You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Pavel Matěja <pa...@netsafe.cz> on 2014/02/18 15:53:53 UTC

Segmentation faults when SSLProxyCheckPeerName On

Hi,
since we've enabled SSLProxyCheckPeerName our reverserse proxy I can see
AH00052: child pid 5711 exit signal Segmentation fault (11)
in our logs during Nessus scans.

Backend server has several X509v3 Subject Alternative Names and Nessus sends 
just IP as Host header.

We are running: Apache/2.4.7 (Unix) OpenSSL/1.0.1f

Mod_backtrace says:
**** Crash at 2014-02-18 14:24:22
Process id:  5912
Fatal signal: 11

/apache/modules/mod_backtrace.so:0xb709bede
/apache/modules/mod_whatkilledus.so:0xb709668b
/apache/modules/mod_whatkilledus.so:0xb709686b
/apache/bin/httpd:ap_run_fatal_exception+0x48 0x807b51f
/apache/bin/httpd:0x80a75e7
/apache/bin/httpd:0x80a7622
[0xb774b400]
/lib/libaprutil-1.so.0:apr_brigade_cleanup+0x22 0xb7578535
/lib/libaprutil-1.so.0:0xb757850d
/lib/libapr-1.so.0:0xb75308db
/lib/libapr-1.so.0:apr_pool_destroy+0x52 0xb752fb10
/apache/bin/httpd:0x8092603
/apache/modules/mod_ssl.so:0xb72e0c4f
/apache/bin/httpd:ap_pass_brigade+0x94 0x807d9d1
/apache/modules/mod_ssl.so:0xb72e099f
/apache/bin/httpd:ap_pass_brigade+0x94 0x807d9d1
/apache/bin/httpd:ap_process_request_after_handler+0x9a 0x8104c52
/apache/bin/httpd:ap_process_async_request+0x674 0x8105308
/apache/bin/httpd:ap_process_request+0x1a 0x8105328
/apache/bin/httpd:0x81014c0
/apache/bin/httpd:0x81015c9
/apache/bin/httpd:ap_run_process_connection+0x48 0x80a3ccb
/apache/bin/httpd:ap_process_connection+0x51 0x80a4100
/apache/bin/httpd:0x818d3e9

Anobody seen something similar?
-- 
Pavel Matěja

Re: Segmentation faults when SSLProxyCheckPeerName On

Posted by Kaspar Brand <ht...@velox.ch>.

On 18.02.2014 15:53, Pavel Matěja wrote:
> Hi,
> since we've enabled SSLProxyCheckPeerName our reverserse proxy I can see
> AH00052: child pid 5711 exit signal Segmentation fault (11)
> in our logs during Nessus scans.
> 
> Backend server has several X509v3 Subject Alternative Names and Nessus sends 
> just IP as Host header.
> 
> We are running: Apache/2.4.7 (Unix) OpenSSL/1.0.1f
> 
> Mod_backtrace says:

Are you able to grab a complete stack trace? (I'm not familiar with
reading mod_backtracke output, and the mod_ssl.so lines lack function
names, so it's hard to tell if something went wrong when checking cert
names.)

Is it limited to SSLProxyCheckPeerName on, or does it also occur with
SSLProxyCheckPeerCN on? If the former is true, then it seems that
something in ssl_util_ssl.c:SSL_X509_match_name goes wrong (that's
basically the new code path for this option).

Kaspar