You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/11 22:44:48 UTC
DO NOT REPLY [Bug 34877] New: -
Re-negotiation verification step failed
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34877>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34877
Summary: Re-negotiation verification step failed
Product: Apache httpd-2.0
Version: 2.0.54
Platform: Other
OS/Version: other
Status: NEW
Severity: critical
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: w.peter.howell@meccahosting.com
Summary:
The child process segfaults with a "Re-negotiation verification step failed"
handling an SSL connection with a per-directory SSL configuration.
Configuration:
System: RedHat v9 (2.4.28 kernel), 1.3GHz Intel Celeron, 512MB RAM.
Apache:
CFLAGS="-O2"; export CFLAGS; ./configure --prefix=/usr/local/apache
--with-mpm=worker --enable-so --enable-deflate --enable-cgi
--enable-mods-shared=all --with-z=../zlib-1.2.2 --enable-ssl
--with-ssl=../openssl-0.9.7g
Server version: Apache/2.0.54
Server built: May 10 2005 22:31:11
Server's Module Magic Number: 20020903:9
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local/apache"
-D SUEXEC_BIN="/usr/local/apache/bin/suexec"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Configuration:
ssl.conf
<Directory "/home/www/internal">
SSLCACertificatePath /usr/local/ssl/certs
SSLCACertificateFile /usr/local/ssl/certs/ThawteServerCA.cer
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth +StdEnvVars +OptRenegotiate
SSLCipherSuite ALL:!RC4
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 168
Options ExecCGI
AuthType Basic
AuthName "Restricted Website"
AuthUserFile "/home/http/passwd"
require valid-user
</Directory>
Details:
The problem seems to revolve around the use of +OptRenegotiate; however, if
the option is left off, we get an "SSL Re-negotiation in conjunction with POST
method not supported! hint: try SSLOptions +OptRenegotiate" message.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org