RE: [PATCH ?] RE: SEGV in allocator_free

Thu, 25 Mar 2004 09:21:00 -0800 

>-----Original Message-----
>From: Joe Orton [mailto:[EMAIL PROTECTED]
[SNIP]
>Are those who can reproduce this segfault using a reverse proxy to an
>SSL backend (i.e. SSLProxyEngine on)? 
[SNIP]

Yes and No :)
Yes - I have the directive in the ssl.conf.
No - I'm not proxying to a SSL backend.

How to reproduce: 

sslswamp -connect IP:$APACHE_HOST:443 -session s \
         -time 61 -update 10 -expect 1000 -num 5 \
         -cipher RC4-SHA -CAfile /tmp/ca.crt     \
         -cert /tmp/client.crt -request $http_file

The httpd.conf is the standard stuff. The ssl.conf is as shown below :

<IfModule mod_disk_cache.c>
  CacheRoot "/opt/apache/logs/"
  CacheSize 5
  CacheGcInterval 4
  CacheMaxExpire 86400
  CacheLastModifiedFactor 0.1
  CacheDefaultExpire 1
</IfModule>

<IfModule mod_ssl.c>
  Listen 192.168.16.78:443

  # Extra MIME-types for downloading Certificates and CRLs
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl

  # Inter-Process Session Cache
  SSLSessionCache         shmcb:/opt/apache/logs/ssl_scache(512000)
  SSLSessionCacheTimeout  300

  # Semaphore location
  SSLMutex                file:/opt/apache/logs/ssl_mutex

  SSLPassPhraseDialog     builtin
  SSLRandomSeed startup   builtin
  SSLRandomSeed connect   builtin

  ##
  ## SSL Virtual Host Context
  ##
  <VirtualHost 192.168.16.78:443>

    ServerName 192.168.16.78:443
    ServerAdmin [EMAIL PROTECTED]

    # Logging configuration (ErrorLog level is set for the global server)
    ErrorLog  /opt/apache/logs/error_log
    CustomLog /opt/apache/logs/access_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    # SSL Engine Switch
    SSLEngine             on
    SSLCipherSuite        !ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    # SSL Proxy configuration
    SSLProxyEngine        on
    SSLProxyCipherSuite   !ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    # Server Certificate
    SSLCertificateFile    /opt/apache/conf/ssl.crt/server.crt

    # Server Private Key
    SSLCertificateKeyFile /opt/apache/conf/ssl.key/server.key

    # Certificate Authority (CA)
    SSLCACertificateFile  /opt/apache/conf/ssl.crt/ca.crt
    SSLCACertificatePath  /opt/apache/conf/ssl.crt/

    # Enable Client verification
    SSLVerifyClient require

    # Proxy all the requests to the backend server
    ProxyRequests    off
    ProxyVia         on
    ProxyPass        / http://192.168.16.105:80/
    ProxyPassReverse / http://192.168.16.105:80/

    <Proxy *>
      Order deny,allow
      Allow from all
    </Proxy>
  </VirtualHost>

-Madhu

Reply via email to