Hi all, This patch fixes a problem that occurs when RSA SSL-C is used as back-end for mod_ssl:
Index: t/conf/ssl/proxyssl.conf.in =================================================================== RCS file: /home/cvspublic/httpd-test/perl-framework/t/conf/ssl/proxyssl.conf.in,v retrieving revision 1.11 diff -u -r1.11 proxyssl.conf.in --- t/conf/ssl/proxyssl.conf.in 2 May 2002 19:25:52 -0000 1.11 +++ t/conf/ssl/proxyssl.conf.in 4 Aug 2003 19:30:00 -0000 @@ -34,7 +34,7 @@ #these are not on by default in the 1.x based mod_ssl <IfDefine APACHE2> SSLProxyEngine On - #SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem #client_ok.pem should be loaded first SSLProxyMachineCertificatePath @SSLCA@/asf/proxy SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt If I don't explicitly specify the proxy client cert when running on SSL-C, the wrong certificate gets picked for proxy client authentication. The result is a 403 Forbidden from the upstream, and a 502 Bad Gateway from the proxy. The regular mod_ssl/OpenSSL combination is not affected, but is not broken by this patch either. Tested on Darwin (OpenSSL), Linux (both OpenSSL and SSL-C) and Solaris (both). S. -- Covalent Technologies [EMAIL PROTECTED] Engineering group Voice: (415) 856 4214 303 Second Street #375 South Fax: (415) 856 4210 San Francisco CA 94107 PGP Fingerprint: 7A8D B189 E871 80CB 9521 9320 C11E 7B47 964F 31D9 ======================================================= This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message =======================================================
proxyssl.conf.in.patch
Description: Binary data