httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rai, Pravesh R (STSD)" <pravesh....@hp.com>
Subject Apache 2.4.3 issue related to SLProxyCheckPeerCN directive
Date Tue, 20 Nov 2012 11:17:13 GMT
Hi All,

While trying to use Apache 2.4.3, we are getting following error messages (in error_log),
when trying to access a link to another application running on Tomcat web server:

------------------
[ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH02005: SSL Proxy: Peer certificate CN mismatch:
Certificate CN: y Requested hostname: 15.146.153.101
[ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH01998: Connection closed to child 0 with abortive
shutdown (server localhost:2381)
[proxy_http:error] [pid 3264] (502)Unknown error 502: [client 16.154.173.74:52712] AH01084:
pass request body failed to 127.0.0.1:1188 (localhost), referer: https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AServiceguard&chppage=Serviceguard%20Manager&chpurl=/sgmgr/main/main.do&chptarget=undefined
[proxy:error] [pid 3264] [client 16.154.173.74:52712] AH00898: Error during SSL Handshake
with remote server returned by /sgmgr/main/main.do, referer: https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AServiceguard&chppage=Serviceguard%20Manager&chpurl=/sgmgr/main/main.do&chptarget=undefined
[proxy_http:error] [pid 3264] [client 16.154.173.74:52712] AH01097: pass request body failed
to 127.0.0.1:1188 (localhost) from 16.154.173.74 (), referer: https://15.146.153.101:2381/chpl
------------------

Also found that, the same bug is reported at some Apache & Bugzilla sites:

https://issues.apache.org/bugzilla/show_bug.cgi?id=53006
http://mail-archives.apache.org/mod_mbox/httpd-bugs/201203.mbox/%3Cbug-53006-7868@https.issues.apache.org/bugzilla/%3E
http://osdir.com/ml/bugs-httpd/2012-03/msg00324.html

but none of those points to the right direction. After going through Apache-2.4.3 docs/forum:

http://apache-http-server.18135.n6.nabble.com/SSLProxyCheckPeerCN-ProxyPreserveHost-issue-td4999947.html
http://httpd.apache.org/docs/2.4/upgrading.html#misc
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html

found that, it is observed only with Apache-2.4.3 & is due to one directive "SLProxyCheckPeerCN",
which is now "on" by default. But even setting this to "off" is not helping much in our case.

Can anybody please provide some clue about this behavior?

Regards,
Pravesh
Mime
View raw message