You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/10/11 08:48:40 UTC

DO NOT REPLY [Bug 31633] New: - proxy client cannot authenticate to remote server / segmentation fault

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31633>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31633

proxy client cannot authenticate to remote server / segmentation fault

           Summary: proxy client cannot authenticate to remote server /
                    segmentation fault
           Product: Apache httpd-2.0
           Version: 2.0.51
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: Jean-Louis.Morard@rtc.ch


I use httpd-2.0.52 (but same effect with .51)
When I try to authenticate my proxy server (mod_proxy) to a remote server with 
a certificate using the SSLProxyMachineCertificateFile, my httpd child process 
exits with a segmentation fault (both in prefork and worker mode). Following 
message in error_log (on proxy server):
[Mon Oct 11 07:42:39 2004] [notice] child pid 18156 exit signal Segmentation 
fault (11)

Remark: if the remote server has to authenticate itself to the proxy with a 
certificate, it works without any problem.

Here is the proxy configuration:
--------------------------------
<VirtualHost 159.29.24.152:443>
	ServerName uws0064.rtc.ch
	ServerAdmin root@uws0064.rtc.ch
	DocumentRoot /export/home/apache2/htdocs
	ErrorLog /var/apache/logs/uws0064-error_log
	CustomLog /var/apache/logs/uws0064-access_log common
	CustomLog /var/apache/logs/ssl_request_log \
	  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# SSL directives:
	SSLEngine On
	<Directory />
		SSLRequireSSL
	</Directory>
	SSLProtocol -All +SSLv3 +TLSv1
	SSLVerifyClient none
	SSLVerifyDepth	 10
	SSLCertificateKeyFile /etc/apache/ssl.key/uws0064.rtc.ch.key
	SSLCertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt
# Configuration for the proxy:
	ProxyRequests On
	SSLProxyEngine On
	ProxyVia On
	SSLProxyProtocol -All +SSLv3 +TLSv1
# Remote server has to provide a valid certificate:
#	SSLProxyVerify require
#	SSLProxyCACertificateFile /etc/apache/ssl.crt/uws0068.rtc.ch.crt
# This server must deliver the remote server a valid certificate:
	SSLProxyMachineCertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt
# Other proxy directives:
	<Proxy *>
                Order deny,allow
		Deny from all
		Allow from 159.29.0.0/16
		ExtFilterOptions DebugLevel=1
		SetOutputFilter ebppfilter
	</Proxy>
	ProxyPass /foo https://uws0068.rtc.ch:443
	ProxyPassReverse /foo https://uws0068.rtc.ch:443
</VirtualHost>

Here is the remote server configuration:
---------------------------------------
<VirtualHost 159.29.24.104:443>
	ServerAdmin root@uws0068.rtc.ch
	DocumentRoot /export/home/apache2/htdocs
	ServerName uws0068.rtc.ch
	ErrorLog /var/apache/logs/uws0068-error_log
	CustomLog /var/apache/logs/uws0068-access_log common
	SSLEngine On
	SSLProtocol SSLv3 +TLSv1
	SSLCertificateKeyFile /etc/apache/ssl.key/uws0068.rtc.ch.key
	SSLCertificateFile /etc/apache/ssl.crt/uws0068.rtc.ch.crt
# Client must authenticate himself:
#	SSLVerifyClient none
#	SSLVerifyClient optional
	SSLVerifyClient require
# if SSLVerifyClient require => apache process crashes 
(see /var/opt/apache/logs/error_log)
	SSLVerifyDepth	 10
	SSLCACertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt
</VirtualHost>

uws0068-error_log on the remote server:
--------------------------------------
[Mon Oct 11 07:42:39 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O error, 
5 bytes expected to read on BIO#263980 [mem: 2b0028]
[Mon Oct 11 07:42:39 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: 
error in SSLv3 read client certificate A
[Mon Oct 11 07:42:39 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: 
error in SSLv3 read client certificate A
[Mon Oct 11 07:42:39 2004] [info] (70014)End of file found: SSL handshake 
interrupted by system [Hint: Stop button pressed in browser?!]
[Mon Oct 11 07:42:39 2004] [info] Connection to child 2 closed with abortive 
shutdown(server uws0068.rtc.ch:443, client 159.29.24.152)

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org