Morning,
I've spent two days (and nights) going over mail lists, FAQ's, manuals,
code trying to solve a nasty little porblem with mod_ssl... The version
strings are Apache/1.3.12 (Unix) PHP/3.0.15 mod_ssl/2.6.2
OpenSSL/0.9.5a-beta1. I had to use OpenSSL/0.9.5a-beta1 in order to get
it to work on Solaris2.6 (lack of a /dev/urandom).
The <VirtualHost _default_:443> segment of the httpd.conf is the same as
the default with the following exceptions;
- ServerAdmin changed
- SSLCertificateChainFile has been uncommented
The only other modifications are port 80 VirtualHosts (which all work)
added to the bottom of the config. HTTP works fine, the problem is only
with HTTPS service.
In summary, NS4.7 gets in a loop (sending packets to the server) then I
get the "There was no response..." message. IE5 throws up the generic
connection failure dialogue, but doesn't get into a packet exchange
loop.
No messages of any kind show up in the logs, even with SSLLogLevel set
to debug when using browsers.
Debugging with s_client gets even more intresting (command used openssl
s_client -connect woof.unicity.com.au:443 -state -debug)...
| SSL handshake has read 2203 bytes and written 320 bytes
| ---
| New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
| Server public key is 1024 bit
| SSL-Session:
| Protocol : TLSv1
| Cipher : EDH-RSA-DES-CBC3-SHA
| Session-ID: |
9463556D63A740C4A6A81735F7F12E85675ABE87FA11F768EFB9486F7FB67AC6
| Session-ID-ctx:
| Master-Key: |
809B02680DBA169A2C91169152E0C46ACECF94C475B2538B340ACE2BEABB38C4170C3C83AE9859B4C54324B501DC5105
| Key-Arg : None
| Start Time: 953729207
| Timeout : 300 (sec)
| Verify return code: 0 (ok)
| ---
| GET / HTTP/1.0 ## User input!
| write to 08148EE0 [08154E10] (45 bytes => 45 (0x2D))
| 0000 - 17 03 01 00 28 2e ba 9b-2d d0 2a f5 9f 0f 90 a8
....(...-.*.....
| 0010 - 12 20 b4 7e 24 7c e2 56-5a e9 1e e7 ab a8 19 18 .
.~$|.VZ.......
| 0020 - f7 95 cc 5b 98 14 3b 69-83 5c 89 1b 86 ...[..;i.\...
The connection just hangs...
Now if I provide a bad method, I get an HTML error message!?
| SSL handshake has read 2203 bytes and written 320 bytes
| ---
| New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
| Server public key is 1024 bit
| SSL-Session:
| Protocol : TLSv1
| Cipher : EDH-RSA-DES-CBC3-SHA
| Session-ID: |
656AFD7A3239C785F1ADA553FD521938FF4F230AACAFC9EA2FE72377830B409A
| Session-ID-ctx:
| Master-Key: |
01054BE1259DECD5502AF84123684AD3B894A79BA634B7B0037353324ACB9914A1CCFB8B2EBE415B90BED8204B0DE28D
| Key-Arg : None
| Start Time: 953729352
| Timeout : 300 (sec)
| Verify return code: 0 (ok)
| ---
| Gdf /
| write to 08148EE0 [08154E10] (37 bytes => 37 (0x25))
| 0000 - 17 03 01 00 20 65 e9 8c-03 8a 27 77 ad 36 23 dd ....
e....'w.6#.
| 0010 - b2 0b e8 76 0b 19 97 0d-69 07 04 33 4e 38 41 47
...v....i..3N8AG
| 0020 - f7 83 cf b8 fb .....
| read from 08148EE0 [08150600] (5 bytes => 5 (0x5))
| 0000 - 17 03 01 01 58 ....X
| read from 08148EE0 [08150605] (344 bytes => 344 (0x158))
| 0000 - f0 55 f2 67 d6 6d 99 49-09 ea 43 f6 70 f7 bb 4d
.U.g.m.I..C.p..M
| 0010 - 95 f4 78 1c cb 9b cb 40-74 5b 73 76 de ed 88 6b
..x....@t[sv...k
| ...
| 0130 - 22 ea 99 23 ba 20 95 83-d6 dc 89 3e c0 5a 2e 0f "..#.
.....>.Z..
| 0140 - 6e 2b aa 3b 0d 68 3c a5-eb e7 24 25 95 4d 27 d8
n+.;.h<...$%.M'.
| 0150 - 5e cf 50 c1 b1 7f 60 c8- ^.P...`.
| <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
| <HTML><HEAD>
| <TITLE>501 Method Not Implemented</TITLE>
| </HEAD><BODY>
| <H1>Method Not Implemented</H1>
| Gdf to /index.html not supported.<P>
| Invalid method in request Gdf /<P>
| <HR>
| <ADDRESS>Apache/1.3.12 Server at woof.unicity.com.au Port
443</ADDRESS>
| </BODY></HTML>
| read from 08148EE0 [08150600] (5 bytes => 5 (0x5))
| 0000 - 15 03 01 00 18 .....
| read from 08148EE0 [08150605] (24 bytes => 24 (0x18))
| 0000 - b1 1d 12 ea 24 18 15 a7-e6 f9 13 67 e7 05 43 a0
....$......g..C.
| 0010 - a0 a5 fd 9d e7 e5 5d 26- ......]&
| SSL3 alert read:warning:close notify
| closed
| write to 08148EE0 [08154E10] (29 bytes => 29 (0x1D))
| 0000 - 15 03 01 00 18 59 0e 72-e9 6c 8a e0 b6 67 14 48
.....Y.r.l...g.H
| 0010 - 60 72 02 79 c9 b2 64 ff-62 0c f9 5a cb `r.y..d.b..Z.
| SSL3 alert write:warning:close notify
Both of the above openssl commands were logged;
| woof.unicity.com.au - - [22/Mar/2000:23:49:11 +1100] "GET / HTTP/1.0"
200 718
| woof.unicity.com.au - - [22/Mar/2000:23:49:20 +1100] "Gdf /" 501 -
As I can tell, no one has had this problem. I have kept the
configuration as close to the default as possible and it still gets me
nothing. Netscape fails in a send packet loop until it times out, IE5
fails almost immediately. Both clients log nothing to the apache logs.
OpenSSL s_client completes the hand-shake and session establishment, but
data is never returned against a valid request even though the log shows
a successful transfer of data (https and http both have the same
document root). On the other hand... a bad method will return data and
log the error.
Does anyone have ANY ideas?
--
Paul Miach
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
