httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Apache fails to start, without explanation, when certain SSL-related directives are misconfigured
Date Wed, 22 Aug 2012 13:36:30 GMT
On Wed, Aug 22, 2012 at 9:24 AM, Ben Johnson <ben@indietorrent.org> wrote:
>
>
> On 8/22/2012 8:56 AM, Eric Covener wrote:
>>> Dovecot dropped its TLS capabilities, but it still started
>>> the server and bound to the non-secure port.
>>
>> I'd personally prefer the server fail startup rather than operate w/o SSL.
>
> While that may be, this preference should not be assumed. Even if the
> current behavior (failing to start under said circumstances) is made the
> default, I would prefer this to be a configurable behavior.

I'd suggest opening a bug/bugs if there's not already one.  mod_ssl
doesn't load keys during config test.

>
> My post's primary purpose was to underscore the fact that Apache fails
> *silently* under the key/cert mismatch scenario.
>
> Perhaps with a sufficiently high log-level this error would be revealed.
> But even if that is so, such a critical failure should be logged
> regardless of the setting.

I get this in 2.2:

[Wed Aug 22 09:32:44 2012] [error] Unable to configure RSA server private key
[Wed Aug 22 09:32:44 2012] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch

In 2.4 it's even higher severity (emerg) and has a few more messages.
But maybe your scenario is different.

What was your LogLevel?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message