When I use an Action directive in a directory secured by client certificate
authentication, the CGI output does not display.

My server is Apache 1.3.33 with mod_ssl-2.8.22.  My config.status looks like 

./configure \
"--with-layout=Apache" \
"--prefix=/usr/local/apache" \
"--enable-module=ssl" \

I have a directory htdocs/secure, which contains this .htaccess file:

AddType application/test .test
Action application/test /cgi-bin/test.pl
SSLVerifyClient require
SSLCACertificateFile /usr/local/etc/ca.crt

My Apache configuration contains:

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /usr/local/apache/logs/ssl_engine_log
SSLLogLevel trace
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key
SSLCertificateChainFile /usr/local/apache/conf/equifax.crt
SSLCACertificateFile /usr/local/apache/conf/ca.crt
SSLVerifyDepth  10

The SSLCACertificateFile (ca.crt) is a self-signed CA which I created.
I have added the CA to my browser, along with a client cert signed by
that CA.  The same CA is copied to /usr/local/etc/ca.crt, which is
referenced by the SSLCACertificateFile directive in my .htaccess file.
This CA is different from the one securing the web server itself.

Within the htdocs/secure directory are files index.html and x.test.
When I browse with HTTPS to /secure/index.html or to /cgi-bin/test.pl,
the results are displayed just as they should be.

However, when I access /secure/x.test, the CGI output does not appear
at all.  Instead, the following messages appear in ssl_engine_log:

[06/Jan/2005 17:27:23 55592] [error] SSL error on reading data (OpenSSL library error follows)
[06/Jan/2005 17:27:23 55592] [error] OpenSSL: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
[06/Jan/2005 17:27:23 55592] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Is this a bug in mod_ssl, or is there something I need do to differently
to get my CGI output?

Omar W. Hannet
Allez-Oop Net
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to