https://issues.apache.org/bugzilla/show_bug.cgi?id=52212
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |FixedInTrunk Hardware|PC |All OS|Linux |All --- Comment #3 from Kaspar Brand <[email protected]> --- (In reply to comment #0) > Further investigation using gdb and testing showed that having the private > key before the certificate in SSLProxyMachineCertificateFile was triggering > the segfault. Changing this file to have the certificate first resolved the > issue. > > I'd suggest applying the above patch to avoid the segfault and at least > updating the SSLProxyMachineCertificateFile documentation to say that the > certificate should come before the private key. > > Note that this issue does not occur in Apache/2.2.11 with OpenSSL/0.9.8k but > does also occur in Apache/2.2.17 with OpenSSL/1.0.0c. This observation is correct. It's actually caused by a regression in OpenSSL 1.0.0 and later, as reported here, in the meantime: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3028 With OpenSSL up to 0.9.8, the order doesn't matter. In this case, however, the check for encrypted private keys is insufficient, as found when dealing with bug 54698. An additional fix has been committed to trunk in r1467593. Backport proposals for 2.2.x and 2.4.x submitted with r1467594. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
