Public bug reported: When I use SSLProxyMachineCertificateFile in my apache configuration, the service crashes with a segfault on startup.
Here's the error.log contents with "LogLevel debug" : [Thu Aug 04 20:35:05 2011] [info] Init: Seeding PRNG with 648 bytes of entropy [Thu Aug 04 20:35:05 2011] [info] Loading certificate & private key of SSL-aware server [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required [Thu Aug 04 20:35:05 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Thu Aug 04 20:35:05 2011] [info] Init: Generating temporary DH parameters (512/1024 bits) [Thu Aug 04 20:35:05 2011] [info] Init: Initializing (virtual) servers for SSL [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(415): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(548): Configuring client authentication [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(1143): CA certificate: [hidden for privacy] [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(636): Configuring certificate revocation facility [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(966): loaded 1 client certs for SSL proxy [Thu Aug 04 20:35:05 2011] [info] Configuring server for SSL protocol [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(415): Creating new SSL context (protocols: SSLv3, TLSv1) [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(548): Configuring client authentication [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(1143): CA certificate: [hidden for privacy] [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(611): Configuring permitted SSL ciphers [HIGH:MEDIUM:!ADH] [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(636): Configuring certificate revocation facility [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(370): Configuring TLS extension handling [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(742): Configuring RSA server certificate [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(781): Configuring RSA server private key [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(415): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(548): Configuring client authentication [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(1143): CA certificate: [hidden for privacy] [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(636): Configuring certificate revocation facility [Thu Aug 04 20:35:05 2011] [debug] ssl_engine_init.c(966): loaded 1 client certs for SSL proxy [Thu Aug 04 20:35:05 2011] [info] mod_ssl/2.2.14 compiled against Server: Apache/2.2.14, Library: OpenSSL/0.9.8k Googleing this issue, I found a very similar story leading to a patch by the apache team (see https://issues.apache.org/bugzilla/show_bug.cgi?id=39915 and http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?r1=417988&r2=417987&pathrev=417988). I ran apt-get source apache2 on my server and compared the included ssl_engine_init.c with the patched version from the svn above. I confirm this patch is not included the current package (as available today in ubuntu repositories for Lucid). I would happily patch my source, compile and test to confirm it fixes the issue, but that's a bit beyond my Ubuntu knowledge (especially the "compile and rebuild package before apt-get-installing the fixed version" part). BTW : please consider publishing the fixed version in Lucid repositories, as I cannot use a non-LTS release. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: apache2 2.2.14-5ubuntu8.4 ProcVersionSignature: Ubuntu 2.6.32-30.59-generic-pae 2.6.32.29+drm33.13 Uname: Linux 2.6.32-30-generic-pae i686 Architecture: i386 Date: Thu Aug 4 20:21:18 2011 EcryptfsInUse: Yes InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.2) ProcEnviron: LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: apache2 ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 lucid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/821077 Title: Apache2 segfault with SSLProxyMachineCertificateFile (upstream patch not applied in ubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/821077/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs