure if this is normal.

bash-2.02# ps -eaf | grep DSSL
  nobody 24804 24749  0 10:47:47 ?        0:00 httpd -DSSL
  nobody  6069 24749  0 11:04:35 ?        0:00 httpd -DSSL
  nobody 24777 24749  0 10:47:46 ?        0:00 httpd -DSSL
  nobody 24851 24749  0 10:47:48 ?        0:00 httpd -DSSL
    root 20412 21503  0 11:26:12 pts/3    0:00 grep DSSL
  nobody 25147 24749  0 10:48:16 ?        0:00 httpd -DSSL
    root 24749     1  0 10:47:45 ?        0:00 httpd -DSSL
  nobody 24764 24749  0 10:47:46 ?        0:01 httpd -DSSL
  nobody 24822 24749  0 10:47:48 ?        0:00 httpd -DSSL

I have tried removing all the cached pages from my browser and ensuring that the browser is configured to accept the SSL protocols.

The logs don't appear to give me any helpful information.

I would be most grateful for any advice regarding this matter

Regards

Simon Donally

OpenSSL

-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1035 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 512 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: E07DD6231C114C72B9F8E03644F04951BFB0A846F555EF863917D47013C938BD
    Session-ID-ctx: 
    Master-Key: 19C9DEA0B4F83A7421EA07B0DD1AEA677D886AA16ACC0794C0FCB8062DE4EFA03E605D5DE753794EEAAE5EEE1D2038F4
    Key-Arg   : None
    Start Time: 1045818125
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
read from 001529E8 [0015A010] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 18                                    .....
read from 001529E8 [0015A015] (24 bytes => 24 (0x18))
0000 - 0b ab 91 a4 e1 57 43 1c-78 2d 1f 9f a4 5e c5 45   .....WC.x-...^.E
0010 - ef 5e 86 a9 c8 e5 39 5b-                          .^....9[
SSL3 alert read:warning:close notify
closed
write to 001529E8 [0015E820] (29 bytes => 29 (0x1D))
0000 - 15 03 01 00 18 f4 ca 7a-c5 ee 81 bc cd 10 b3 6d   .......z.......m
0010 - fa 97 40 be 22 c2 44 d6-60 a0 2c 8a 0a            ..@.".D.`.,..
SSL3 alert write:warning:close notify

LOGS

bash-2.02# tail -f ssl_scache.pag
¢,¤" f9c2bd1378613d47c52a8e3d92f52abcà}Ö#Lr¹øà6DðIQ¿°¨FõUï?9ÔpÉ8½^C`]]çSyNê®^î 8ô¡>Uë


bash-2.02# tail -f ssl_request_log
[13/Feb/2003:15:06:32 +0200] 10.111.7.71 SSLv3 RC4-MD5 "GET / HTTP/1.0" 2673
[13/Feb/2003:15:06:32 +0200] 10.111.7.71 SSLv3 RC4-MD5 "GET /manual/images/apache_pb.gif HTTP/1.0" 1806
[13/Feb/2003:15:06:33 +0200] 10.111.7.71 SSLv3 RC4-MD5 "GET /manual/images/openssl_ics.gif HTTP/1.0" 2063
[13/Feb/2003:15:06:33 +0200] 10.111.7.71 SSLv3 RC4-MD5 "GET /manual/images/feather.jpg HTTP/1.0" 7108
[13/Feb/2003:15:06:33 +0200] 10.111.7.71 SSLv3 RC4-MD5 "GET /manual/images/mod_ssl_sb.gif HTTP/1.0" 2007
[21/Feb/2003:08:56:04 +0200] 10.111.7.79 "GET /mod_ssl:error:HTTP-request HTTP/1.0" 532
[21/Feb/2003:10:36:22 +0200] 127.0.0.1 "-" -
[21/Feb/2003:11:07:08 +0200] 127.0.0.1 "-" -


bash-2.02# tail -f ssl_engine_log
[21/Feb/2003 11:02:07 24764] [trace] OpenSSL: Loop: SSLv3 read finished A
[21/Feb/2003 11:02:07 24764] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[21/Feb/2003 11:02:07 24764] [trace] OpenSSL: Loop: SSLv3 write finished A
[21/Feb/2003 11:02:07 24764] [trace] OpenSSL: Loop: SSLv3 flush data
[21/Feb/2003 11:02:07 24764] [trace] Inter-Process Session Cache (DBM) Expiry: old: 1, new: 1, removed: 0
[21/Feb/2003 11:02:07 24764] [trace] Inter-Process Session Cache: request=SET status=OK id=E07DD6231C114C72B9F8E03644F04951BFB0A846F555EF863917D47013C938BD timeout=298s (session caching)
[21/Feb/2003 11:02:07 24764] [trace] OpenSSL: Handshake: done
[21/Feb/2003 11:02:07 24764] [info]  Connection: Client IP: 127.0.0.1, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits)
[21/Feb/2003 11:07:08 24764] [trace] OpenSSL: Write: SSL negotiation finished successfully
[21/Feb/2003 11:07:08 24764] [info]  Connection to child 0 closed with standard shutdown (server 196.41.143.131:8444, client 127.0.0.1)


bash-2.02# tail -f agent_log
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Klondike/1.12 (HTTP Win)
Klondike/1.12 (HTTP Win)
Klondike/1.12 (HTTP Win)
Klondike/1.12 (HTTP Win)
Klondike/1.12 (HTTP Win)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)


bash-2.02# 
bash-2.02# tail -f access_log
10.111.195.51 - - [21/Feb/2003:10:48:15 +0200] "GET / HTTP/1.1" 200 1456
10.111.195.51 - - [21/Feb/2003:10:48:24 +0200] "GET / HTTP/1.1" 200 1456
10.111.7.71 - - [21/Feb/2003:10:49:15 +0200] "GET / HTTP/1.0" 200 1456
10.111.7.79 - - [21/Feb/2003:10:50:24 +0200] "GET / HTTP/1.0" 200 1456
10.111.7.71 - - [21/Feb/2003:10:50:51 +0200] "GET / HTTP/1.0" 200 1456
10.111.7.79 - - [21/Feb/2003:11:00:44 +0200] "GET / HTTP/1.0" 200 1456
10.111.7.79 - - [21/Feb/2003:11:00:44 +0200] "GET /apache_pb.gif HTTP/1.0" 200 2326
10.111.7.79 - - [21/Feb/2003:11:01:43 +0200] "GET / HTTP/1.0" 200 1456
10.111.7.79 - - [21/Feb/2003:11:04:34 +0200] "GET / HTTP/1.0" 200 1456
127.0.0.1 - - [21/Feb/2003:11:07:08 +0200] "-" 408 -


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org