httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46952] ssl renegotiation hangs with long ca list
Date Thu, 14 May 2009 13:20:58 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952





--- Comment #4 from Steve  Traylen <steve@traylen.net>  2009-05-14 06:20:56 PST ---
Hi Ruediger,

 I tried with a newer openssl - Fedora Core 10 has:

httpd-2.2.11-2.fc10.x86_64
openssl-0.9.8g-12.fc10.x86_64
mod_ssl-2.2.11-2.fc10.x86_64 

  and the same thing happens.

  Perhaps more interesting is that if you use openssl's tiny
  web server then everything is okay. 

  i.e 

  openssl s_server -accept 8443 -verify 5 \
  -cert /etc/grid-security/hostcert.pem \
  -key /etc/grid-security/hostkey.pem -debug \
  -CApath /etc/grid-security/certificates/ -www 

  to set up a web server and then

  openssl s_client -connect vtb-generic-70.cern.ch:8443 \
  -cert ~/.globus/usercert.pem \
  -key ~/.globus/userkey.pem \
  -debug -CApath /etc/grid-security/certificates/ << EOF
  GET / HTTP/1.0
  EOF 

  then the debug page comes back. i.e it suggests that while openssl
  is okay something faulty with the mod_ssl layer?

 Steve

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message