On March 25, 2015 6:40:11 PM GMT+01:00, Theodore Wynnychenko <t...@uchicago.edu> wrote: >Hello again: >I am still having no luck with https and the new httpd server. >I am sorry if this is something stupid, but I would really appreciate a >whack with the clue stick. > >As I said originally, http connections work fine with openbsd-current, >but https connections never connect. > >I have tried a number of things. > >First, I changed my httpd.conf to explicitly point to the server crt >and key. >---- >types { > include "/usr/share/misc/mime.types" >} > >server "default" { > listen on * port 80 > listen on * tls port 443
I have a feeling you cannot mix encrypted and plaintext in the same block, but I could be wrong. /Alexander > tls certificate "/etc/ssl/server.crt" > tls key "/etc/ssl/private/server.key" > connection max requests 100 > root "/htdocs" > directory no index >} >----- > >No difference: http connects, https browser just waiting. > >I removed the "tls" from the conf file, so: "listen on * port 443" > >When I do that, and try using https to connect, Firefox gives me a >"ssl_error_rx_record_too_long" response (but, at least it's not >hanging). Also, the access.log file does record the "failed" https >attempt: >--- >default 10.0.128.10 - - [25/Mar/2015:12:18:58 -0500] "<UNKNOWN> " 400 0 >--- >As I noted before, with tls enabled, there are no records in either >access.log or error.log files. > >So, I checked the certificate: >openssl x509 -text -noout -in /etc/ssl/server.crt > >and I get: >Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1 (0x1) > Signature Algorithm: sha256WithRSAEncryption ><etc> > >All seems fine. > >I took the server.key and server.crt files to an older machine >(actually, the one I am trying to replace) that is running 4.9 (I >think) and apache. Put the "new" certificate and key in the proper >places, and was able to open an https connection to that >machine, and was able to confirm that the new certificate was the one >being presented and works. > >So, I don't know what the issue may be. >I would really appreciate some (small amount of) direction. > >After all, this is an openbsd only kind of question, I don't even know >where else I could ask. >If there is any other information that is needed, please let me know. > >Thanks again; >Ted > > >--------------------- >>On Mar 22, 2015 >> >>Hello >>I think I missing something very obvious, but I have been struggling >with this >>for a while, and hope that someone will point out my oversight. >> >> >>Running current: >>OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Mar 18 18:59:52 MDT 2015 >> >dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD >> >>httpd up and running: >> >>ps ax: >>1235 ?? Is 0:00.01 httpd: parent (httpd) >> 1598 ?? I 0:00.00 httpd: logger (httpd) >>27922 ?? I 0:00.01 httpd: server (httpd) >> 2020 ?? I 0:00.01 httpd: server (httpd) >>19391 ?? I 0:00.01 httpd: server (httpd) >> >>Using this configuration file - httpd.conf: >> >>http_ip="10.0.128.67" >> >>types { >> include "/usr/share/misc/mime.types" >>} >> >>server "defualt" { >> listen on $http_ip port 80 >> listen on $http_ip tls port 443 >> connection max requests 100 >> root "/htdocs" >> directory no index >>} >> >> >>When I try to connect using firefox to: http://10.0.128.67/index.html >- everything is fine. >>When I try to connect using firefox to: https://10.0.128.67/index.html >- firefox just hangs/waiting. >> >>Certificate and key installed in default locations: >>ls -lah /etc/ssl/private/server.key: >>-rw------- 1 root wheel 3.2K Feb 16 19:57 >/etc/ssl/private/server.key >> >>ls -lah /etc/ssl/server.crt: >>-rw-r--r-- 1 root wheel 8.5K Mar 12 12:04 /etc/ssl/server.crt >> >>No error messages in the logs for httpd. >>No error messages in /var/www/logs/error.log >>No record of connections when https connection requested in >/var/www/logs/access.log >> >>I must be missing something obvious; but at this point I think I have >been staring at the trees so long I can't see the forest. >> >>Thanks >>Ted