https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #23 from Ruediger Pluem ---
(In reply to mark from comment #22)
> Could this patch have interfered with the SSLProxyMachineCertificateFile
> Directive?
>
> We are seeing errors like this, even though we are certain we have
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #22 from m...@blackmans.org ---
Could this patch have interfered with the SSLProxyMachineCertificateFile
Directive?
We are seeing errors like this, even though we are certain we have configured a
client certificate for the
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
Yann Ylavic changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #20 from martin.l.schett...@leidos.com ---
(In reply to Yann Ylavic from comment #18)
> Created attachment 36488 [details]
> mod_proxy to reset SSL dir config on connection reuse
>
> I think that the issue is the scope of
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #19 from Yann Ylavic ---
(In reply to Joe Orton from comment #17)
> r being NULL in the callback looks significant possibly? The app data has
> not been set up properly for the client-side SSL * in the proxy?
Yes r is NULL in the
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #18 from Yann Ylavic ---
Created attachment 36488
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36488=edit
mod_proxy to reset SSL dir config on connection reuse
I think that the issue is the scope of sslconn->dc, when
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #17 from Joe Orton ---
r being NULL in the callback looks significant possibly? The app data has not
been set up properly for the client-side SSL * in the proxy?
--
You are receiving this mail because:
You are the assignee for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #16 from martin.l.schett...@leidos.com ---
(In reply to Ruediger Pluem from comment #13)
> Trying to get further puzzle pieces:
>
> Can you please move the
>
> SSLVerifyClient require
>
> on the backend out of the LocationMatch
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #15 from martin.l.schett...@leidos.com ---
(In reply to Yann Ylavic from comment #8)
> Created attachment 36484 [details]
> ylavic's conf
>
> I'm using this proxy configuration, the backend being my debian's httpd on
> which I
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #14 from Ruediger Pluem ---
(In reply to martin.l.schettler from comment #4)
> certainly:
>
>
> (gdb) print *dc
> $2 = {bSSLRequired = 1098320484, aRequirement = 0x3267467279536471, nOptions
> = 1179988074, nOptionsAdd =
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #13 from Ruediger Pluem ---
Trying to get further puzzle pieces:
Can you please move the
SSLVerifyClient require
on the backend out of the LocationMatch and up to the virtual host level and
retry?
You said, that it works when
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #12 from Yann Ylavic ---
Tried with some openssl 1.0.1s I had compiled somewhere, and it also works.
One difference may be the depth of your client certificate chain (thus calls to
ssl_callback_SSLVerify), mine is of depth 1 (my
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #10 from Yann Ylavic ---
(In reply to martin.l.schettler from comment #7)
> I'm building on CentOS 6.10
> and using the system's openssl.
Which openssl is that?
--
You are receiving this mail because:
You are the assignee for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #11 from martin.l.schett...@leidos.com ---
My openssl is:
openssl-1.0.1e-57.el6.x86_64
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #9 from Yann Ylavic ---
My client is simply:
$ while true; do curl -k -v --cert
/home/ylavic/src/apache/install/httpd/certs/client.pem --key
/home/ylavic/src/apache/install/httpd/certs/client.key
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #8 from Yann Ylavic ---
Created attachment 36484
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36484=edit
ylavic's conf
I'm using this proxy configuration, the backend being my debian's httpd on
which I added
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #7 from martin.l.schett...@leidos.com ---
Bummer! I'm definitely using the same openssl. I'm building on CentOS 6.10 and
using the system's openssl. The proxy server reliably crashes about every third
call. Can you please send me
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #6 from Yann Ylavic ---
Same with 2.4.38, working as expected.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe,
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #5 from Yann Ylavic ---
I tried your configuration with latest 2.4.x, openssl 1.1.0j and 1.1.1b, but
could not reproduce (SSL_CLIENT_* are sent to the backend). Will retry with
2.4.38.
Can you please double check that the openssl
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #4 from martin.l.schett...@leidos.com ---
certainly:
(gdb) print *dc
$2 = {bSSLRequired = 1098320484, aRequirement = 0x3267467279536471, nOptions =
1179988074, nOptionsAdd = 1952085090, nOptionsDel = 1937327430,
szCipherSuite =
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #3 from Ruediger Pluem ---
Can you please do
print *dc
print *sslconn
--
You are receiving this mail because:
You are the assignee for the bug.
-
To
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #2 from martin.l.schett...@leidos.com ---
here is the full stack trace:
#0 0x7f943d057c1b in ssl_callback_SSLVerify (ok=0, ctx=0x7f943a1900b0) at
ssl_engine_kernel.c:1727
ssl = 0x7f942002b9f0
conn =
https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
--- Comment #1 from Ruediger Pluem ---
Can you please compile your httpd with debug symbols (probably you already did
because you told us the line where the crash happened) and deliver a
bt full
info locals
from the thread that crashed?
--
23 matches
Mail list logo
