On 2015-07-17 4:18 PM, Yann Ylavic wrote:
On Fri, Jul 17, 2015 at 1:51 PM, Michael Felt<[email protected]> wrote:
On 2015-07-17 1:20 PM, Michael Felt wrote:
On 2015-07-17 12:39 PM, Yann Ylavic wrote:
tcpdump -i lo -w dump.pcap -s0 tcp port 8532
Run at a different time, but with trace5 enabled.
Thanks, I finally managed to build libressl on my system and
httpd-2.4.x linked to it.
However since this isn't the system's native libssl, the perl
framework (libwww-perl/5.836 here) does not use it (but Debian's
libssl-0.9.8o-4squeeze20), so I had to use libressl's "openssl
s_client" to reproduce the case.
I installed a virgin system without OpenSSL, installed LibreSSL and then
installed Bundle::ApacheTest - which loaded (compiled against libressl)
the SSL related modules into perl on AIX.
I repeated the same steps on a second AIX - installing only OpenSSL and
then installing Bundle::ApacheTest
I will try and repeat what you did as well.
So:
$ /path/to/httpd/2.4.x/bin/httpd -f
/path/to/httpd/framework/trunk/t/conf/httpd.conf -X
on the server side, and:
$ /path/to/libressl/2.2.1/bin/openssl s_client -connect localhost:8532 -state
on the client side, with this simple request:
GET /require-aes128-cgi HTTP/1.1
Host: localhost:8532
Attached are the logs from both httpd and s_client, where we can see
that httpd somehow expects a client certificate during the
renegotiation (without sending any certificate request...), while
s_client obviously does not send anything like that (but its key
exchange).
I can't explain that... I'd need to debug.
Does this ring someone's bell?
