httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55782] ProxyPass'ing to HTTPS server via proxypass creates SNI failure
Date Wed, 04 Dec 2013 14:30:56 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55782

Andre W. <andre.wendel@bmw.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #7 from Andre W. <andre.wendel@bmw.de> ---
I have run the test again, on debug level and found out the following.

In this case it works (SNi is set to jee-eval1.abc.com):
[Wed Dec 04 15:12:33 2013] [debug] mod_proxy_http.c(1974): proxy: HTTP: serving
URL https://jee-eval2.abc.com/clusterjsp/
[Wed Dec 04 15:12:33 2013] [debug] proxy_util.c(2018): proxy: HTTPS: has
acquired connection for (jee-eval2.abc.com)
[Wed Dec 04 15:12:33 2013] [debug] proxy_util.c(2074): proxy: connecting
https://jee-eval2.abc.com/clusterjsp/ to jee-eval2.abc.com:443
[Wed Dec 04 15:12:33 2013] [debug] proxy_util.c(2200): proxy: connected
/clusterjsp/ to jee-eval2.abc.com:443
[Wed Dec 04 15:12:33 2013] [debug] proxy_util.c(2451): proxy: HTTPS: fam 2
socket created to connect to jee-eval2.abc.com
[Wed Dec 04 15:12:33 2013] [debug] proxy_util.c(2583): proxy: HTTPS: connection
complete to 160.50.128.170:443 (jee-eval2.abc.com)
[Wed Dec 04 15:12:33 2013] [info] [client 160.50.128.170] Connection to child 0
established (server jee-eval1.abc.com:443)
[Wed Dec 04 15:12:33 2013] [info] Seeding PRNG with 512 bytes of entropy
[Wed Dec 04 15:12:33 2013] [debug] ssl_engine_io.c(1087): [client
160.50.128.170] SNI extension for SSL Proxy request set to 'jee-eval1.abc.com'

In this case it didn't works (SNI is set to localhost):
[Wed Dec 04 15:22:02 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Read:
SSL negotiation finished successfully
[Wed Dec 04 15:22:02 2013] [debug] proxy_util.c(2074): proxy: connecting
https://jee-eval2.abc.com/ to jee-eval2.abc.com:443
[Wed Dec 04 15:22:02 2013] [debug] proxy_util.c(2200): proxy: connected / to
jee-eval2.abc.com:443
[Wed Dec 04 15:22:02 2013] [debug] proxy_util.c(2451): proxy: HTTPS: fam 2
socket created to connect to jee-eval2.abc.com
[Wed Dec 04 15:22:02 2013] [debug] proxy_util.c(2583): proxy: HTTPS: connection
complete to 160.50.128.170:443 (jee-eval2.abc.com)
[Wed Dec 04 15:22:02 2013] [info] [client 160.50.128.170] Connection to child 0
established (server jee-eval1.abc.com:443)
[Wed Dec 04 15:22:02 2013] [info] Seeding PRNG with 512 bytes of entropy
[Wed Dec 04 15:22:02 2013] [debug] ssl_engine_io.c(1087): [client
160.50.128.170] SNI extension for SSL Proxy request set to 'localhost'
[Wed Dec 04 15:22:02 2013] [debug] ssl_engine_kernel.c(1871): OpenSSL:
Handshake: start

But this is not really constant in the behaviour at this point, so if he would
set localhost everytime i would understand that.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message