The problem I ran into didn't exactly match what I found in the
bug database, nor anything in the FAQ. Some things were close,
so I continuued to try to track it down along those lines. After
a while, I did figure out the problem, so I thought I would pass
this along as a "user experience" to expand on the known base of
symptoms and causes.
The symptom was the HTTPS connection would simply hang. The
browser sat stuck doing nothing but waiting for a response.
Connecting to the regular HTTP port worked find. Since I
self-signed and this was the first time, I was expecting to get a
prompt about a non-recognized CA. The only log message I saw was:
[Sat Apr 7 23:04:31 2001] [info] [client 208.152.116.19] read request line timed out
And this only after some time waiting. Netscape at that time
reported a network I/O error.
Examining network connections (before timeout) showed the
connection to port 443 as established:
tcp 0 0 208.152.116.19:443 0.0.0.0:* LISTEN
5535/httpd
tcp 0 0 208.152.116.19:443 208.152.116.19:38102 ESTABLISHED
5548/httpd
tcp 0 0 208.152.116.19:38102 208.152.116.19:443 ESTABLISHED
5948/netscape
I did confirm that I had SSL configured in the virtual host,
and there were no error messages from them. I tried a few
changes in those directions with no better results. Then, I
noticed something unrelated in my script generated config
(which I need to do to handle large numbers of virtual hosts
on many IP addresses on other servers). The script checks
for all IP addresses used, and for each one it builds a dummy
virtual host entry naming the IP address as the servername.
It (correctly) did this for each port as well, including now
port 443:
<virtualhost 208.152.116.19:443>
servername 208.152.116.19
alias /icons/ /web/icons/
aliasmatch ^/.* /web/default/novirt.html
</virtualhost>
I manually removed these lines from the generated config file,
and without regenerating, just restarted apache. Now it works.
So that was the problem. I'm assuming that this virtualhost,
which was in addition to the one with the true host name, having
no SSL configuration at all, caused either some sort of confusion,
or simply caused no SSL operation at all.
Questions:
If the server was talking HTTP and the client was talking HTTPS,
is a hang with no particular error messages something you would
expect to see happen? I recall seeing another bug report that
dealt with HTTPS client talking to HTTP server and getting a
hang, but with a different error message. Does this make sense?
Is there a way to configure apache to handle differently the cases
where SSL is or is not used by the client, such as to handle the
url "http://domain.name:443/"; by directing to the HTTPS equivalent?
How can I make a default virtual host as above, but for SSL or at
least for port 443, without a certificate, so that I can be sure a
request w/o Host: does not get matched to an arbitrary virtual host
on that same IP address? Or should I just use a dummy self-signed
certificate?
--
-----------------------------------------------------------------
| Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ |
| [EMAIL PROTECTED] | Texas, USA | http://phil.ipal.org/ |
-----------------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
