https://issues.apache.org/bugzilla/show_bug.cgi?id=57334
--- Comment #1 from [email protected] --- To reproduce the segmentation fault the following configuration prerequisites must be met: - SNI setup: Two VH on the same IP - SSLVerifyClient require or optional and OptRenegotiate set on the *second* virtual host - SSLInsecureRenegotiation on Minimal httpd.conf: =================== ServerRoot /opt/airlock/ext-apache PidFile /var/run/airlock-ext-apache/httpd.pid CoreDumpDirectory /var/airlock/core/airlock-ext-apache User extwww Group extwww LoadModule ssl_module bin/mod_ssl.so Listen 10.0.0.10 SSLCertificateFile conf/ssl.crt/server.crt SSLCertificateKeyFile conf/ssl.key/server.key ErrorDocument 403 /error_path/403.html SSLInsecureRenegotiation on <Location /error_path> </Location> <VirtualHost 10.0.0.10:443> ServerName serverA SSLEngine on </VirtualHost> <VirtualHost 10.0.0.10:443> ServerName serverB SSLEngine on SSLVerifyClient require SSLOptions +OptRenegotiate </VirtualHost> =================== Now every request with a client certificate and without the TLS SNI extension set (like with IE7/XP) in the ClientHello message will cause the segmentation fault. This can be reproduced with openssl s_client without the "-servername" Option: openssl s_client -connect serverB:443 -cert clientCert.pem -key clientKey.pem -tls1 -crlf GDB backtrace and additional infos: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe37eb700 (LWP 13480)] 0x00007ffff00000b8 in ?? () (gdb) bt #0 0x00007ffff00000b8 in ?? () #1 0x00007ffff615746b in SSL_renegotiate (s=0x7ffff0038e10) at ssl_lib.c:1032 #2 0x00007ffff63a5add in ssl_hook_Access (r=0x7ffff003e7a0) at ssl_engine_kernel.c:801 #3 0x00007ffff7fa1897 in ap_run_access_checker (r=0x7ffff003e7a0) at request.c:87 #4 0x00007ffff7fa28a8 in ap_process_request_internal (r=0x7ffff003e7a0) at request.c:229 #5 0x00007ffff7fd7c13 in ap_internal_redirect (new_uri=0x7ffff8273f98 "/error_path/403.html", r=0x7ffff003cde0) at http_request.c:642 #6 0x00007ffff7fd6162 in ap_die (type=403, r=0x7ffff003cde0) at http_request.c:202 #7 0x00007ffff7fd6b9a in ap_process_async_request (r=0x7ffff003cde0) at http_request.c:350 #8 0x00007ffff7fd6bd1 in ap_process_request (r=0x7ffff003cde0) at http_request.c:363 #9 0x00007ffff7fd26e3 in ap_process_http_sync_connection (c=0x7fffdc000c48) at http_core.c:190 #10 0x00007ffff7fd280d in ap_process_http_connection (c=0x7fffdc000c48) at http_core.c:231 #11 0x00007ffff7fbe5df in ap_run_process_connection (c=0x7fffdc000c48) at connection.c:41 #12 0x00007ffff7fbeb0a in ap_process_connection (c=0x7fffdc000c48, csd=0x7fffdc000a30) at connection.c:203 #13 0x00007ffff5ad1b5d in process_socket (thd=0x7ffff8241e70, dummy=Unhandled dwarf expression opcode 0xf3 (gdb) frame 1 #1 0x00007ffff615746b in SSL_renegotiate (s=0x7fffdc0028d0) at ssl_lib.c:1032 1032 return(s->method->ssl_renegotiate(s)); (gdb) print s->method->ssl_renegotiate $1 = (int (*)(SSL *)) 0x7fffdc0000b8 (gdb) disassemble 0x7fffdc0000b8 No function contains specified address. Thanks for your help Reto -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
