https://issues.apache.org/bugzilla/show_bug.cgi?id=56306
--- Comment #3 from Kaspar Brand <[email protected]> --- Created attachment 31458 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31458&action=edit Only read "active" values from the mctx->pks->key_files array (In reply to Timo R. from comment #2) Thank you for the detailed information. > The output with the workaround in place is: > > http://bpaste.net/show/194089/ I assume that you disabled the two global-level SSLCertificateFile and SSLCertificateKeyFile directives for this case, is that correct? (The "Server certificates" list includes 11 entries, i.e. one per <VirtualHost *:443> block.) > In a state where it fails it looks like this: > > http://bpaste.net/show/194091/ Here we find 27 entries in the server certificates list (and still 11 <VirtualHost *:443> blocks), so it's obvious that merging the global and the per-vhost settings has somewhat surprising effects. The three-layer Include structure in your config makes it relatively hard to follow what SSLCertificate/SSLCertificateKeyFile directives are active for which VirtualHost (and what config exactly was used for the output at http://bpaste.net/show/194091/), but from looking at the code in ssl_engine_init.c and the errors shown in the description above, the problem seems to be that we try to read a bogus value for the SSLCertificateKeyFile directive. Could you try to apply the attached patch to 2.4.9? This should make the garbled log messages go away - but it might not yet fix the underlying issue, which probably needs further work (in particular when looking at the order of merging the global and per-vhost settings). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
