You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/11 22:44:48 UTC

DO NOT REPLY [Bug 34877] New: - Re-negotiation verification step failed

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34877>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34877

           Summary: Re-negotiation verification step failed
           Product: Apache httpd-2.0
           Version: 2.0.54
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: w.peter.howell@meccahosting.com


Summary:
  The child process segfaults with a "Re-negotiation verification step failed"
handling an SSL connection with a per-directory SSL configuration.

Configuration:
  System: RedHat v9 (2.4.28 kernel), 1.3GHz Intel Celeron, 512MB RAM.
  Apache:

CFLAGS="-O2"; export CFLAGS; ./configure --prefix=/usr/local/apache
--with-mpm=worker --enable-so --enable-deflate --enable-cgi
--enable-mods-shared=all --with-z=../zlib-1.2.2 --enable-ssl
--with-ssl=../openssl-0.9.7g

Server version: Apache/2.0.54
Server built:   May 10 2005 22:31:11
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/worker"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/local/apache"
 -D SUEXEC_BIN="/usr/local/apache/bin/suexec"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

Configuration:
 ssl.conf

<Directory "/home/www/internal">
  SSLCACertificatePath /usr/local/ssl/certs
  SSLCACertificateFile /usr/local/ssl/certs/ThawteServerCA.cer

  SSLVerifyClient require
  SSLVerifyDepth 5
  SSLOptions +FakeBasicAuth +StdEnvVars +OptRenegotiate

  SSLCipherSuite ALL:!RC4
  SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 168

  Options ExecCGI

  AuthType Basic
  AuthName "Restricted Website"
  AuthUserFile "/home/http/passwd"
  require valid-user
</Directory>

Details:
  The problem seems to revolve around the use of +OptRenegotiate; however, if
the option is left off, we get an "SSL Re-negotiation in conjunction with POST
method not supported! hint: try SSLOptions +OptRenegotiate" message.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org