https://issues.apache.org/bugzilla/show_bug.cgi?id=49498
Summary: mod_ssl crash on first OCSP stapling client if
SSLUseStapling on is in vhost scope
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [email protected]
'crashing' configuration:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLProtocol all -SSLv2
SSLSessionCache "shmcb:/opt/httpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLStaplingCache "dbm:/opt/httpd/logs/stapling_cache"
<VirtualHost *:443>
ServerName local.example.com
SSLEngine on
SSLUseStapling on
SSLCertificateFile /opt/httpd/conf/exmaple.crt
SSLCertificateKeyFile /opt/httpd/conf/example.key
SSLCertificateChainFile /opt/httpd/conf/gd_intermediate.crt
</VirtualHost>
Moving SSLUseStapling on to the GLOBAL scope is a workaround to the crash.
The bug is in the initialization of global mutex for stapling, if SSL Stapling
is only enabled inside a vhost, the mutex is not initialized, and on the first
attempt to call the OCSP stapling callback, the server will crash.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
