Re: [us...@httpd] Ssl front end proxy and Segmentation fault (11)
On Wed, Sep 08, 2010 at 12:01:56AM -0400, Jason Pyeron wrote: -Original Message- From: Jason Pyeron [mailto:jpye...@pdinc.us] Sent: Tuesday, September 07, 2010 22:03 To: users@httpd.apache.org Subject: [us...@httpd] Ssl front end proxy and Segmentation fault (11) I am trying to reverse proxy client certs, here is the config snipit: Fyi: the version is httpd-2.0.52-41.ent.7.centos4 For 2.0.x I would suspect: https://issues.apache.org/bugzilla/show_bug.cgi?id=24030 I'd move to use of SSLProxyMachineCertificateFile and make sure the configured file has a single cert and private key in that order. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Ssl front end proxy and Segmentation fault (11)
On Tue, Sep 7, 2010 at 10:03 PM, Jason Pyeron jpye...@pdinc.us wrote: I am trying to reverse proxy client certs, here is the config snipit: RequestHeader set Front-End-Https On CacheDisable * SSLProxyEngine On ProxyPass /test https://192.168.10.193/test ProxyPassReverse /test https://192.168.10.193/test SSLProxyMachineCertificatePath /var/www./certs SSLProxyVerify off Every call to the server for /test results in: [Tue Sep 07 21:59:19 2010] [notice] child pid 24344 exit signal Segmentation fault (11) SERVER_SIGNATURE = 'addressApache/2.0.52 (CentOS) Server at Port 443/address My 2 cents: Open a bug and provide a backtrace for the crash if you can reproduce with 2.2.latest. If it isn't reproducible there, switch.
[us...@httpd] Ssl front end proxy and Segmentation fault (11)
I am trying to reverse proxy client certs, here is the config snipit: RequestHeader set Front-End-Https On CacheDisable * SSLProxyEngine On ProxyPass /test https://192.168.10.193/test ProxyPassReverse /test https://192.168.10.193/test SSLProxyMachineCertificatePath /var/www./certs SSLProxyVerify off Every call to the server for /test results in: [Tue Sep 07 21:59:19 2010] [notice] child pid 24344 exit signal Segmentation fault (11) Fetching https:///cgi-bin/test.cgi AUTH_TYPE = 'Basic' DOCUMENT_ROOT = '/var/www./html' GATEWAY_INTERFACE = 'CGI/1.1' HTTPS = 'on' HTTP_ACCEPT = 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*' HTTP_ACCEPT_ENCODING = 'gzip, deflate' HTTP_ACCEPT_LANGUAGE = 'en-us' HTTP_CONNECTION = 'Keep-Alive' HTTP_COOKIE = 'ASP.NET_SessionId=fnut3nm4wmsbyc55x5g5tp45' HTTP_FRONT_END_HTTPS = 'On' HTTP_HOST = '' HTTP_UA_CPU = 'x86' HTTP_USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)' PATH = '/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin' QUERY_STRING = '' REMOTE_ADDR = '16.0.0.0' REMOTE_PORT = '1954' REMOTE_USER = '/C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=CONTRACTOR/CN=PYERON.JASON.J.1291147719' REQUEST_METHOD = 'GET' REQUEST_URI = '/cgi-bin/test.cgi' SCRIPT_FILENAME = '/var/www./cgi-bin/test.cgi' SCRIPT_NAME = '/cgi-bin/test.cgi' SERVER_ADDR = 'x.x.x.x' SERVER_ADMIN = 'r...@localhost' SERVER_NAME = '' SERVER_PORT = '443' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SIGNATURE = 'addressApache/2.0.52 (CentOS) Server at Port 443/address ' SERVER_SOFTWARE = 'Apache/2.0.52 (CentOS)' SSL_CLIENT_CERT = '-BEGIN CERTIFICATE- MIID6DCCA1GgAwIBAgIDCb6dMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAlVT MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE CxMDUEtJMRIwEAYDVQQDEwlET0QgQ0EtMTUwHhcNMDcxMDE4MDAwMDAwWhcNMTAx MDE0MjM1OTU5WjB8MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t ZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTETMBEGA1UECxMKQ09OVFJB Q1RPUjEiMCAGA1UEAxMZUFlFUk9OLkpBU09OLkouMTI5MTE0NzcxOTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAhMQ+RKYz1XcPripHGnBICeiyzbGarX57ndk/ 6ZRtlk8LW/WsHy3A9t31PsnEIVALPbr75yEVvrn2htQuOdm24D6T5984JDOHchYu WUUyS/W73NCr/Uv3aQ2EyFi9yNdZxuS0dg7GJAXwnYmDAHkMS0o5eAJKVBWb+yuV wiEhSGECAwEAAaOCAZswggGXMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRo gBF4GQ3u7fNlSY4AIuxSjroEzjAdBgNVHQ4EFgQUT9z86adICxztaDTGWVbqxwY2 Ll4wFgYDVR0gBA8wDTALBglghkgBZQIBCwkwgcUGA1UdHwSBvTCBujAsoCqgKIYm aHR0cDovL2NybC5kaXNhLm1pbC9nZXRjcmw/RE9EJTIwQ0EtMTUwgYmggYaggYOG gYBsZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMENBLTE1JTJjb3Ul M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RV Uz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTBlBggrBgEFBQcBAQRZ MFcwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jcmwuZGlzYS5taWwvZ2V0c2lnbj9ET0Ql MjBDQS0xNTAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlzYS5taWwwDQYJKoZI hvcNAQEFBQADgYEAp08dHan3bDsdmG1UJaQzcbFRQwGuyI5JKzTcmjTZ/3lRRsp5 vmPDoAnSbLd0CkG4z7d/OW5JvA9bZSDdC4DS1f9utK8bdCdzlCigfupfNxs+jzvB 3UQDxqUSnC+E7bIc5fnbUD2aKfCkHNYVoHhBgHJt+S19iUcRsxIT8Aj1+70= -END CERTIFICATE- ' SSL_SERVER_CERT = '-BEGIN CERTIFICATE- XXX -END CERTIFICATE- ' downgrade_1_0 = '1' force_response_1_0 = '1' nokeepalive = '1' ssl_unclean_shutdown = '1' -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Ssl front end proxy and Segmentation fault (11)
-Original Message- From: Jason Pyeron [mailto:jpye...@pdinc.us] Sent: Tuesday, September 07, 2010 22:03 To: users@httpd.apache.org Subject: [us...@httpd] Ssl front end proxy and Segmentation fault (11) I am trying to reverse proxy client certs, here is the config snipit: Fyi: the version is httpd-2.0.52-41.ent.7.centos4 RequestHeader set Front-End-Https On CacheDisable * SSLProxyEngine On ProxyPass /test https://192.168.10.193/test ProxyPassReverse /test https://192.168.10.193/test SSLProxyMachineCertificatePath /var/www./certs SSLProxyVerify off Every call to the server for /test results in: [Tue Sep 07 21:59:19 2010] [notice] child pid 24344 exit signal Segmentation fault (11) Fetching https:///cgi-bin/test.cgi AUTH_TYPE = 'Basic' DOCUMENT_ROOT = '/var/www./html' GATEWAY_INTERFACE = 'CGI/1.1' HTTPS = 'on' HTTP_ACCEPT = 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*' HTTP_ACCEPT_ENCODING = 'gzip, deflate' HTTP_ACCEPT_LANGUAGE = 'en-us' HTTP_CONNECTION = 'Keep-Alive' HTTP_COOKIE = 'ASP.NET_SessionId=fnut3nm4wmsbyc55x5g5tp45' HTTP_FRONT_END_HTTPS = 'On' HTTP_HOST = '' HTTP_UA_CPU = 'x86' HTTP_USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)' PATH = '/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin' QUERY_STRING = '' REMOTE_ADDR = '16.0.0.0' REMOTE_PORT = '1954' REMOTE_USER = '/C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=CONTRACTOR/CN=PYERON.JASON.J.1291147719' REQUEST_METHOD = 'GET' REQUEST_URI = '/cgi-bin/test.cgi' SCRIPT_FILENAME = '/var/www./cgi-bin/test.cgi' SCRIPT_NAME = '/cgi-bin/test.cgi' SERVER_ADDR = 'x.x.x.x' SERVER_ADMIN = 'r...@localhost' SERVER_NAME = '' SERVER_PORT = '443' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SIGNATURE = 'addressApache/2.0.52 (CentOS) Server at Port 443/address ' SERVER_SOFTWARE = 'Apache/2.0.52 (CentOS)' SSL_CLIENT_CERT = '-BEGIN CERTIFICATE- MIID6DCCA1GgAwIBAgIDCb6dMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAlVT MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE CxMDUEtJMRIwEAYDVQQDEwlET0QgQ0EtMTUwHhcNMDcxMDE4MDAwMDAwWhcNMTAx MDE0MjM1OTU5WjB8MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t ZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTETMBEGA1UECxMKQ09OVFJB Q1RPUjEiMCAGA1UEAxMZUFlFUk9OLkpBU09OLkouMTI5MTE0NzcxOTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAhMQ+RKYz1XcPripHGnBICeiyzbGarX57ndk/ 6ZRtlk8LW/WsHy3A9t31PsnEIVALPbr75yEVvrn2htQuOdm24D6T5984JDOHchYu WUUyS/W73NCr/Uv3aQ2EyFi9yNdZxuS0dg7GJAXwnYmDAHkMS0o5eAJKVBWb+yuV wiEhSGECAwEAAaOCAZswggGXMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRo gBF4GQ3u7fNlSY4AIuxSjroEzjAdBgNVHQ4EFgQUT9z86adICxztaDTGWVbqxwY2 Ll4wFgYDVR0gBA8wDTALBglghkgBZQIBCwkwgcUGA1UdHwSBvTCBujAsoCqgKIYm aHR0cDovL2NybC5kaXNhLm1pbC9nZXRjcmw/RE9EJTIwQ0EtMTUwgYmggYaggYOG gYBsZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERvRCUyMENBLTE1JTJjb3Ul M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RV Uz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTBlBggrBgEFBQcBAQRZ MFcwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jcmwuZGlzYS5taWwvZ2V0c2lnbj9ET0Ql MjBDQS0xNTAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlzYS5taWwwDQYJKoZI hvcNAQEFBQADgYEAp08dHan3bDsdmG1UJaQzcbFRQwGuyI5JKzTcmjTZ/3lRRsp5 vmPDoAnSbLd0CkG4z7d/OW5JvA9bZSDdC4DS1f9utK8bdCdzlCigfupfNxs+jzvB 3UQDxqUSnC+E7bIc5fnbUD2aKfCkHNYVoHhBgHJt+S19iUcRsxIT8Aj1+70= -END CERTIFICATE- ' SSL_SERVER_CERT = '-BEGIN CERTIFICATE- XXX -END CERTIFICATE- ' downgrade_1_0 = '1' force_response_1_0 = '1' nokeepalive = '1' ssl_unclean_shutdown = '1' -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
