Hello,
we want to setup a reverse proxy (http in, https to the backend IBM HTTP Server) with client authentication to the backend. On Linux and WinNT 4 SP5 (with Apache 2.044 and OpenSSL 0.97) we are both getting segmentation faults or exits (see below). We checked the communication through openssl directly and it worked. Anyone any hint, we are getting desperate? Thanks! Our configuration: <virtualhost _default_:443> SSLProxyEngine on ProxyRequests On ProxyVia On SSLProxyMachineCertificateFile d:\apache\client_cert.pem SSLProxyVerify optional_no_ca SSLProxyVerifyDepth 10 SSLProxyCipherSuite ALL ProxyPass /myapp https://backendserver/app ProxyPassReverse /myapp/ https://backendserver/app/ ... Apache error_log from WinNT: [Mon Mar 24 11:02:59 2003] [info] Server: Apache/2.0.44, Interface: mod_ssl/2.0.44, Library: OpenSSL/0.9.7a ... [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1236): Certificate Verification: Verifiable Issuer is configured as optional, therefore we're accepting the certificate [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1198): Certificate Verification: depth: 0, subject: /C=DE/ST=NRW/L=Duesseldorf/O=Westdeutsche Landesbank-Girozentrale-Duesseldorf/Muenster/OU=WestLB Systems GmbH/OU=Terms of use at www.verisign.com/rpa (c)00/CN=wpdirect.westlb.sko.de, issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1236): Certificate Verification: Verifiable Issuer is configured as optional, therefore we're accepting the certificate [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: SSLv3 read server certificate A [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: SSLv3 read server certificate request A [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: SSLv3 read server done A [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1532): Proxy client certificate callback: (localhost:443) entered [Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1504): Proxy client certificate callback: (localhost:443) found acceptable cert, sending /C=DE/ST=NRW/L=Duesseldorf/O=WPS Bank AG/CN=MYCLIENT [Mon Mar 24 11:24:51 2003] [notice] Parent: child process exited with status 3221225477 -- Restarting. Mit freundlichen Grüßen -- Steffen Fischer, I/T Architect IBM Deutschland GmbH, Karl-Arnold-Platz 1a, D-40474 Duesseldorf Tel: +49 (0) 211 476-2986 Fax: -2391 Mobile: +49 (0) 175 433 1187 email: [EMAIL PROTECTED] project email: [EMAIL PROTECTED] project phone: +49 (0) 211 826 - 74276 Diese Nachricht ist vertraulich. Sie ist ausschliesslich fuer den im Adressfeld ausgewiesenen Adressaten bestimmt. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir um eine kurze Nachricht. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Da wir nicht die Echtheit oder Vollstaendigkeit der in dieser Nachricht enthaltenen Informationen garantieren koennen, schliessen wir die rechtliche Verbindlichkeit der vorstehenden Erklaerungen und Aeusserungen aus. Wir verweisen in diesem Zusammenhang auch auf die fuer die Bank geltenden Regelungen ueber die Verbindlichkeit von Willenserklaerungen mit verpflichtendem Inhalt, die in den bankueblichen Unterschriftenverzeichnissen bekannt gemacht werden. This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. In connection therewith, we also refer to the governing regulations of WestLB concerning signatory authority published in the standard bank signature lists with regard to the legally binding effect of statements made with the intent to obligate WestLB. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
