httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject http://httpd.apache.org/ mini-advisory needed on 2.4.9 breakage IMO...
Date Fri, 11 Apr 2014 12:27:22 GMT
Is it just this and the SSLPassPhraseDialog exec command-line parameter
change?  I dunno.



---------- Forwarded message ----------
From: Jesse Defer <Jesse.Defer@asu.edu>
Date: Thu, Apr 10, 2014 at 4:34 PM
Subject: [users@httpd] 2.4.9 expecting DH PARAMETERS
To: "users@httpd.apache.org" <users@httpd.apache.org>


When upgrading from 2.4.7 to 2.4.9 we found that the server complained
about missing DH PARAMETERS in our certificate and would not start.  Adding
dhparams to it fixed it.  After some troubleshooting we found that only
systems that did not have SSLCertificateChainFile directives with the
intermediate certificate exhibited this problem.  Combining the server and
intermediate certificates into the SSLCertificateFile also required adding
dhparams.

Errors:

[Thu Apr 10 13:03:32.999467 2014] [ssl:emerg] [pid 27709] AH02562: Failed
to configure certificate xxx:443:0 (with chain), check
/usr/local/apache2/conf/xxx.crt
[Thu Apr 10 13:03:32.999486 2014] [ssl:emerg] [pid 27709] SSL Library
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting:
DH PARAMETERS) -- Bad file contents or format - or even just a forgotten
SSLCertificateKeyFile?
AH00016: Configuration Failed

OS is RHEL5, using distro provided openssl (0.9.8e).

Is this a bug or am I doing something wrong?

Thanks,
Jesse DeFer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

Mime
View raw message