httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Seg-fault when using SSLProxyMachineCertificateFile
Date Tue, 23 Feb 2010 14:35:53 GMT
Please open a bugzilla report and provide a gdb backtrace (works best
when httpd is compiled with -g -O2) for further analysis
(http://httpd.apache.org/dev/debugging.html).

Regards

Rüdiger 

> -----Original Message-----
> From: Florian S. 
> Sent: Dienstag, 23. Februar 2010 15:15
> To: dev@httpd.apache.org
> Subject: Seg-fault when using SSLProxyMachineCertificateFile
> 
> Hi all,
> 
> I'm running an Apache/2.2.14(Unix) + mod_ssl/2.2.14 + mpm_worker as
> reverse proxy. Everything with SSL worked fine so far (including
> verifying clientcerts). Now, I wanted Apache to use some certs when
> talking to the backends.
> 
> My SSLProxyMachineCertificateFile contains the following:
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=lk, ST=lkj, L=lkj, O=lkj, OU=lkj, CN=ca
> asd/emailAddress=lkj@$
>         Validity
>             Not Before: Feb 16 16:00:00 2010 GMT
>             Not After : Feb 16 16:00:00 2011 GMT
>         Subject: C=lk, ST=lkj, O=lkj, OU=lkj, CN=cert 2
> ccert/emailAddress=lkj@$
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
>                     00:d5:83:0f:03:5e:a9:b6:08:16:2e:c2:7d:1e:b7:
>                     ...
>                     28:b2:55:e3:df:64:ed:8e:0b
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>                     ...other stuff
>     Signature Algorithm: md5WithRSAEncryption
>         74:e8:8d:3f:57:0a:33:94:37:7b:bc:31:b9:81:71:5c...
> -----BEGIN CERTIFICATE-----
> TLSdtQnWynaZERayZO2BOXmAvd/m8xIkqM3ffmiLJbIwGu5vNBu3AvhQv2CJM...
> -----END CERTIFICATE-----
> -----BEGIN RSA PRIVATE KEY-----
> MIICXAIBAAKBgQDVgw8DXqm2CBYuwn0et9N5rO8uwSDPdiaFMSJisyxcW0S9+...
> -----END RSA PRIVATE KEY-----
> 
> There is nothing strange to see in the debuglog. There is even:
> [debug] ssl_engine_init.c(965): loaded 1 client certs for SSL proxy
> 
> Now, running:
> strace /apache/bin/httpd -k restart -DDEBUG -DONE_PROCESS -DNO_DETACH
> gives:
> 
> ...
> open("/var/run/openssl/clientcerts.pem", O_RDONLY|O_LARGEFILE) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=4455, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7159000
> read(7, "\nCertificate:\n    Data:\n        "..., 4096) = 4096
> read(7, "2/vhohhuk5fYKSNwXMYw+n2\nMXe2ubUo"..., 4096) = 359
> read(7, "", 4096)                       = 0
> close(7)                                = 0
> munmap(0xb7159000, 4096)                = 0
> 
> ^ this part four times the same. And then:
> 
> gettimeofday({1266931804, 383328}, NULL) = 0
> write(2, "[Tue Feb 23 13:30:04 2010] [noti"..., 108) = 108
> gettimeofday({1266931804, 383549}, NULL) = 0
> write(2, "[Tue Feb 23 13:30:04 2010] [noti"..., 137) = 137
> time(NULL)                              = 1266931804
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> +++ killed by SIGSEGV +++
> Process 13391 detached
> 
> ^ The last two entries written to logfile
> 
> Read about segfault for missing a private key, but it is present..
> Can't see anything strange.. Any ideas? Reasons? Further investigation
> tips?
> Or would this issue fit better on the user-list?
> 
> Best regards:
> 	Florian Schröder
> 
> 

Mime
View raw message