httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Florian S." <flo....@gmx.net>
Subject RE: Seg-fault when using SSLProxyMachineCertificateFile
Date Tue, 23 Feb 2010 14:45:28 GMT
That's a good idea. Did not had in mind that option. I'll do that these
days. 
I was afraid of having made a stupid error (maybe with the cert), so I
posted here first.

Thanks for the quick reply:
	Florian

Am Dienstag, den 23.02.2010, 15:35 +0100 schrieb "Plüm, Rüdiger,
VF-Group":
> Please open a bugzilla report and provide a gdb backtrace (works best
> when httpd is compiled with -g -O2) for further analysis
> (http://httpd.apache.org/dev/debugging.html).
> 
> Regards
> 
> Rüdiger 
> 
> > -----Original Message-----
> > From: Florian S. 
> > Sent: Dienstag, 23. Februar 2010 15:15
> > To: dev@httpd.apache.org
> > Subject: Seg-fault when using SSLProxyMachineCertificateFile
> > 
> > Hi all,
> > 
> > I'm running an Apache/2.2.14(Unix) + mod_ssl/2.2.14 + mpm_worker as
> > reverse proxy. Everything with SSL worked fine so far (including
> > verifying clientcerts). Now, I wanted Apache to use some certs when
> > talking to the backends.
> > 
> > My SSLProxyMachineCertificateFile contains the following:
> > Certificate:
> >     Data:
> >         Version: 3 (0x2)
> >         Signature Algorithm: md5WithRSAEncryption
> >         Issuer: C=lk, ST=lkj, L=lkj, O=lkj, OU=lkj, CN=ca
> > asd/emailAddress=lkj@$
> >         Validity
> >             Not Before: Feb 16 16:00:00 2010 GMT
> >             Not After : Feb 16 16:00:00 2011 GMT
> >         Subject: C=lk, ST=lkj, O=lkj, OU=lkj, CN=cert 2
> > ccert/emailAddress=lkj@$
> >         Subject Public Key Info:
> >             Public Key Algorithm: rsaEncryption
> >             RSA Public Key: (1024 bit)
> >                 Modulus (1024 bit):
> >                     00:d5:83:0f:03:5e:a9:b6:08:16:2e:c2:7d:1e:b7:
> >                     ...
> >                     28:b2:55:e3:df:64:ed:8e:0b
> >                 Exponent: 65537 (0x10001)
> >         X509v3 extensions:
> >                     ...other stuff
> >     Signature Algorithm: md5WithRSAEncryption
> >         74:e8:8d:3f:57:0a:33:94:37:7b:bc:31:b9:81:71:5c...
> > -----BEGIN CERTIFICATE-----
> > TLSdtQnWynaZERayZO2BOXmAvd/m8xIkqM3ffmiLJbIwGu5vNBu3AvhQv2CJM...
> > -----END CERTIFICATE-----
> > -----BEGIN RSA PRIVATE KEY-----
> > MIICXAIBAAKBgQDVgw8DXqm2CBYuwn0et9N5rO8uwSDPdiaFMSJisyxcW0S9+...
> > -----END RSA PRIVATE KEY-----
> > 
> > There is nothing strange to see in the debuglog. There is even:
> > [debug] ssl_engine_init.c(965): loaded 1 client certs for SSL proxy
> > 
> > Now, running:
> > strace /apache/bin/httpd -k restart -DDEBUG -DONE_PROCESS -DNO_DETACH
> > gives:
> > 
> > ...
> > open("/var/run/openssl/clientcerts.pem", O_RDONLY|O_LARGEFILE) = 7
> > fstat64(7, {st_mode=S_IFREG|0644, st_size=4455, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> > 0) = 0xb7159000
> > read(7, "\nCertificate:\n    Data:\n        "..., 4096) = 4096
> > read(7, "2/vhohhuk5fYKSNwXMYw+n2\nMXe2ubUo"..., 4096) = 359
> > read(7, "", 4096)                       = 0
> > close(7)                                = 0
> > munmap(0xb7159000, 4096)                = 0
> > 
> > ^ this part four times the same. And then:
> > 
> > gettimeofday({1266931804, 383328}, NULL) = 0
> > write(2, "[Tue Feb 23 13:30:04 2010] [noti"..., 108) = 108
> > gettimeofday({1266931804, 383549}, NULL) = 0
> > write(2, "[Tue Feb 23 13:30:04 2010] [noti"..., 137) = 137
> > time(NULL)                              = 1266931804
> > --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> > +++ killed by SIGSEGV +++
> > Process 13391 detached
> > 
> > ^ The last two entries written to logfile
> > 
> > Read about segfault for missing a private key, but it is present..
> > Can't see anything strange.. Any ideas? Reasons? Further investigation
> > tips?
> > Or would this issue fit better on the user-list?
> > 
> > Best regards:
> > 	Florian Schröder
> > 
> > 



Mime
View raw message