[BugDB] Error re VirtualHosts matching (PR#71)

Tue, 5 Jan 1999 01:52:21 -0500 

Full_Name: David Harris
Version: mod_ssl-2.1.4-1.3.3 with SSLeay-0.9.0b
OS: Red Hat Linux 5.1 (2.0.36 kernel)
Submission from: cc917675-a.hwrd1.md.home.com (24.3.22.201)


Hi,

I've found an error in mod_ssl relating to VirtualHosts matching.

Apparently, you are storing the certificates and keys between the 1st Apache API
init round and the 2nd Apache init round in globals. This is done using
"ssl_ds_table_push(mc->tPublicCert, cpServerName)" in ssl_engine_pphrase.c and
"ssl_ds_table_get(mc->tPublicCert, cpServerName)" in ssl_engine_init.c.

When I used a virtual host with a wildcard, the two passes were using different
values of "cpServerName" for the same virtual host. Therefore, when
ssl_engine_init.c tried to read the certificate using ssl_ds_table_get, it died
on error.

Here is the virtual host section out of my httpd.conf file that did not work:

-----
Listen 209.70.72.155:80
Listen 209.70.72.155:443
<VirtualHost 209.70.72.155:*> 
ServerAdmin     [EMAIL PROTECTED]
ServerName      www.westegg.com
DocumentRoot    /web/4/morgan
ErrorLog        /web/4/_admin/morgan/logs/error_log
TransferLog     /web/4/_admin/morgan/logs/transfer_log

SSLEngine               on
SSLCertificateKeyFile   /web/4/_admin/morgan/ssl/www.westegg.com.key
SSLCertificateFile      /web/4/_admin/morgan/ssl/www.westegg.com.crt

SSLLog          /web/4/_admin/morgan/logs/ssl_log
SSLLogLevel     trace
</VirtualHost>
-----

Here is the ssl_log file it produced on server startup: (timestamps removed to
prevent ugly line wrapping)

-----
[info]  Init: Loading certificate & private key of SSL-aware server
www.westegg.com:0
[info]  Init: Requesting pass phrase via builtin terminal dialog
[trace] Init: (www.westegg.com:0) encrypted private key - pass phrase requested
[info]  Init: Configuring server www.westegg.com:0 for SSL protocol
[trace] Init: (www.westegg.com:443) Creating new SSL context
[trace] Init: (www.westegg.com:443) Configuring permitted SSL ciphers
[trace] Init: (www.westegg.com:443) Configuring server certificate
[error] Init: (www.westegg.com:443) Ops, can't find server certificate?!
-----

Note to two different "cpServerName" values of "www.westegg.com:0" and
"www.westegg.com:443".

When I changed the virtual host directive to:

-----
Listen 209.70.72.155:80
Listen 209.70.72.155:443
<VirtualHost 209.70.72.155:443> 
 ..snip..
</VirtualHost>
-----

everything worked just fine.



______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to