This sounds a lot like what I was experiencing with PR#60... Except I wasn't
using wildcards with virtual hosts... In my case, the certs and keys for the
server and the vhosts were saved in a hash using 'www.domain.com:0' as the
hash key in phase 1, but then phase two tried referencing them as
'www.domain.com:443', yielding the 'Oops, can't find server certificate'
message. My problem was worked around by specifying 'Port 443' or 'Listen 443',
and I haven't had the time to dig any deeper.
Looking back in the bug db, Ralf asked for my configs, but I've not sent them
yet. I'll see about doing that now.
On Tue, Jan 05, 1999 at 06:17:43AM +0100, [EMAIL PROTECTED] wrote:
> Full_Name: David Harris
> Version: mod_ssl-2.1.4-1.3.3 with SSLeay-0.9.0b
> OS: Red Hat Linux 5.1 (2.0.36 kernel)
> Submission from: cc917675-a.hwrd1.md.home.com (24.3.22.201)
>
> I've found an error in mod_ssl relating to VirtualHosts matching.
>
> Apparently, you are storing the certificates and keys between the 1st Apache API
> init round and the 2nd Apache init round in globals. This is done using
> "ssl_ds_table_push(mc->tPublicCert, cpServerName)" in ssl_engine_pphrase.c and
> "ssl_ds_table_get(mc->tPublicCert, cpServerName)" in ssl_engine_init.c.
>
> When I used a virtual host with a wildcard, the two passes were using different
> values of "cpServerName" for the same virtual host. Therefore, when
> ssl_engine_init.c tried to read the certificate using ssl_ds_table_get, it died
> on error.
>
> Here is the virtual host section out of my httpd.conf file that did not work:
>
> -----
> Listen 209.70.72.155:80
> Listen 209.70.72.155:443
> <VirtualHost 209.70.72.155:*>
> ServerAdmin [EMAIL PROTECTED]
> ServerName www.westegg.com
> DocumentRoot /web/4/morgan
> ErrorLog /web/4/_admin/morgan/logs/error_log
> TransferLog /web/4/_admin/morgan/logs/transfer_log
>
> SSLEngine on
> SSLCertificateKeyFile /web/4/_admin/morgan/ssl/www.westegg.com.key
> SSLCertificateFile /web/4/_admin/morgan/ssl/www.westegg.com.crt
>
> SSLLog /web/4/_admin/morgan/logs/ssl_log
> SSLLogLevel trace
> </VirtualHost>
> -----
>
> Here is the ssl_log file it produced on server startup: (timestamps removed to
> prevent ugly line wrapping)
>
> -----
> [info] Init: Loading certificate & private key of SSL-aware server
> www.westegg.com:0
> [info] Init: Requesting pass phrase via builtin terminal dialog
> [trace] Init: (www.westegg.com:0) encrypted private key - pass phrase requested
> [info] Init: Configuring server www.westegg.com:0 for SSL protocol
> [trace] Init: (www.westegg.com:443) Creating new SSL context
> [trace] Init: (www.westegg.com:443) Configuring permitted SSL ciphers
> [trace] Init: (www.westegg.com:443) Configuring server certificate
> [error] Init: (www.westegg.com:443) Ops, can't find server certificate?!
> -----
>
> Note to two different "cpServerName" values of "www.westegg.com:0" and
> "www.westegg.com:443".
>
> When I changed the virtual host directive to:
>
> -----
> Listen 209.70.72.155:80
> Listen 209.70.72.155:443
> <VirtualHost 209.70.72.155:443>
> ..snip..
> </VirtualHost>
> -----
>
> everything worked just fine.
--
Jake Buchholz http://www.execpc.com/~jake
ExecPC Senior Systems Administrator [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
