Does anyone have information on this error? The cherokee server is running
an ecommerce site and my client is greatly troubled by this issue. I can
restart cherokee with a cron job periodically, but that really isn't a great
fix.
I've compiled 0.99.43 and 0.99.42 using the following configuration:
with options "'--with-wwwgroup=www-data' '--with-wwwuser=www-data'
'--with-wwwroot=/var/www/default' '--prefix=/' '--exec-prefix=/usr/local/'
'--with-mysql=no'"
It is compiled on Debian Lenny (fully up to date) with openSSL version is
0.9.8g-15+lenny6
When the problem occurs, wget and curl both indicate no connection issues.
Openssl s_client connects properly. Firefox 3.5 shows a scary looking red
screen that states:
Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)
There is no way to add an exception in firefox or 'work around'
Restarting cherokee resolves the issue (until it happens again at a later
random date and time).
It seems to be related to this thread:
http://code.google.com/p/cherokee/issues/detail?id=594
I am going to install openssl-0.9.8m (the latest) and recompile cherokee
against that version. I will let you know what happens. Until then, it
would be great if someone acknowledges this issue actually exists. There
are a large number of servers out there running Debian and Ubuntu which are
all running openssl 0.9.5g-whatever. It would be fantastic if there was
some minor change that could be made to cherokee to allow these servers to
function normally.
Ryan
On Mon, Mar 1, 2010 at 10:36 AM, Ryan McIntosh <[email protected]>wrote:
> Hi all,
>
> I am running cherokee 0.99.43 on www.bestbridalprices.com
>
> I am getting sporadic bad SSL cert errors on this domain. The certificate
> has been in place since 2008 and this just stated happening about a week
> after I upgraded to 0.99.43. The error doesn't happen consistently and
> there are no errors or related messages in the log files. The issue appears
> to correct itself. What can I look for to determine the cause of this
> error.
>
> Ryan
>
_______________________________________________
Cherokee mailing list
[email protected]
http://lists.octality.com/listinfo/cherokee
