https://issues.apache.org/bugzilla/show_bug.cgi?id=48824
Summary: Segfault when using SSLProxyMachineCertificateFile
Product: Apache httpd-2
Version: 2.2.12
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [email protected]
I'm running an Apache/2.2.14(Unix) + mod_ssl/2.2.14 + mpm_worker as reverse
proxy. Everything with SSL worked fine so far (including verifying
clientcerts). Now, I wanted Apache to use some certs when talking to the
backends.
I'm experiencing the same issue on 2.2.12, and the following information refers
to this .12 version.
---$ /usr/sbin/apache2 -V
Server version: Apache/2.2.12 (Ubuntu)
Server built: Nov 12 2009 22:49:46
Server's Module Magic Number: 20051115:23
Server loaded: APR 1.3.8, APR-Util 1.3.9
Compiled using: APR 1.3.8, APR-Util 1.3.9
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
---My minimal httpd.conf:
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
User www-data
Group www-data
ServerRoot /tmp/
DocumentRoot /
ServerName localhost
SSLSessionCache shm:tmp/ssl_memcache_gcache_data(512000)
SSLProxyEngine On
SSLProxyMachineCertificateFile /tmp/cert_bundle.pem
PidFile /tmp/apache.pid
LogLevel debug
# same issue when "warn"
ErrorLog error.log
Listen *:60000
<VirtualHost *:60000>
</VirtualHost>
---The error.log:
...
[Fri Feb 26 15:59:31 2010] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Feb 26 15:59:31 2010] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Feb 26 15:59:31 2010] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Feb 26 15:59:31 2010] [info] Init: Initializing (virtual) servers for SSL
[Fri Feb 26 15:59:31 2010] [debug] ssl_engine_init.c(414): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 26 15:59:31 2010] [debug] ssl_engine_init.c(962): loaded 2 client
certs for SSL proxy
[Fri Feb 26 15:59:31 2010] [debug] ssl_engine_init.c(414): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 26 15:59:31 2010] [debug] ssl_engine_init.c(962): loaded 2 client
certs for SSL proxy
[Fri Feb 26 15:59:31 2010] [info] mod_ssl/2.2.12 compiled against Server:
Apache/2.2.12, Library: OpenSSL/0.9.8g
---$ strace /usr/sbin/apache2 -f /tmp/httpd.conf -k start -X
...
time(NULL) = 1267196371
gettimeofday({1267196371, 499570}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [info"..., 91) = 91
semget(IPC_PRIVATE, 1, IPC_CREAT|0600) = 884756
semctl(884756, 0, IPC_64|SETVAL, 0xbf9fda48) = 0
geteuid32() = 1000
gettimeofday({1267196371, 499894}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [info"..., 79) = 79
gettimeofday({1267196371, 500032}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [debu"..., 117) = 117
open("/tmp/cert_bundle.pem", O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=8975, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7750000
read(6, "\nCertificate:\n Data:\n "..., 4096) = 4096
read(6, "AkEAzJqe7AJ9Z/8+69qmp1efjkxGtUPL"..., 4096) = 4096
read(6, "lJapNxFZONG+4dqDQ+Ne9A9NLp5lGLym"..., 4096) = 783
read(6, "", 4096) = 0
close(6) = 0
munmap(0xb7750000, 4096) = 0
gettimeofday({1267196371, 501361}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [debu"..., 95) = 95
gettimeofday({1267196371, 501498}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [debu"..., 117) = 117
open("/tmp/cert_bundle.pem", O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=8975, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7750000
read(6, "\nCertificate:\n Data:\n "..., 4096) = 4096
read(6, "AkEAzJqe7AJ9Z/8+69qmp1efjkxGtUPL"..., 4096) = 4096
read(6, "lJapNxFZONG+4dqDQ+Ne9A9NLp5lGLym"..., 4096) = 783
read(6, "", 4096) = 0
close(6) = 0
munmap(0xb7750000, 4096) = 0
gettimeofday({1267196371, 502821}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [debu"..., 95) = 95
gettimeofday({1267196371, 502969}, NULL) = 0
write(2, "[Fri Feb 26 15:59:31 2010] [info"..., 113) = 113
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
---GDB-Backtrace (sorry, no -g):
$ gdb --args /usr/sbin/apache2 -f /tmp/httpd.conf -k start -X
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc...
Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/sbin/apache2 -f /tmp/httpd.conf -k start -X
[Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault.
0x00390a8f in CRYPTO_add_lock () from /lib/i686/cmov/libcrypto.so.0.9.8
(gdb) bt
#0 0x00390a8f in CRYPTO_add_lock () from /lib/i686/cmov/libcrypto.so.0.9.8
#1 0x0041e9ad in asn1_do_lock () from /lib/i686/cmov/libcrypto.so.0.9.8
#2 0x0041b2f4 in ?? () from /lib/i686/cmov/libcrypto.so.0.9.8
#3 0x0041b4e8 in ASN1_item_free () from /lib/i686/cmov/libcrypto.so.0.9.8
#4 0x00415317 in X509_CRL_free () from /lib/i686/cmov/libcrypto.so.0.9.8
#5 0x0041560d in X509_INFO_free () from /lib/i686/cmov/libcrypto.so.0.9.8
#6 0x003f8c28 in sk_pop_free () from /lib/i686/cmov/libcrypto.so.0.9.8
#7 0x002ed878 in ?? () from /usr/lib/apache2/modules/mod_ssl.so
#8 0x00c4aed8 in ?? () from /usr/lib/libapr-1.so.0
#9 0x00c49ffe in apr_pool_clear () from /usr/lib/libapr-1.so.0
#10 0x0083f8fd in main () from /usr/sbin/apache2
(gdb)
---My SSLProxyMachineCertificateFile contains:
Certificate:
Data:
Version: 3 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=lk, ST=lkj, L=lkj, O=lkj, OU=lkj, CN=ca
asd/emailaddress=...@$
Validity
Not Before: Feb 16 16:00:00 2010 GMT
Not After : Feb 16 16:00:00 2011 GMT
Subject: C=lk, ST=lkj, O=lkj, OU=lkj, CN=cert 2
ccert/emailaddress=...@$
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d5:83:0f:03:5e:a9:b6:08:16:2e:c2:7d:1e:b7:
...
28:b2:55:e3:df:64:ed:8e:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
...other stuff
Signature Algorithm: md5WithRSAEncryption
74:e8:8d:3f:57:0a:33:94:37:7b:bc:31:b9:81:71:5c...
-----BEGIN CERTIFICATE-----
TLSdtQnWynaZERayZO2BOXmAvd/m8xIkqM3ffmiLJbIwGu5vNBu3AvhQv2CJM...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDVgw8DXqm2CBYuwn0et9N5rO8uwSDPdiaFMSJisyxcW0S9+...
-----END RSA PRIVATE KEY-----
+one other cert directly following (same issue when using only one cert)
Read about segfault for missing a private key or loglevel debug, but that
doesn't seem to fit here.
Thanks in advance:
Florian Schröder
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
