On March 25, 2015 6:40:11 PM GMT+01:00, Theodore Wynnychenko
<t...@uchicago.edu> wrote:
>Hello again:
>I am still having no luck with https and the new httpd server.
>I am sorry if this is something stupid, but I would really appreciate a
>whack with the clue stick.
>
>As I said originally, http connections work fine with openbsd-current,
>but https connections never connect.
>
>I have tried a number of things.
>
>First, I changed my httpd.conf to explicitly point to the server crt
>and key.
>----
>types {
> include "/usr/share/misc/mime.types"
>}
>
>server "default" {
> listen on * port 80
> listen on * tls port 443
I have a feeling you cannot mix encrypted and plaintext in the same block, but
I could be wrong.
/Alexander
> tls certificate "/etc/ssl/server.crt"
> tls key "/etc/ssl/private/server.key"
> connection max requests 100
> root "/htdocs"
> directory no index
>}
>-----
>
>No difference: http connects, https browser just waiting.
>
>I removed the "tls" from the conf file, so: "listen on * port 443"
>
>When I do that, and try using https to connect, Firefox gives me a
>"ssl_error_rx_record_too_long" response (but, at least it's not
>hanging). Also, the access.log file does record the "failed" https
>attempt:
>---
>default 10.0.128.10 - - [25/Mar/2015:12:18:58 -0500] "<UNKNOWN> " 400 0
>---
>As I noted before, with tls enabled, there are no records in either
>access.log or error.log files.
>
>So, I checked the certificate:
>openssl x509 -text -noout -in /etc/ssl/server.crt
>
>and I get:
>Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 1 (0x1)
> Signature Algorithm: sha256WithRSAEncryption
><etc>
>
>All seems fine.
>
>I took the server.key and server.crt files to an older machine
>(actually, the one I am trying to replace) that is running 4.9 (I
>think) and apache. Put the "new" certificate and key in the proper
>places, and was able to open an https connection to that
>machine, and was able to confirm that the new certificate was the one
>being presented and works.
>
>So, I don't know what the issue may be.
>I would really appreciate some (small amount of) direction.
>
>After all, this is an openbsd only kind of question, I don't even know
>where else I could ask.
>If there is any other information that is needed, please let me know.
>
>Thanks again;
>Ted
>
>
>---------------------
>>On Mar 22, 2015
>>
>>Hello
>>I think I missing something very obvious, but I have been struggling
>with this
>>for a while, and hope that someone will point out my oversight.
>>
>>
>>Running current:
>>OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Mar 18 18:59:52 MDT 2015
>>
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
>>
>>httpd up and running:
>>
>>ps ax:
>>1235 ?? Is 0:00.01 httpd: parent (httpd)
>> 1598 ?? I 0:00.00 httpd: logger (httpd)
>>27922 ?? I 0:00.01 httpd: server (httpd)
>> 2020 ?? I 0:00.01 httpd: server (httpd)
>>19391 ?? I 0:00.01 httpd: server (httpd)
>>
>>Using this configuration file - httpd.conf:
>>
>>http_ip="10.0.128.67"
>>
>>types {
>> include "/usr/share/misc/mime.types"
>>}
>>
>>server "defualt" {
>> listen on $http_ip port 80
>> listen on $http_ip tls port 443
>> connection max requests 100
>> root "/htdocs"
>> directory no index
>>}
>>
>>
>>When I try to connect using firefox to: http://10.0.128.67/index.html
>- everything is fine.
>>When I try to connect using firefox to: https://10.0.128.67/index.html
>- firefox just hangs/waiting.
>>
>>Certificate and key installed in default locations:
>>ls -lah /etc/ssl/private/server.key:
>>-rw------- 1 root wheel 3.2K Feb 16 19:57
>/etc/ssl/private/server.key
>>
>>ls -lah /etc/ssl/server.crt:
>>-rw-r--r-- 1 root wheel 8.5K Mar 12 12:04 /etc/ssl/server.crt
>>
>>No error messages in the logs for httpd.
>>No error messages in /var/www/logs/error.log
>>No record of connections when https connection requested in
>/var/www/logs/access.log
>>
>>I must be missing something obvious; but at this point I think I have
>been staring at the trees so long I can't see the forest.
>>
>>Thanks
>>Ted
