https://issues.apache.org/bugzilla/show_bug.cgi?id=52630
--- Comment #10 from Kaspar Brand <[email protected]> 2012-02-19 09:42:05 UTC --- (In reply to comment #9) > The same here, I can offer you my config. > > Furhter, I'm not 100% sure this is a apache bug,... it's just the logical > starting point in the search. The "Apache httpd-2" product on issues.apache.org is for reporting bugs (or filing enhancement requests), not for help with troubleshooting and debugging a particular setup. See also http://httpd.apache.org/bug_report.html and http://httpd.apache.org/lists.html#http-users. > What's weird is, that ALL FILEs are read... > Not only the .0 and .r0 files (and their symlink targets) but also .info, > .crl_url, .namespaces, etc.) Not really a surprise, and nothing weird. This happens at startup/reload time when ssl_engine_init.c:ssl_init_ctx_verify() calls ssl_init_FindCAList() to determine the list of acceptable DNs. mod_ssl then simply calls SSL_load_client_CA_file() for every file it finds, that's the reason for all these open() calls. > I also did the same strace, when specifying the absolute path > (/etc/grid-security/certificates/ ... > Basically the same seems to happen there,... same files read,.. same sizes... > just that the SSL handshake works. The output of the open() calls provided in comment 9 has nothing to do with what happens when OpenSSL tries to verify the client cert if SSLCACertificatePath (but no SSLCACertificateFile) is configured. As I wrote in comment 8, it's the stat64() calls which will highlight the issue. If you still maintain that this is not an issue with your particular configuration, then do this: 1) shut down httpd 2) close Firefox 3) as root, execute . /etc/apache2/envvars && strace -fte stat64 /usr/sbin/apache2 -X 2>&1 | grep "stat64.*\.0" 4) start Firefox, open the client-auth protected URL 5) if "Firefox can't access the SSL site": a) provide the output from the above shell command b) provide the log messages from httpd's error log, but *only* for the time shown in the above shell output -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
