flo.sch at gmx
Feb 23, 2010, 6:45 AM
Post #3 of 3
(406 views)
Permalink
|
|
RE: Seg-fault when using SSLProxyMachineCertificateFile
[In reply to]
|
|
That's a good idea. Did not had in mind that option. I'll do that these
days.
I was afraid of having made a stupid error (maybe with the cert), so I
posted here first.
Thanks for the quick reply:
Florian
Am Dienstag, den 23.02.2010, 15:35 +0100 schrieb "Plüm, Rüdiger,
VF-Group":
> Please open a bugzilla report and provide a gdb backtrace (works best
> when httpd is compiled with -g -O2) for further analysis
> (http://httpd.apache.org/dev/debugging.html).
>
> Regards
>
> Rüdiger
>
> > -----Original Message-----
> > From: Florian S.
> > Sent: Dienstag, 23. Februar 2010 15:15
> > To: dev [at] httpd
> > Subject: Seg-fault when using SSLProxyMachineCertificateFile
> >
> > Hi all,
> >
> > I'm running an Apache/2.2.14(Unix) + mod_ssl/2.2.14 + mpm_worker as
> > reverse proxy. Everything with SSL worked fine so far (including
> > verifying clientcerts). Now, I wanted Apache to use some certs when
> > talking to the backends.
> >
> > My SSLProxyMachineCertificateFile contains the following:
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Signature Algorithm: md5WithRSAEncryption
> > Issuer: C=lk, ST=lkj, L=lkj, O=lkj, OU=lkj, CN=ca
> > asd/emailAddress=lkj@$
> > Validity
> > Not Before: Feb 16 16:00:00 2010 GMT
> > Not After : Feb 16 16:00:00 2011 GMT
> > Subject: C=lk, ST=lkj, O=lkj, OU=lkj, CN=cert 2
> > ccert/emailAddress=lkj@$
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (1024 bit)
> > Modulus (1024 bit):
> > 00:d5:83:0f:03:5e:a9:b6:08:16:2e:c2:7d:1e:b7:
> > ...
> > 28:b2:55:e3:df:64:ed:8e:0b
> > Exponent: 65537 (0x10001)
> > X509v3 extensions:
> > ...other stuff
> > Signature Algorithm: md5WithRSAEncryption
> > 74:e8:8d:3f:57:0a:33:94:37:7b:bc:31:b9:81:71:5c...
> > -----BEGIN CERTIFICATE-----
> > TLSdtQnWynaZERayZO2BOXmAvd/m8xIkqM3ffmiLJbIwGu5vNBu3AvhQv2CJM...
> > -----END CERTIFICATE-----
> > -----BEGIN RSA PRIVATE KEY-----
> > MIICXAIBAAKBgQDVgw8DXqm2CBYuwn0et9N5rO8uwSDPdiaFMSJisyxcW0S9+...
> > -----END RSA PRIVATE KEY-----
> >
> > There is nothing strange to see in the debuglog. There is even:
> > [debug] ssl_engine_init.c(965): loaded 1 client certs for SSL proxy
> >
> > Now, running:
> > strace /apache/bin/httpd -k restart -DDEBUG -DONE_PROCESS -DNO_DETACH
> > gives:
> >
> > ...
> > open("/var/run/openssl/clientcerts.pem", O_RDONLY|O_LARGEFILE) = 7
> > fstat64(7, {st_mode=S_IFREG|0644, st_size=4455, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> > 0) = 0xb7159000
> > read(7, "\nCertificate:\n Data:\n "..., 4096) = 4096
> > read(7, "2/vhohhuk5fYKSNwXMYw+n2\nMXe2ubUo"..., 4096) = 359
> > read(7, "", 4096) = 0
> > close(7) = 0
> > munmap(0xb7159000, 4096) = 0
> >
> > ^ this part four times the same. And then:
> >
> > gettimeofday({1266931804, 383328}, NULL) = 0
> > write(2, "[Tue Feb 23 13:30:04 2010] [.noti"..., 108) = 108
> > gettimeofday({1266931804, 383549}, NULL) = 0
> > write(2, "[Tue Feb 23 13:30:04 2010] [noti"..., 137) = 137
> > time(NULL) = 1266931804
> > --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> > +++ killed by SIGSEGV +++
> > Process 13391 detached
> >
> > ^ The last two entries written to logfile
> >
> > Read about segfault for missing a private key, but it is present..
> > Can't see anything strange.. Any ideas? Reasons? Further investigation
> > tips?
> > Or would this issue fit better on the user-list?
> >
> > Best regards:
> > Florian Schröder
> >
> >
|
