RE: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"

Fri, 09 Dec 2005 09:59:41 -0800 

On Fri, 9 Dec 2005, Nick Burch wrote:

On Wed, 7 Dec 2005, Nick Burch wrote:
I'm also half tempted to try and make that error message more useful. Anyone know much about that area of code, or should I just dive in? 


I've done this. I still haven't quite figured out my problem, but I have 
narrowed it down quite a bit. Now to go investigate why my certificate isn't 
making it into mc->tPublicCert....



Any mod_ssl experts about? I think something very odd is going on during 
certificate/key loading.



I've added a bit more debugging into ssl_pphrase_Handle of 
ssl_engine_pphrase.c. Before doing the normal vhost iteration, I'm 
iterating over all the vhosts, printing out their name + if they have SSL 
enabled. Then, I've got the main vhost iteration loop to print out if it's 
going to skip a vhost.



From this, I see all my vhosts are defined, and correctly set for SSL/not 

SSL. During the loading iteration, it loads one certificate+key fine. Then 
it loads the second. After that, no more vhosts are checked!



It seems therefore that it's dropping out of the vhost iteration early for 
some reason, and hence not loading all the certificates+keys.



Can anyone comment on this? The changes I've made to ssl_engine_pphrase.c 
to show this info are below.


Thanks
Nick


--- ssl_engine_pphrase.c.sav    2005-12-09 17:29:33.000000000 +0000
+++ ssl_engine_pphrase.c        2005-12-09 17:58:31.704577206 +0000
@@ -173,13 +173,26 @@
      */
     for (pServ = s; pServ != NULL; pServ = pServ->next) {
         sc = mySrvConfig(pServ);
+        cpVHostID = ssl_util_vhostid(p, pServ);
+                       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
+                                       "SSL on vhost %s: %d",
+                                       cpVHostID,
+                                       sc->enabled);
+       }
+    for (pServ = s; pServ != NULL; pServ = pServ->next) {
+        sc = mySrvConfig(pServ);
+        cpVHostID = ssl_util_vhostid(p, pServ);

-        if (!sc->enabled)
+        if (!sc->enabled) {
+                       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,

+                                       "SSL not enabled on vhost %s, 
skipping SSL setup for it",

+                                       cpVHostID );
             continue;
+               }

-        cpVHostID = ssl_util_vhostid(p, pServ);
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, pServ,

-                     "Loading certificate & private key of SSL-aware 
server");
+                     "Loading certificate & private key of SSL-aware 
server %s",

+                                        cpVHostID);

         /*
          * Read in server certificate(s): This is the easy part
@@ -236,6 +249,10 @@
             ucp = ssl_asn1_table_set(mc->tPublicCert, cp, length);
             (void)i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */

+                       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
+                     "Loaded certificate from %s",
+                                        sc->server->pks->cert_files[0]);
+
             /*
              * Free the X509 structure


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to