httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32529] - ProxyPass segmetation fault on SMP x86_64
Date Sat, 04 Dec 2004 16:37:01 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32529>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32529





------- Additional Comments From mitch@comwestcr.com  2004-12-04 17:37 -------
The failure is that if I include a ProxyPass statement from one SSL enabled host
to another SSL enabled, as soon as I try to access a page that should be proxied
from the other host the child process in apache seg faults and I see nothing in
my browser.  Here's a trimmed generic configuration that will generate the problem:

Host 1:
-------
    <VirtualHost 1.2.3.4:443>
        ServerName      host1.domain.com

        DocumentRoot    /srv/www/host1

        SSLEngine                       on
        SSLProxyEngine                  on
        SSLCipherSuite                 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile              /etc/apache2/ssl.crt/host1.domain.com.crt
        SSLCertificateKeyFile           /etc/apache2/ssl.key/host1.domain.com.key

        ProxyPass      /test.html       https://host2.domain.com.:444/test.html
    </VirtualHost>
    <Directory /srv/www/host1>
        Order allow,deny
        Allow from all
        AllowOverride All
    </Directory>

Host 2:
-------
    Listen 444

    <VirtualHost 1.2.3.5:444>
        ServerName      host2.domain.com

        DocumentRoot    /srv/www/host2

        SSLEngine                       on
        SSLCertificateKeyFile           /etc/apache2/ssl.key/host2.domain.com.key
        SSLCertificateFile              /etc/apache2/ssl.crt/host2.domain.com.crt
    </VirtualHost>

    <Directory /srv/www/host2>
        Order allow,deny
        Allow from all
        AllowOverride All
   </Directory>

If you browse to https://host1.domain.com/test.html it should be reverse proxied
from https://host2.domain.com/test.html but instead the apache process seg
faults.  I suspect that this is SMP related or perhaps related to the x86_64
architecture but that's only a suspicion.


Here's a backtrace from a core dump:

#0  0x0000002a97a72486 in CRYPTO_get_ex_data () from /usr/lib64/libcrypto.so.0.9.7
#1  0x0000002a978d766a in SSL_get_ex_data () from /usr/lib64/libssl.so.0.9.7
#2  0x0000002a977acd40 in ssl_callback_SSLVerify () from
/usr/lib64/apache2-prefork/mod_ssl.so
#3  0x0000002a97aa67c2 in X509_verify_cert () from /usr/lib64/libcrypto.so.0.9.7
#4  0x0000002a978edd0c in ssl_verify_cert_chain () from /usr/lib64/libssl.so.0.9.7
#5  0x0000002a978e32eb in ssl3_get_server_certificate () from
/usr/lib64/libssl.so.0.9.7
#6  0x0000002a978e23dc in ssl3_connect () from /usr/lib64/libssl.so.0.9.7
#7  0x0000002a978ec245 in SSL_connect () from /usr/lib64/libssl.so.0.9.7
#8  0x0000002a978e9f10 in ssl23_get_server_hello () from /usr/lib64/libssl.so.0.9.7
#9  0x0000002a978e992c in ssl23_connect () from /usr/lib64/libssl.so.0.9.7
#10 0x0000002a978ec245 in SSL_connect () from /usr/lib64/libssl.so.0.9.7
#11 0x0000002a977aa8dc in ssl_io_filter_connect () from
/usr/lib64/apache2-prefork/mod_ssl.so
#12 0x0000002a977aaebe in ssl_io_filter_output () from
/usr/lib64/apache2-prefork/mod_ssl.so
#13 0x0000000000433b6a in ap_pass_brigade ()
#14 0x0000002a9c255f3b in ap_proxy_http_request () from
/usr/lib64/apache2-prefork/mod_proxy_http.so
#15 0x0000002a9c25707f in ap_proxy_http_handler () from
/usr/lib64/apache2-prefork/mod_proxy_http.so
#16 0x0000002a9c14e3ab in proxy_run_scheme_handler () from
/usr/lib64/apache2-prefork/mod_proxy.so
#17 0x0000002a9c14cf9b in proxy_handler () from
/usr/lib64/apache2-prefork/mod_proxy.so
#18 0x0000000000427631 in ap_run_handler ()
#19 0x0000000000427ca9 in ap_invoke_handler ()
#20 0x0000000000424506 in ap_process_request ()
#21 0x000000000041fad8 in ap_process_http_connection ()
#22 0x00000000004316a1 in ap_run_process_connection ()
#23 0x0000000000431a02 in ap_process_connection ()
#24 0x0000000000425d22 in child_main ()
#25 0x0000000000425ee8 in make_child ()
#26 0x00000000004260b3 in perform_idle_server_maintenance ()
#27 0x0000000000426621 in ap_mpm_run ()
#28 0x000000000042cada in main ()

If I patch openssl as I stated in the original post it fixes the problem.

I'll see if I can duplicate the problem with the stock 2.0.52.  I have to
proceed with caution since this server is running a number of sites with a lot
of traffic.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message