I want to use mod_proxy_ftp over a https connection, but it somehow doesn't work. The basic setup is as follows:
SSLEngine On SSLProxyEngine on SSLCertificateFile /etc/apache2/ssl/ca.pem SSLCertificateKeyFile /etc/apache2/ssl/ca.key <Proxy *> Order deny,allow Allow from all </Proxy> ProxyRequests Off ProxyPass /myftp ftp://user:[EMAIL PROTECTED] This works without problems over http, but with https I only see a status message about a successful login to the ftp-server, but no directory listing. The problem seems to be that the mod_proxy_ftp sends the data without SSL, at least that's what I figure from the following log entries: [Fri May 30 14:10:39 2008] [debug] mod_proxy_ftp.c(1783): proxy: FTP: start body send [Fri May 30 14:10:39 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start [Fri May 30 14:10:39 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization [Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#83632d8 [mem: 8370020] (BIO dump follows) [Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1747): | 0000: 64 72 77 78 72 2d 78 72-2d 78 drwxr-xr-x | [Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1751): | 0011 - <SPACES/NULS> [Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Fri May 30 14:10:39 2008] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Fri May 30 14:10:39 2008] [info] [client xx.xx.xx.xx] SSL library error 1 in handshake (server xx.xx.xx.xx:443) [Fri May 30 14:10:39 2008] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? I already tried to fiddle with the SSLProxy-options (e.g. SSLProxyEngine on), but to no avail. I guess these are only necessary if I'd want to proxy to other SSL enabled servers anyway? -David --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
