DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31633>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31633 proxy client cannot authenticate to remote server / segmentation fault Summary: proxy client cannot authenticate to remote server / segmentation fault Product: Apache httpd-2.0 Version: 2.0.51 Platform: Sun OS/Version: Solaris Status: NEW Severity: Blocker Priority: Other Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I use httpd-2.0.52 (but same effect with .51) When I try to authenticate my proxy server (mod_proxy) to a remote server with a certificate using the SSLProxyMachineCertificateFile, my httpd child process exits with a segmentation fault (both in prefork and worker mode). Following message in error_log (on proxy server): [Mon Oct 11 07:42:39 2004] [notice] child pid 18156 exit signal Segmentation fault (11) Remark: if the remote server has to authenticate itself to the proxy with a certificate, it works without any problem. Here is the proxy configuration: -------------------------------- <VirtualHost 159.29.24.152:443> ServerName uws0064.rtc.ch ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/apache2/htdocs ErrorLog /var/apache/logs/uws0064-error_log CustomLog /var/apache/logs/uws0064-access_log common CustomLog /var/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # SSL directives: SSLEngine On <Directory /> SSLRequireSSL </Directory> SSLProtocol -All +SSLv3 +TLSv1 SSLVerifyClient none SSLVerifyDepth 10 SSLCertificateKeyFile /etc/apache/ssl.key/uws0064.rtc.ch.key SSLCertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt # Configuration for the proxy: ProxyRequests On SSLProxyEngine On ProxyVia On SSLProxyProtocol -All +SSLv3 +TLSv1 # Remote server has to provide a valid certificate: # SSLProxyVerify require # SSLProxyCACertificateFile /etc/apache/ssl.crt/uws0068.rtc.ch.crt # This server must deliver the remote server a valid certificate: SSLProxyMachineCertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt # Other proxy directives: <Proxy *> Order deny,allow Deny from all Allow from 159.29.0.0/16 ExtFilterOptions DebugLevel=1 SetOutputFilter ebppfilter </Proxy> ProxyPass /foo https://uws0068.rtc.ch:443 ProxyPassReverse /foo https://uws0068.rtc.ch:443 </VirtualHost> Here is the remote server configuration: --------------------------------------- <VirtualHost 159.29.24.104:443> ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/apache2/htdocs ServerName uws0068.rtc.ch ErrorLog /var/apache/logs/uws0068-error_log CustomLog /var/apache/logs/uws0068-access_log common SSLEngine On SSLProtocol SSLv3 +TLSv1 SSLCertificateKeyFile /etc/apache/ssl.key/uws0068.rtc.ch.key SSLCertificateFile /etc/apache/ssl.crt/uws0068.rtc.ch.crt # Client must authenticate himself: # SSLVerifyClient none # SSLVerifyClient optional SSLVerifyClient require # if SSLVerifyClient require => apache process crashes (see /var/opt/apache/logs/error_log) SSLVerifyDepth 10 SSLCACertificateFile /etc/apache/ssl.crt/uws0064.rtc.ch.crt </VirtualHost> uws0068-error_log on the remote server: -------------------------------------- [Mon Oct 11 07:42:39 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O error, 5 bytes expected to read on BIO#263980 [mem: 2b0028] [Mon Oct 11 07:42:39 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: error in SSLv3 read client certificate A [Mon Oct 11 07:42:39 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: error in SSLv3 read client certificate A [Mon Oct 11 07:42:39 2004] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Mon Oct 11 07:42:39 2004] [info] Connection to child 2 closed with abortive shutdown(server uws0068.rtc.ch:443, client 159.29.24.152) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
