Bug#602957: apache2: Error when using mod_proxy from SSL virtual host to HTTP
Package: libapache2-mod-gnutls Followup-For: Bug #602957 Hi, I'm reopening this bug as I suffer from exactly the same thing. The patch in the bug report seems to be applied to the sources (when looking at them), however I got the same problem. My system has a SSL (gnutls) apache virtualhost with the following configuration: ProxyPass / http://internal.server/path ProxyPassReverse / http://internal.server/path In my error log, on the proxy server, I get: [Mon Jul 09 23:11:54 2012] [error] [client 10.77.0.3] GnuTLS: Handshake Failed. Hit Maximum Attempts [Mon Jul 09 23:11:54 2012] [error] [client 10.77.0.3] (70014)End of file found: proxy: error reading status line from remote server internal.server:80 [Mon Jul 09 23:11:54 2012] [error] [client 10.77.0.3] proxy: Error reading from remote server returned by / In the access log of internal.server, I get: 10.77.16.2 - - [09/Jul/2012:23:12:03 +0200] - 408 0 - - Just switching to mod_ssl instead of mod_gnutls make all things working. In the access log of internal.server, I now get: 10.77.16.2 - - [09/Jul/2012:23:21:19 +0200] GET /path/index.php HTTP/1.1 200 3696 - Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20100101 Firefox/10.0.4 Iceweasel/10.0.4 So, it seems that 0.5.10 version of libapache2-mod-gnutls does not really fix this bug. Regards, Vincent -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libapache2-mod-gnutls depends on: ii libapr-memcache0 0.7.0-1 ii libc6 2.13-33 ii libgnutls26 2.12.20-1 libapache2-mod-gnutls recommends no packages. libapache2-mod-gnutls suggests no packages. -- no debconf information -- Vincent Danjean GPG key ID 0x9D025E87 vdanj...@debian.org GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87 Unofficial pkgs: http://moais.imag.fr/membres/vincent.danjean/deb.html APT repo: deb http://people.debian.org/~vdanjean/debian unstable main -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602957: apache2: Error when using mod_proxy from SSL virtual host to HTTP
reassign 602957 libapache2-mod-gnutls thanks On Tuesday 09 November 2010, Petr Vyhnal wrote: I have SSL virtual host using mod_gnutls and there is configured proxy connection using mod_proxy mod_proxy_http to HTTP site. Configuration worked fine on Lenny with patched mod_gnutls. Now after upgrade to Squeeze there is again problem with mod_proxy HTTPS-HTTP connections. As per logs it seems apache tries to establish SSL/TLS connection to HTTP proxied site - see errors below. This is probably a problem in mod_gnutls. Maybe it does not take care to remove itself from the mod_proxy backend connection. However, if you have patched it, you may be out of luck. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602957: apache2: Error when using mod_proxy from SSL virtual host to HTTP
On Wednesday 10 November 2010, you wrote: On Tuesday 09 November 2010, Petr Vyhnal wrote: I have SSL virtual host using mod_gnutls and there is configured proxy connection using mod_proxy mod_proxy_http to HTTP site. Configuration worked fine on Lenny with patched mod_gnutls. Now after upgrade to Squeeze there is again problem with mod_proxy HTTPS-HTTP connections. As per logs it seems apache tries to establish SSL/TLS connection to HTTP proxied site - see errors below. This is probably a problem in mod_gnutls. Maybe it does not take care to remove itself from the mod_proxy backend connection. However, if you have patched it, you may be out of luck. Thanks for your comments. The patch I mentioned previously was for mod_gnutls in Lenny (I believe 0.5.1) where was the same or at least similar issue. Nevertheless this patch is already part of current upstream version of mod_gnutls in Squeeze. I tried to package latest mod_gnutls from official site, but with no effect. Also tried apache2.2.17, but got the same results. Currently I'm not able to say if it's apache2 or mod_gnutls issue. I am CC:ing the bug report so that the mod_gnutls maintainer gets the info, too. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602957: apache2: Error when using mod_proxy from SSL virtual host to HTTP
Package: apache2.2-common Version: 2.2.16-3 Severity: normal I have SSL virtual host using mod_gnutls and there is configured proxy connection using mod_proxy mod_proxy_http to HTTP site. Configuration worked fine on Lenny with patched mod_gnutls. Now after upgrade to Squeeze there is again problem with mod_proxy HTTPS-HTTP connections. As per logs it seems apache tries to establish SSL/TLS connection to HTTP proxied site - see errors below. [Tue Nov 09 19:15:18 2010] [error] [client 127.0.0.1] GnuTLS: Handshake Failed. Hit Maximum Attempts [Tue Nov 09 19:15:18 2010] [error] (103)Software caused connection abort: proxy: pass request body failed to 127.0.0.1:9091 (127.0.0.1) [Tue Nov 09 19:15:18 2010] [error] proxy: pass request body failed to 127.0.0.1:9091 (127.0.0.1) from x.x.x.x () Proxy configuration in virtualhost: ProxyRequests Off Proxy * Order Allow,Deny Allow from all /Proxy ProxyPass /transmission http://127.0.0.1:9091/transmission ProxyPassReverse /transmission http://127.0.0.1:9091/transmission -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic auth_digest authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dav_fs dav deflate dir env gnutls mime negotiation php5 proxy_http proxy reqtimeout rewrite scgi setenvif status List of enabled php5 extensions: curl fileinfo gd imagick imap mcrypt mysql mysqli pdo pdo_mysql pdo_sqlite sqlite sqlite3 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.2.16-3 Apache HTTP Server - traditional n ii apache2.2-common 2.2.16-3 Apache HTTP Server common files apache2 recommends no packages. apache2 suggests no packages. Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.16-3 utility programs for webservers ii apache2.2-bin 2.2.16-3 Apache HTTP Server common binary f ii libmagic1 5.04-5 File type determination library us ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii mime-support 3.48-1 MIME files 'mime.types' 'mailcap ii perl 5.10.1-15 Larry Wall's Practical Extraction ii procps1:3.2.8-9 /proc file system utilities -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org