Mailing List Archive: Cherokee: dev

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl

1 2 3 4

View All

Index | Next | Previous | View Threaded

codesite-noreply at google

Oct 6, 2009, 4:42 PM

Post #1 of 83 (3296 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl

Status: New
Owner: ----

New issue 594 by kallisti05: sec_error_bad_signature randomly starts after
a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

What steps will reproduce the problem?
1. run a ssl domain though cherokee
2. access ssl domain with chromium on linux
3. chrome will core dump eventually with ssl connections (related to cert?
this may be a problem on chrome's side)
4. Cherokee will give sec_error_bad_signature to any browser which accesses
SSL domain until cherokee is restarted. (tested on various platforms and
different locations)

What is the expected output? What do you see instead?
A 3rd party should never be able to bring down a ssl site remotely.

What version of the product are you using? On what operating system?
Cherokee 0.99.24, ubuntu 9.04 32-bit

Please provide any additional information below.
I have not yet reset the web server, feel free to access the ssl page here
and see the error:
https://ssl.unixzen.com

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

stefan at konink

Oct 7, 2009, 1:15 AM

Post #2 of 83 (3231 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

On Tue, 6 Oct 2009 codesite-noreply [at] google wrote:

> New issue 594 by kallisti05: sec_error_bad_signature randomly starts after
> a client mucks up ssl
> http://code.google.com/p/cherokee/issues/detail?id=594

Anyone already working on this one?

Stefan

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 3:22 AM

Post #3 of 83 (3234 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Updates:
Owner: ste...@konink.de
Labels: Type-Defect Priority-Critical Component-Logic Usability

Comment #1 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

I believe there is a problem if you say so. But how can I crash Chromium?
I'm running
4.0.22.5 (27967)

If you want to help out it might be a good thing to have a gdb session
available in
case we are unable to crash Chromium in the first place. If you say on the
other
hand... I will be able to crash any Cherokee server I can launch a
Cherokee+SSL
myself and let you crash it.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 3:26 AM

Post #4 of 83 (3231 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #2 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

The only errors I get from Chromium on the commandline are:

[30813:30836:104525399282:ERROR:/b/slave/chromium-rel-linux-64/build/src/net/base/x509_certificate_nss.cc(530)]
CERT_PKIXVerifyCert for ssl.unixzen.com failed err=-8179

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 5:52 AM

Post #5 of 83 (3229 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #3 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

here is what I get:

"
[6064:6064:1035505425810:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/chrome/browser/first_run_gtk.cc(21)]
Not implemented reached in static bool
FirstRun::ProcessMasterPreferences(const
FilePath&, const FilePath&, std::vector<std::basic_string<wchar_t,
std::char_traits<wchar_t>, std::allocator<wchar_t> >,
std::allocator<std::basic_string<wchar_t, std::char_traits<wchar_t>,
std::allocator<wchar_t> > > >*, int*, bool*)
[6064:6093:1035521152172:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/net/base/x509_certificate_nss.cc(530)]
CERT_PKIXVerifyCert for ssl.unixzen.com failed err=-8179
[6064:6091:1035523103478:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/net/base/x509_certificate_nss.cc(530)]
CERT_PKIXVerifyCert for ssl.unixzen.com failed err=-8179
[6064:6067:1035523591028:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/net/socket/ssl_client_socket_nss.cc(728)]
handshake failed; NSS error code -8182, net_error -207
Segmentation fault
"

This issue seems hard to reproduce, I know it has happened to me several
times in the
past... and I see another post refering to the same issue:
http://forums.digitalpoint.com/showthread.php?t=1436685

I think there's a situation which breaks cherokee SSL until it's restarted.
I am
working on getting more info on how to reproduce it. I unfortunately did
not have
logging enabled last time this happened. Logging for my ssl subdomain has
been enabled.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 6:02 AM

Post #6 of 83 (3232 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #4 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

If you have a way to kill my server I can do something for you ;) But now I
cannot
crash Chromium nor I can kill Cherokee. I know we have fixed another issue
in
Cherokee related to SSL but I think that is unrelated, and actually
returned a
segmentationfault.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Dec 19, 2009, 4:43 AM

Post #7 of 83 (3049 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Updates:
Labels: -Priority-Critical Priority-Low

Comment #5 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

We need a way to reproduce it... anyone that can. Please step up.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Dec 29, 2009, 10:40 PM

Post #8 of 83 (3014 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #6 on issue 594 by MellowCelloFellow: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

I've had this problem. I thought it was a Chromium problem so I commented
on this bug
in Chromium. http://code.google.com/p/chromium/issues/detail?id=24064#c8. I
still
think Chromium has its issues with this, but I can see there's something up
with
Cherokee too.

Here's the output from Chromium when it crashed loading
https://cellofellow.homelinux.net/citadel/.

$ chromium-browser
[4069:4098:126982189095:ERROR:net/base/x509_certificate_nss.cc(562)]
CERT_PKIXVerifyCert for cellofellow.homelinux.net failed err=-8172
[4069:4079:126987795621:ERROR:net/socket/ssl_client_socket_nss.cc(1037)]
handshake
failed; NSS error code -8182, net_error -207
Segmentation fault

It showed this after showing the obligatory warning about a self-signed SSL
certificate.

So, I dunno if this counts as "reproducing" the bug but here it is.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Dec 29, 2009, 11:04 PM

Post #9 of 83 (3015 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #7 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

I see a Chromium crash on the url you provide!

But when I take my own self signed stuff and i browse to my 127.0.0.1 I
don't see
anything. The only error I get:

[1033:1070:54733470252:ERROR:net/base/x509_certificate_nss.cc(558)]
CERT_PKIXVerifyCert for localhost failed err=-8172
[1033:1071:54737181168:ERROR:net/base/x509_certificate_nss.cc(558)]
CERT_PKIXVerifyCert for localhost failed err=-8172
[1033:1054:54737182788:ERROR:net/base/x509_certificate_nss.cc(558)]
CERT_PKIXVerifyCert for localhost failed err=-8172

Hostname seems not to be the issue.

Maybe it is your cert, maybe something else, from here I cannot ask anymore
than
'more info' please and/or your certs.

I have tested this with .23 and .38. Webserver works on my side as a charm.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Dec 30, 2009, 11:08 AM

Post #10 of 83 (3010 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #8 on issue 594 by MellowCelloFellow: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

I'm using Cherokee .38 on Karmic from the PPA. I've attached my .crt file,
hope it
helps.

Attachments:
cellofellow.crt 1.3 KB

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Dec 30, 2009, 11:45 AM

Post #11 of 83 (3018 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #9 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

Again works for me... no chrome crash.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Jan 23, 2010, 7:32 AM

Post #12 of 83 (2899 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #10 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

hmm, it happened again for me on cherokee 0.99.35. I attached strace to
the cherokee
worker thread hit refresh generating "sec_error_bad_signature" error and
pulled the
following trace.

strace -o cherokee-strace -vvFfp 6423

You can view the ssl error on the page here:
https://ssl.unixzen.com/mail

I will leave it up and not restart it for a few days.

Attachments:
strace.txt 28.3 KB

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Jan 23, 2010, 7:36 AM

Post #13 of 83 (2894 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #11 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

fyi... i am 99.54.163.51.

Also, the crt has been working for months aok, the error causes chrome
(linux) to
crash and causes firefox to throw "sec_error_bad_signature"

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Jan 23, 2010, 7:41 AM

Post #14 of 83 (2895 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #12 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

root [at] discor:~# openssl s_client -connect ssl.unixzen.com:443
CONNECTED(00000003)
depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class
1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/description=118473-cafEGt2WRrXv3kk0/C=US/O=Persona Not
Validated/OU=StartCom
Free Certificate
Member/CN=ssl.unixzen.com/emailAddress=postmaster [at] unixzen
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1
Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1
Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHwTCCBqmgAwIBAgIDAPdbMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMDkxMjIzMTc1ODMw
WhcNMTAxMjI0MDcxOTQzWjCBuzEgMB4GA1UEDRMXMTE4NDczLWNhZkVHdDJXUnJY
djNrazAxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0
ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMRgw
FgYDVQQDEw9zc2wudW5peHplbi5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0
ZXJAdW5peHplbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCi
fmlKFrJd2vEw8WLqsQKKS8K8VIuMe0xfDH9AWBY9GnW/xtF2F+Cmo7SGZM/Gyj4o
ZoIdsj1l6MCSw9aE9jkbUOH6WrmJ2XDV+rT2Gho8EXdEsJ9BtcVW7VBUZrSLvqmk
vVWouPVUxAnvSSJcYmIyCHRifRvXWF+rxAqpiA28le45g9NkelFq9bD/hPTGUNVL
2Uj2jovyK/TMq+kspFGWas1RXh9aIWXD8/AzdMeDgUBVYKGcdS19dCeMMv/ER6b6
BBHT0yQpzmKvRsoE7aU53D4hgocAX8CVQkW42+8ZXkTs8PzlmpAXHLpxKfxmJIqt
DqikY9TVI67+DrmPO+PPKtqyaSHnGxWyE6KudGKmwgUrBrNQyKNyeGqUZWeAIuj1
mCfo2ZnXgUNGaiAqIRI02SH6UxuydGxi2Gf2B96/L90PjAHTaczSoWvbsvKq3wno
rglLGx+cB/65C+hg/zl0rjy+U9w6GYdQpb9iuK3Rz0ALJKfLSyW3w+2/sXSpBWBr
7CAUXtZ1rpeZFaYM6H/RvyomxHEwfJkLaEYFk4Xa1Xdb8I8lOjoLkJG+ApywVuvk
8zWZCrnn82qXOHHgiI+RdHBbhBzthfomJk3Jp6HVUwNhF7icDTmufyPWWmo65zYv
gEwPAkRffH00jjnCkhu68QISVyLSaRxnR08hqze4jwIDAQABo4IC+TCCAvUwCQYD
VR0TBAIwADALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0O
BBYEFIv1gyq+A1e059TW/pErPtwrXPSAMB8GA1UdIwQYMBaAFOtCNNCYsKuf9Btr
CPfMZC7vDixFMCcGA1UdEQQgMB6CD3NzbC51bml4emVuLmNvbYILdW5peHplbi5j
b20wggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEF
BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEF
BQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCB
twYIKwYBBQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBM
aWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhl
IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFi
bGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBhBgNVHR8E
WjBYMCqgKKAmhiRodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnQxLWNybC5jcmww
KqAooCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYI
KwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wu
Y29tL3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYD
VR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUA
A4IBAQCo5JZyIfjJ0gyMkLkZAYAhqdlbhsDqBz3p0iPQsDCjRXGldlM8SMQ5w8l0
1vI8nc5zn8yi+adyUb87+IkJlh411Rxk+cRyv6W9aqCYxxr3iwX2ydVnj19FXb9d
yvNoA1AamesSohxdYP/+CEZ2DodepMtwPhOdEG6lrKowqg0OLJssDSG9nOPzj8/2
XiMrklY1bnkpL3UvumiBo8CtJokdyqWu1tdcChxHBwE3fThB9pBLR8/jeTpY+k9o
SIljxXNsWAhtx0AJ8pTMKrPyZJOc48KFSGO5Fzfgln84rBRutb+Ldbp8g7R4ybSN
8lbp3VPK2UO4zMZguPfgBBY9jIoe
-----END CERTIFICATE-----
subject=/description=118473-cafEGt2WRrXv3kk0/C=US/O=Persona Not
Validated/OU=StartCom
Free Certificate
Member/CN=ssl.unixzen.com/emailAddress=postmaster [at] unixzen
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class
1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4958 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
20FC2785682F696A26BFA3DD1A68C7314C3FE48C421529764D7EEA2C55E9A9E1
Session-ID-ctx:
Master-Key:
C5FEF6698870F39EA61F71EE07D654FA75C32F358FD6A3BF2470AB934E01546C4825923258A42C2E614A28C46C8FA982
Key-Arg : None
Start Time: 1264260957
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---

read:errno=0

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Jan 24, 2010, 10:03 AM

Post #15 of 83 (2857 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #13 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

eh.. i finally had to restart ssl.unixzen.com, i had work to do.

After a restart of cherokee the error above goes away..

here is the openssl output once it was working again..

# openssl s_client -connect ssl.unixzen.com:443
CONNECTED(00000003)
depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class
1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/description=118473-cafEGt2WRrXv3kk0/C=US/O=Persona Not
Validated/OU=StartCom
Free Certificate
Member/CN=ssl.unixzen.com/emailAddress=postmaster [at] unixzen
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1
Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1
Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHwTCCBqmgAwIBAgIDAPdbMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMDkxMjIzMTc1ODMw
WhcNMTAxMjI0MDcxOTQzWjCBuzEgMB4GA1UEDRMXMTE4NDczLWNhZkVHdDJXUnJY
djNrazAxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0
ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMRgw
FgYDVQQDEw9zc2wudW5peHplbi5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0
ZXJAdW5peHplbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCi
fmlKFrJd2vEw8WLqsQKKS8K8VIuMe0xfDH9AWBY9GnW/xtF2F+Cmo7SGZM/Gyj4o
ZoIdsj1l6MCSw9aE9jkbUOH6WrmJ2XDV+rT2Gho8EXdEsJ9BtcVW7VBUZrSLvqmk
vVWouPVUxAnvSSJcYmIyCHRifRvXWF+rxAqpiA28le45g9NkelFq9bD/hPTGUNVL
2Uj2jovyK/TMq+kspFGWas1RXh9aIWXD8/AzdMeDgUBVYKGcdS19dCeMMv/ER6b6
BBHT0yQpzmKvRsoE7aU53D4hgocAX8CVQkW42+8ZXkTs8PzlmpAXHLpxKfxmJIqt
DqikY9TVI67+DrmPO+PPKtqyaSHnGxWyE6KudGKmwgUrBrNQyKNyeGqUZWeAIuj1
mCfo2ZnXgUNGaiAqIRI02SH6UxuydGxi2Gf2B96/L90PjAHTaczSoWvbsvKq3wno
rglLGx+cB/65C+hg/zl0rjy+U9w6GYdQpb9iuK3Rz0ALJKfLSyW3w+2/sXSpBWBr
7CAUXtZ1rpeZFaYM6H/RvyomxHEwfJkLaEYFk4Xa1Xdb8I8lOjoLkJG+ApywVuvk
8zWZCrnn82qXOHHgiI+RdHBbhBzthfomJk3Jp6HVUwNhF7icDTmufyPWWmo65zYv
gEwPAkRffH00jjnCkhu68QISVyLSaRxnR08hqze4jwIDAQABo4IC+TCCAvUwCQYD
VR0TBAIwADALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0O
BBYEFIv1gyq+A1e059TW/pErPtwrXPSAMB8GA1UdIwQYMBaAFOtCNNCYsKuf9Btr
CPfMZC7vDixFMCcGA1UdEQQgMB6CD3NzbC51bml4emVuLmNvbYILdW5peHplbi5j
b20wggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEF
BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEF
BQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCB
twYIKwYBBQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBM
aWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhl
IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFi
bGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBhBgNVHR8E
WjBYMCqgKKAmhiRodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnQxLWNybC5jcmww
KqAooCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYI
KwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wu
Y29tL3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYD
VR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUA
A4IBAQCo5JZyIfjJ0gyMkLkZAYAhqdlbhsDqBz3p0iPQsDCjRXGldlM8SMQ5w8l0
1vI8nc5zn8yi+adyUb87+IkJlh411Rxk+cRyv6W9aqCYxxr3iwX2ydVnj19FXb9d
yvNoA1AamesSohxdYP/+CEZ2DodepMtwPhOdEG6lrKowqg0OLJssDSG9nOPzj8/2
XiMrklY1bnkpL3UvumiBo8CtJokdyqWu1tdcChxHBwE3fThB9pBLR8/jeTpY+k9o
SIljxXNsWAhtx0AJ8pTMKrPyZJOc48KFSGO5Fzfgln84rBRutb+Ldbp8g7R4ybSN
8lbp3VPK2UO4zMZguPfgBBY9jIoe
-----END CERTIFICATE-----
subject=/description=118473-cafEGt2WRrXv3kk0/C=US/O=Persona Not
Validated/OU=StartCom
Free Certificate
Member/CN=ssl.unixzen.com/emailAddress=postmaster [at] unixzen
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class
1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4958 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
D0C18E18BD63721B5139E6AE0D1F01B43B248C28431EFDC9B144544E24692054
Session-ID-ctx:
Master-Key:
7A75880D581F1E7D5488C244D1E4023C6DA96F025DA249A42E6960CA1DD8E7FAD2AAECCA8F15CA4F68A5DFD634036321
Key-Arg : None
Start Time: 1264356127
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Feb 5, 2010, 1:18 PM

Post #16 of 83 (2808 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #14 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

upgraded to 99.42 yesterday and started receiving this again this
afternoon. Really
annoying it is having to restart the web server every few days.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Feb 5, 2010, 1:22 PM

Post #17 of 83 (2807 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #16 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

here is the openssl command run from a remote server to the broken ssl
webpage...

$ openssl s_client -connect ssl.unixzen.com:443
CONNECTED(00000003)
depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class
1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/description=118473-cafEGt2WRrXv3kk0/C=US/O=Persona Not
Validated/OU=StartCom
Free Certificate
Member/CN=ssl.unixzen.com/emailAddress=postmaster [at] unixzen
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1
Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1
Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHwTCCBqmgAwIBAgIDAPdbMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMDkxMjIzMTc1ODMw
WhcNMTAxMjI0MDcxOTQzWjCBuzEgMB4GA1UEDRMXMTE4NDczLWNhZkVHdDJXUnJY
djNrazAxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0
ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMRgw
FgYDVQQDEw9zc2wudW5peHplbi5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0
ZXJAdW5peHplbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCi
fmlKFrJd2vEw8WLqsQKKS8K8VIuMe0xfDH9AWBY9GnW/xtF2F+Cmo7SGZM/Gyj4o
ZoIdsj1l6MCSw9aE9jkbUOH6WrmJ2XDV+rT2Gho8EXdEsJ9BtcVW7VBUZrSLvqmk
vVWouPVUxAnvSSJcYmIyCHRifRvXWF+rxAqpiA28le45g9NkelFq9bD/hPTGUNVL
2Uj2jovyK/TMq+kspFGWas1RXh9aIWXD8/AzdMeDgUBVYKGcdS19dCeMMv/ER6b6
BBHT0yQpzmKvRsoE7aU53D4hgocAX8CVQkW42+8ZXkTs8PzlmpAXHLpxKfxmJIqt
DqikY9TVI67+DrmPO+PPKtqyaSHnGxWyE6KudGKmwgUrBrNQyKNyeGqUZWeAIuj1
mCfo2ZnXgUNGaiAqIRI02SH6UxuydGxi2Gf2B96/L90PjAHTaczSoWvbsvKq3wno
rglLGx+cB/65C+hg/zl0rjy+U9w6GYdQpb9iuK3Rz0ALJKfLSyW3w+2/sXSpBWBr
7CAUXtZ1rpeZFaYM6H/RvyomxHEwfJkLaEYFk4Xa1Xdb8I8lOjoLkJG+ApywVuvk
8zWZCrnn82qXOHHgiI+RdHBbhBzthfomJk3Jp6HVUwNhF7icDTmufyPWWmo65zYv
gEwPAkRffH00jjnCkhu68QISVyLSaRxnR08hqze4jwIDAQABo4IC+TCCAvUwCQYD
VR0TBAIwADALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0O
BBYEFIv1gyq+A1e059TW/pErPtwrXPSAMB8GA1UdIwQYMBaAFOtCNNCYsKuf9Btr
CPfMZC7vDixFMCcGA1UdEQQgMB6CD3NzbC51bml4emVuLmNvbYILdW5peHplbi5j
b20wggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEF
BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEF
BQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCB
twYIKwYBBQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBM
aWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhl
IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFi
bGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBhBgNVHR8E
WjBYMCqgKKAmhiRodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnQxLWNybC5jcmww
KqAooCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYI
KwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wu
Y29tL3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYD
VR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUA
A4IBAQCo5JZyIfjJ0gyMkLkZAYAhqdlbhsDqBz3p0iPQsDCjRXGldlM8SMQ5w8l0
1vI8nc5zn8yi+adyUb87+IkJlh411Rxk+cRyv6W9aqCYxxr3iwX2ydVnj19FXb9d
yvNoA1AamesSohxdYP/+CEZ2DodepMtwPhOdEG6lrKowqg0OLJssDSG9nOPzj8/2
XiMrklY1bnkpL3UvumiBo8CtJokdyqWu1tdcChxHBwE3fThB9pBLR8/jeTpY+k9o
SIljxXNsWAhtx0AJ8pTMKrPyZJOc48KFSGO5Fzfgln84rBRutb+Ldbp8g7R4ybSN
8lbp3VPK2UO4zMZguPfgBBY9jIoe
-----END CERTIFICATE-----
subject=/description=118473-cafEGt2WRrXv3kk0/C=US/O=Persona Not
Validated/OU=StartCom
Free Certificate
Member/CN=ssl.unixzen.com/emailAddress=postmaster [at] unixzen
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class
1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4958 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
8022C39DF19CE1729173C1A748A347EADEFCCD9B5AE04B6F5E8D1357950197BA
Session-ID-ctx:
Master-Key:
E7FFC9923057E1F7F8196E06A8C8C12488349F0419EBFA6088A2888BF130445C8FE9BB39FAE2F26F8DCF563CB0A4D07F
Key-Arg : None
Start Time: 1265404753
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
closed

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Feb 5, 2010, 1:26 PM

Post #18 of 83 (2806 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #15 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

What is the version of your openssl?

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Feb 5, 2010, 1:30 PM

Post #19 of 83 (2809 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #17 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

this really does not seem to be related to chrome after all, i haven't
connected to
the ssl webpage since restarting the webserver yesterday using chrome.

ssl.unixzen.com is broken now if anyone wants to take a look... I'll leave
it broken
for as long as possible.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Feb 6, 2010, 1:35 AM

Post #20 of 83 (2795 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #18 on issue 594 by skarcha: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

@kallisti05: Just to clarify... Does it work for a few days and then crash?
With all
versions you tried or are there any version that works fine?

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Feb 9, 2010, 2:16 PM

Post #21 of 83 (2767 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #19 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

seems like i've had the problem consistently with all different versions of
cherokee.
The timeframe to issue start is always different and seems to not be
dependent on
certificate (i've seen it with godaddy certs and self-signed certs.

here is my ssl version:

# openssl version
OpenSSL 0.9.8g 19 Oct 2007

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Feb 9, 2010, 2:20 PM

Post #22 of 83 (2781 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #20 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

Update that openssl version...

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Feb 9, 2010, 10:48 PM

Post #23 of 83 (2760 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #21 on issue 594 by alobbs: sec_error_bad_signature randomly starts
after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

Stefan, are you certain the OpenSSL version is the source of the
problem? :-?

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Feb 10, 2010, 3:12 AM

Post #24 of 83 (2759 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #22 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

Actually we have had some oddness with another old version...

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Feb 15, 2010, 7:50 AM

Post #25 of 83 (2699 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #23 on issue 594 by davisd.davisd: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

I've got this same problem. Restarting the webserver corrects it
temporarily.
Ubuntu 9.10 with all updates. Running cherokee, updated from launchpad PPA
(Currently 0.99.42). Openssl 0.9.8g. Openssl 0.9.8g is the ubuntu karmic
supported
ver. Are we sure it's the problem? I'd hate to step outside the "current
supported"
box on such an important package.

Why would the web server work for a period (2-3 days) before requiring a
restart?

I have this issue on 3 servers (physical servers)

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

1 2 3 4

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads