You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/10/26 04:19:45 UTC

DO NOT REPLY [Bug 50155] New: httpd -s attempts to read SSL certificates

https://issues.apache.org/bugzilla/show_bug.cgi?id=50155

           Summary: httpd -s attempts to read SSL certificates
           Product: Apache httpd-2
           Version: 2.0.52
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: sparr0@gmail.com


I am attempting to get the status of a running httpd and a list of its vhosts.
Both of these commands
httpd -s
httpd -t -D DUMP_VHOSTS
insist on reading in the SSL certificates for defined https vhosts, which fails
for non-root users who can't read those files but are otherwise able to
interact with httpd.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50155] httpd -s attempts to read SSL certificates

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50155

Kaspar Brand <as...@velox.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lingpeng123321@hotmail.com

--- Comment #4 from Kaspar Brand <as...@velox.ch> 2012-03-10 06:04:15 UTC ---
*** Bug 52867 has been marked as a duplicate of this bug. ***

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50155] httpd -s attempts to read SSL certificates

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50155

Joe Orton <jo...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #1 from Joe Orton <jo...@redhat.com> 2011-02-12 09:40:41 EST ---
This is expected; "httpd -t" is intended to check the validity of the config
file and testing for existence of the cert/key files is one of the validity
tests.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50155] httpd -s attempts to read SSL certificates

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50155

Joe Orton <jo...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |NEEDINFO

--- Comment #3 from Joe Orton <jo...@redhat.com> 2011-02-25 12:00:23 EST ---
I can't see mod_ssl opening certs in -t mode here.  The code doesn't show that
either; it shows a stat() of the cert file, not an open().

# strace httpd -t -D DUMP_VHOSTS 2>&1 | grep /etc/pki
stat("/etc/pki/tls/certs/localhost.crt", {st_mode=S_IFREG|0600, st_size=1115,
...}) = 0
stat("/etc/pki/tls/private/localhost.key", {st_mode=S_IFREG|0600, st_size=887,
...}) = 0

Please show e.g. the strace output for httpd failing in open().

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50155] httpd -s attempts to read SSL certificates

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50155

Clarence Risher <sp...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |

--- Comment #2 from Clarence Risher <sp...@gmail.com> 2011-02-12 14:05:50 EST ---
Testing for the existence of the cert/key files is not the issue here.
Attempting to open them is. If THAT is intended behavior then please re-WONTFIX
this.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org