You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/10/11 08:48:40 UTC
DO NOT REPLY [Bug 31633] New: -
proxy client cannot authenticate to remote server / segmentation fault
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31633>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31633
proxy client cannot authenticate to remote server / segmentation fault
Summary: proxy client cannot authenticate to remote server /
segmentation fault
Product: Apache httpd-2.0
Version: 2.0.51
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: Blocker
Priority: Other
Component: mod_proxy
AssignedTo: bugs@httpd.apache.org
ReportedBy: Jean-Louis.Morard@rtc.ch
I use httpd-2.0.52 (but same effect with .51)
When I try to authenticate my proxy server (mod_proxy) to a remote server with
a certificate using the SSLProxyMachineCertificateFile, my httpd child process
exits with a segmentation fault (both in prefork and worker mode). Following
message in error_log (on proxy server):
[Mon Oct 11 07:42:39 2004] [notice] child pid 18156 exit signal Segmentation
fault (11)
Remark: if the remote server has to authenticate itself to the proxy with a
certificate, it works without any problem.
Here is the proxy configuration:
--------------------------------
<VirtualHost 159.29.24.152:443>
ServerName uws0064.rtc.ch
ServerAdmin root@uws0064.rtc.ch
DocumentRoot /export/home/apache2/htdocs
ErrorLog /var/apache/logs/uws0064-error_log
CustomLog /var/apache/logs/uws0064-access_log common
CustomLog /var/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# SSL directives:
SSLEngine On
<Directory />
SSLRequireSSL
</Directory>
SSLProtocol -All +SSLv3 +TLSv1
SSLVerifyClient none
SSLVerifyDepth 10
SSLCertificateKeyFile /etc/apache/ssl.key/uws0064.rtc.ch.key
SSLCertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt
# Configuration for the proxy:
ProxyRequests On
SSLProxyEngine On
ProxyVia On
SSLProxyProtocol -All +SSLv3 +TLSv1
# Remote server has to provide a valid certificate:
# SSLProxyVerify require
# SSLProxyCACertificateFile /etc/apache/ssl.crt/uws0068.rtc.ch.crt
# This server must deliver the remote server a valid certificate:
SSLProxyMachineCertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt
# Other proxy directives:
<Proxy *>
Order deny,allow
Deny from all
Allow from 159.29.0.0/16
ExtFilterOptions DebugLevel=1
SetOutputFilter ebppfilter
</Proxy>
ProxyPass /foo https://uws0068.rtc.ch:443
ProxyPassReverse /foo https://uws0068.rtc.ch:443
</VirtualHost>
Here is the remote server configuration:
---------------------------------------
<VirtualHost 159.29.24.104:443>
ServerAdmin root@uws0068.rtc.ch
DocumentRoot /export/home/apache2/htdocs
ServerName uws0068.rtc.ch
ErrorLog /var/apache/logs/uws0068-error_log
CustomLog /var/apache/logs/uws0068-access_log common
SSLEngine On
SSLProtocol SSLv3 +TLSv1
SSLCertificateKeyFile /etc/apache/ssl.key/uws0068.rtc.ch.key
SSLCertificateFile /etc/apache/ssl.crt/uws0068.rtc.ch.crt
# Client must authenticate himself:
# SSLVerifyClient none
# SSLVerifyClient optional
SSLVerifyClient require
# if SSLVerifyClient require => apache process crashes
(see /var/opt/apache/logs/error_log)
SSLVerifyDepth 10
SSLCACertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt
</VirtualHost>
uws0068-error_log on the remote server:
--------------------------------------
[Mon Oct 11 07:42:39 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O error,
5 bytes expected to read on BIO#263980 [mem: 2b0028]
[Mon Oct 11 07:42:39 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit:
error in SSLv3 read client certificate A
[Mon Oct 11 07:42:39 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit:
error in SSLv3 read client certificate A
[Mon Oct 11 07:42:39 2004] [info] (70014)End of file found: SSL handshake
interrupted by system [Hint: Stop button pressed in browser?!]
[Mon Oct 11 07:42:39 2004] [info] Connection to child 2 closed with abortive
shutdown(server uws0068.rtc.ch:443, client 159.29.24.152)
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org