Hello again:
I am still having no luck with https and the new httpd server.
I am sorry if this is something stupid, but I would really appreciate a whack
with the clue stick.
As I said originally, http connections work fine with openbsd-current, but
https connections never connect.
I have tried a number of things.
First, I changed my httpd.conf to explicitly point to the server crt and key.
----
types {
include "/usr/share/misc/mime.types"
}
server "default" {
listen on * port 80
listen on * tls port 443
tls certificate "/etc/ssl/server.crt"
tls key "/etc/ssl/private/server.key"
connection max requests 100
root "/htdocs"
directory no index
}
-----
No difference: http connects, https browser just waiting.
I removed the "tls" from the conf file, so: "listen on * port 443"
When I do that, and try using https to connect, Firefox gives me a
"ssl_error_rx_record_too_long" response (but, at least it's not
hanging). Also, the access.log file does record the "failed" https attempt:
---
default 10.0.128.10 - - [25/Mar/2015:12:18:58 -0500] "<UNKNOWN> " 400 0
---
As I noted before, with tls enabled, there are no records in either access.log
or error.log files.
So, I checked the certificate:
openssl x509 -text -noout -in /etc/ssl/server.crt
and I get:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
<etc>
All seems fine.
I took the server.key and server.crt files to an older machine (actually, the
one I am trying to replace) that is running 4.9 (I
think) and apache. Put the "new" certificate and key in the proper places, and
was able to open an https connection to that
machine, and was able to confirm that the new certificate was the one being
presented and works.
So, I don't know what the issue may be.
I would really appreciate some (small amount of) direction.
After all, this is an openbsd only kind of question, I don't even know where
else I could ask.
If there is any other information that is needed, please let me know.
Thanks again;
Ted
---------------------
>On Mar 22, 2015
>
>Hello
>I think I missing something very obvious, but I have been struggling with this
>for a while, and hope that someone will point out my oversight.
>
>
>Running current:
>OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Mar 18 18:59:52 MDT 2015
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
>
>httpd up and running:
>
>ps ax:
>1235 ?? Is 0:00.01 httpd: parent (httpd)
> 1598 ?? I 0:00.00 httpd: logger (httpd)
>27922 ?? I 0:00.01 httpd: server (httpd)
> 2020 ?? I 0:00.01 httpd: server (httpd)
>19391 ?? I 0:00.01 httpd: server (httpd)
>
>Using this configuration file - httpd.conf:
>
>http_ip="10.0.128.67"
>
>types {
> include "/usr/share/misc/mime.types"
>}
>
>server "defualt" {
> listen on $http_ip port 80
> listen on $http_ip tls port 443
> connection max requests 100
> root "/htdocs"
> directory no index
>}
>
>
>When I try to connect using firefox to: http://10.0.128.67/index.html -
>everything is fine.
>When I try to connect using firefox to: https://10.0.128.67/index.html -
>firefox just hangs/waiting.
>
>Certificate and key installed in default locations:
>ls -lah /etc/ssl/private/server.key:
>-rw------- 1 root wheel 3.2K Feb 16 19:57 /etc/ssl/private/server.key
>
>ls -lah /etc/ssl/server.crt:
>-rw-r--r-- 1 root wheel 8.5K Mar 12 12:04 /etc/ssl/server.crt
>
>No error messages in the logs for httpd.
>No error messages in /var/www/logs/error.log
>No record of connections when https connection requested in
>/var/www/logs/access.log
>
>I must be missing something obvious; but at this point I think I have been
>staring at the trees so long I can't see the forest.
>
>Thanks
>Ted
