httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52630] Firefox can't access SSL websites with client authentication and when using a symlink to a directory of CA certs
Date Wed, 04 Apr 2012 23:23:57 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52630

Christoph Anton Mitterer <calestyo@scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #13 from Christoph Anton Mitterer <calestyo@scientia.net> 2012-04-04 23:23:57
UTC ---
Hey Kaspar.


Sorry, when I got back from holidays I concentrated on that other issue with
SNI/SSL/client auth (which btw. got solved in the meantime) and totally forgot
about this one.


So let me see:


It took me some time to realise that I had to trace for stat (yeah it was late
and I was tired ;) )... so same command just s/stat64/stat/:


With the _working_ config (i.e. absolute pathnames) I then get:
[pid  4522] 01:01:23 stat("/etc/grid-security/certificates/dd4b34ea.0",
{st_mode=S_IFREG|0444, st_size=1631, ...}) = 0

With the (still) not wokring config (i.e. relative pathnames I get:
[pid  5697] 01:03:17
stat("/etc/apache2/pki/virtual-hosts/lcg-lrz-monitoring.grid.lrz.de/client.crt.d/dd4b34ea.0",
0x7f4207c076d0) = -1 EACCES (Permission denied)

I then immediately knew the reason (a colleague read pki and and made all the
dirs root-read/list-able only).



>If you still maintain that this is not an issue with your
>particular configuration, then do this:
So actually you were all the time right and it was a configuration mistake on
my site (I should have checked this again but didn't expect someone else to
mess up with that server)...

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message