https://bz.apache.org/bugzilla/show_bug.cgi?id=63430
--- Comment #10 from Rainer Jung <[email protected]> --- I can reproduce with 2.4.39, not with 2.4.38. It has to do with using SSL config in a <Proxy> container section. Small repro setup: - using one web server with two VHosts. - One VHost http, one https - Loading mod_ssl, mod_socache_shmcb, mod_proxy, mod_proxy_http - config: Listen 9980 <VirtualHost *:9980> SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://localhost:9943/ # 2.4.39 is olny broken when SSLProxyMachineCertificateFile # is in this <Proxy> container. # 2.4.38 works. <Proxy https://localhost:9943> SSLProxyMachineCertificateFile conf/client.pem </Proxy> </VirtualHost> # Default SSL settings SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLHonorCipherOrder on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/path/to/run/ssl_scache(512000)" SSLSessionCacheTimeout 300 Listen 9943 <VirtualHost _default_:9943> DocumentRoot "/path/to/my/htdocs/virt" ServerName www.example.com ServerAdmin [email protected] SSLEngine on SSLCertificateFile "conf/ssl.crt/server.crt" SSLCertificateKeyFile "conf/ssl.key/server.key" SSLCACertificateFile "conf/client.crt" SSLVerifyClient require SSLVerifyDepth 0 </VirtualHost> - run test using curl http://localhost:9980/ results in HTTP/1.1 502 Proxy Error Diffing proxy and ssl trace8 log lines in error.log shows as the first delta: < ssl_engine_kernel.c(1899): [client ::1:9943] AH02277: Proxy client certificate callback: (...:9980) AH02279: found acceptable cert, sending [subject: CERTDETAILS / issuer: ISSUERDETAILS / serial: 848692B2649501A5 / notbefore: May 15 12:10:22 2019 GMT / notafter: May 14 12:10:22 2022 GMT] > [Wed May 15 14:38:56.282961 2019] [ssl:warn] [pid 14962] - AH02268: Proxy > client certificate callback: (abies-12.kippdata.de:9980) downstream server > wanted client certificate but none are configured The OP had suspected patch r1855918 from PR 63256 as a possible root cause. Will rebuild 2.4.39 without that patch and recheck. Regards, Rainer -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
