Hi all, This patch fixes a problem that occurs when RSA SSL-C is used as back-end for mod_ssl:
Index: t/conf/ssl/proxyssl.conf.in
===================================================================
RCS file:
/home/cvspublic/httpd-test/perl-framework/t/conf/ssl/proxyssl.conf.in,v
retrieving revision 1.11
diff -u -r1.11 proxyssl.conf.in
--- t/conf/ssl/proxyssl.conf.in 2 May 2002 19:25:52 -0000 1.11
+++ t/conf/ssl/proxyssl.conf.in 4 Aug 2003 19:30:00 -0000
@@ -34,7 +34,7 @@
#these are not on by default in the 1.x based mod_ssl
<IfDefine APACHE2>
SSLProxyEngine On
- #SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
#client_ok.pem should be loaded first
SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
If I don't explicitly specify the proxy client cert when running on SSL-C,
the wrong certificate gets picked for proxy client authentication. The
result is a 403 Forbidden from the upstream, and a 502 Bad Gateway from the
proxy.
The regular mod_ssl/OpenSSL combination is not affected, but is not broken
by this patch either. Tested on Darwin (OpenSSL), Linux (both OpenSSL and
SSL-C) and Solaris (both).
S.
--
Covalent Technologies [EMAIL PROTECTED]
Engineering group Voice: (415) 856 4214
303 Second Street #375 South Fax: (415) 856 4210
San Francisco CA 94107
PGP Fingerprint: 7A8D B189 E871 80CB 9521 9320 C11E 7B47 964F 31D9
=======================================================
This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message
=======================================================
proxyssl.conf.in.patch
Description: Binary data
