Am 18.10.2018 um 17:32 schrieb Schettler, Marty L.:
Good advice. Thanks! However, I just retested with 2.4.35 and I get the
exact same results as with 2.4.34. Any other ideas? I’d welcome a
workaround too.
Could well be
http://svn.apache.org/viewvc?rev=1844226&view=rev
which is still missing in 2.4.35. It will be part of the fortcoming
2.4.37, but you can also easily apply the small change to your 2.4.35
sources if you build yourself. You only need to add the two lines marked
with a leading "+" sign here:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?r1=1844226&r2=1844225&pathrev=1844226
Regards,
Rainer
*From:*William A Rowe Jr [mailto:wr...@rowe-clan.net]
*Sent:* Friday, October 12, 2018 6:26 PM
*To:* users@httpd.apache.org
*Subject:* Re: [users@httpd] Reverse proxy not sending certificate
A number of regressions are fixed in 2.4.35, please retest against that
version.
On Fri, Oct 12, 2018, 15:27 Schettler, Marty L.
<martin.l.schett...@leidos.com <mailto:martin.l.schett...@leidos.com>>
wrote:
My reverse proxy config doesn’t work with SSL any more as I try to
upgrade from 2.4.29 to 2.4.34.
My config:
SSLProxyEngine On
SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt
SSLProxyCACertificatePath /etc/cacerts
<Location /proxy>
ProxyPass https://host01:9443/p
ProxyPassReverse https://host01:9443/p
SSLVerifyClient require
</Location>
Again, this works just fine with 2.4.29. However, in 2.4.34 I get a
502 in my browser “Error reading from remote server” and my httpd
log file has a warning “AH02268: Proxy client callback: (host01:443)
downstream server wanted client certificate but none are
configured.” Is this possible related to PR 62232? If so, I thought
it would have been fixed in 2.4.32.
Any help is greatly appreciated!!
Marty
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org