httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: Segmentation faults when SSLProxyCheckPeerName On
Date Sat, 22 Feb 2014 06:58:38 GMT
On 18.02.2014 15:53, Pavel Matěja wrote:
> Hi,
> since we've enabled SSLProxyCheckPeerName our reverserse proxy I can see
> AH00052: child pid 5711 exit signal Segmentation fault (11)
> in our logs during Nessus scans.
> 
> Backend server has several X509v3 Subject Alternative Names and Nessus sends 
> just IP as Host header.
> 
> We are running: Apache/2.4.7 (Unix) OpenSSL/1.0.1f
> 
> Mod_backtrace says:

Are you able to grab a complete stack trace? (I'm not familiar with
reading mod_backtracke output, and the mod_ssl.so lines lack function
names, so it's hard to tell if something went wrong when checking cert
names.)

Is it limited to SSLProxyCheckPeerName on, or does it also occur with
SSLProxyCheckPeerCN on? If the former is true, then it seems that
something in ssl_util_ssl.c:SSL_X509_match_name goes wrong (that's
basically the new code path for this option).

Kaspar

Mime
View raw message