Date: Mon, 3 Apr 2000 19:37:55 +0200 (SAST) From: Khetan Gajjar <khetan@uunet.co.za> To: current@freebsd.org Subject: OpenSSL and Apache+ModSSL Message-ID: <Pine.BSF.4.21.0004031923140.1802-100000@bofh.ops.uunet.co.za>
next in thread | raw e-mail | index | archive | help
Hi.
I've been having great unhappiness in trying to get Apache+modSSL and
OpenSSL in 5-current to work.
I do not have the RSA port installed (I'm a South African
citizen residing outside the USA), and built-world today with
USA_RESIDENT=no set.
Basically, the combination of Apache 1.3.12 and modSSL 2.6.2
is not happy with OpenSSL 0.9.4 (as that combination stands
in 5-current). Does any non-US citizen or person who has installed
a FreeBSD 5 system as a non-US citizen gotten Apache+modSSL to
work with a recentish -current ? I specifically used the
apache13-php3 port, and enabled modSSL (if that makes any
difference).
I saw that Kris Kennaway discussed this the last time I brought this
up, and there was a refernce to the RSA library mentioned, but the
thread died shortly thereafter.
It was working about two/three months before the laying down of the
4-release tag.
I'm seeing this from the https server logs :
[03/Apr/2000 19:22:43 20348] [info] Connection to child 5 established (server x
xxx.xxx.xxxxx.xx.xx:443, client xxx.xxx.xxx.xxx)
[03/Apr/2000 19:22:43 20348] [info] Seeding PRNG with 1160 bytes of entropy
[03/Apr/2000 19:22:44 20348] [error] SSL handshake failed (server xxxx.xxx.xxxxx
.xx.xx:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
[03/Apr/2000 19:22:44 20348] [error] OpenSSL: error:140BB004:SSL routines:SSL_RS
A_PRIVATE_DECRYPT:nested asn1 error
[03/Apr/2000 19:22:44 20348] [error] OpenSSL: error:1407D071:SSL routines:SSL2_R
EAD:bad mac decode [Hint: Browser still remembered details of a re-created serve
r certificate?]
and this in it's error logs :
[Mon Apr 3 19:22:44 2000] [error] mod_ssl: SSL handshake failed (server xxxx.xx
x.xxxxx.xx.xx:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
[Mon Apr 3 19:22:44 2000] [error] OpenSSL: error:140BB004:SSL routines:SSL_RSA_
PRIVATE_DECRYPT:nested asn1 error
[Mon Apr 3 19:22:44 2000] [error] OpenSSL: error:1407D071:SSL routines:SSL2_REA
D:bad mac decode [Hint: Browser still remembered details of a re-created server
certificate?]
This is generated by an OpenSSL connection from the web server to
itself :
6=[khetan@xxxxx] ~$ openssl s_client -connect xxxx.xxx.xxxxx.xx.xx:443 -ssl2
+ openssl s_client -connect xxxx.xxx.xxxxx.xx.xx:443 -ssl2
CONNECTED(00000003)
depth=0 /C=ZA/ST=Cape Province/L=Cape Town/O=OS Users Group/OU=System Administra
tion/CN=xxx.xxx.xxx.xxx/Email=khetan@freebsd.os.org.za
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ZA/ST=Cape Province/L=Cape Town/O=OS Users Group/OU=System Administra
tion/CN=xxx.xxx.xxx.xxx/Email=khetan@freebsd.os.org.za
verify return:1
31281:error:1407D071:SSL routines:SSL2_READ:bad mac decode:/usr/src/secure/lib/l
ibssl/../../../crypto/openssl/ssl/s2_pkt.c:217:
The debugging output for this follows.
(called with openssl s_client -connect xxx.xxx.xxx.xxx:443 -nbio_test -debug)
CONNECTED(00000003)
write to 0807F4C0 [0808F000] (103 bytes => 2 (0x2))
0000 - 80 65 .e
write to 0807F4C0 [0808F002] (101 bytes => 2 (0x2))
0000 - 01 03 ..
write to 0807F4C0 [0808F004] (99 bytes => 3 (0x3))
0000 - 01 00 3c ..<
write to 0807F4C0 [0808F007] (96 bytes => 1 (0x1))
0001 - <SPACES/NULS>
write to 0807F4C0 [0808F008] (95 bytes => 4 (0x4))
0004 - <SPACES/NULS>
write to 0807F4C0 [0808F00C] (91 bytes => 3 (0x3))
0000 - 00 16 ..
0003 - <SPACES/NULS>
write to 0807F4C0 [0808F00F] (88 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F00F] (88 bytes => 2 (0x2))
0000 - 00 13 ..
write to 0807F4C0 [0808F011] (86 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F011] (86 bytes => 7 (0x7))
0000 - 00 00 0a 00 00 05 ......
0007 - <SPACES/NULS>
write to 0807F4C0 [0808F018] (79 bytes => 4 (0x4))
0000 - 00 04 ..
0004 - <SPACES/NULS>
write to 0807F4C0 [0808F01C] (75 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F01C] (75 bytes => 4 (0x4))
0000 - 15 00 00 12 ....
write to 0807F4C0 [0808F020] (71 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F020] (71 bytes => 5 (0x5))
0000 - 00 00 09 07 ....
0005 - <SPACES/NULS>
write to 0807F4C0 [0808F025] (66 bytes => 7 (0x7))
0000 - c0 03 00 80 01 00 80 .......
write to 0807F4C0 [0808F02C] (59 bytes => 6 (0x6))
0000 - 08 00 80 06 00 40 .....@
write to 0807F4C0 [0808F032] (53 bytes => 6 (0x6))
0000 - 00 00 14 00 00 11 ......
write to 0807F4C0 [0808F038] (47 bytes => 7 (0x7))
0000 - 00 00 08 00 00 06 ......
0007 - <SPACES/NULS>
write to 0807F4C0 [0808F03F] (40 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F03F] (40 bytes => 5 (0x5))
0000 - 00 03 04 00 80 .....
write to 0807F4C0 [0808F044] (35 bytes => 1 (0x1))
0000 - 02 .
write to 0807F4C0 [0808F045] (34 bytes => 6 (0x6))
0000 - 00 80 2d 14 bb 1b ..-...
write to 0807F4C0 [0808F04B] (28 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F04B] (28 bytes => 1 (0x1))
0000 - c3 .
write to 0807F4C0 [0808F04C] (27 bytes => 5 (0x5))
0000 - 71 65 46 c2 e7 qeF..
write to 0807F4C0 [0808F051] (22 bytes => 2 (0x2))
0000 - f3 9b ..
write to 0807F4C0 [0808F053] (20 bytes => -1 (0xFFFFFFFF))
write W BLOCK
write to 0807F4C0 [0808F053] (20 bytes => 7 (0x7))
0000 - 9a 24 57 aa 12 2e 97 .$W....
write to 0807F4C0 [0808F05A] (13 bytes => 7 (0x7))
0000 - fb af a5 35 d5 fa 74 ...5..t
write to 0807F4C0 [0808F061] (6 bytes => 2 (0x2))
0000 - 91 42 .B
write to 0807F4C0 [0808F063] (4 bytes => 1 (0x1))
0000 - 86 .
write to 0807F4C0 [0808F064] (3 bytes => 3 (0x3))
0000 - 18 08 d9 ...
read from 0807F4C0 [08095000] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 4a 02 ....J.
0007 - <SPACES/NULS>
read from 0807F4C0 [08095007] (72 bytes => 72 (0x48))
0000 - 00 46 03 01 38 e8 d6 5c-2f ce 90 77 ed ed 74 ac .F..8..\/..w..t.
0010 - ec 2e 06 f6 12 0b cd 0d-2f 0d 89 e4 df 11 23 ba ......../.....#.
0020 - 07 03 e1 da 20 7b b3 ca-70 97 d0 6e e2 df 83 9a .... {..p..n....
0030 - f0 1f 77 47 21 9e e7 aa-d2 54 0e bc 0b 69 7f 9c ..wG!....T...i..
0040 - f3 90 e5 12 c8 00 16 .......
0048 - <SPACES/NULS>
read from 0807F4C0 [08095000] (5 bytes => 5 (0x5))
0000 - 16 03 01 04 17 .....
read from 0807F4C0 [08095005] (1047 bytes => 940 (0x3AC))
0000 - 0b 00 04 13 00 04 10 00-04 0d 30 82 04 09 30 82 ..........0...0.
0010 - 03 72 a0 03 02 01 02 02-01 00 30 0d 06 09 2a 86 .r........0...*.
0020 - 48 86 f7 0d 01 01 04 05-00 30 81 ba 31 0b 30 09 H........0..1.0.
0030 - 06 03 55 04 06 13 02 5a-41 31 16 30 14 06 03 55 ..U....ZA1.0...U
0040 - 04 08 13 0d 43 61 70 65-20 50 72 6f 76 69 6e 63 ....Cape Provinc
0050 - 65 31 12 30 10 06 03 55-04 07 13 09 43 61 70 65 e1.0...U....Cape
0060 - 20 54 6f 77 6e 31 17 30-15 06 03 55 04 0a 13 0e Town1.0...U....
0070 - 4f 53 20 55 73 65 72 73-20 47 72 6f 75 70 31 1e OS Users Group1.
0080 - 30 1c 06 03 55 04 0b 13-15 53 79 73 74 65 6d 20 0...U....System
0090 - 41 64 6d 69 6e 69 73 74-72 61 74 69 6f 6e 31 1d Administration1.
00a0 - 30 1b 06 03 55 04 03 13-14 62 6f 66 68 2e 6f 70 0...U....xxxx.xx
00b0 - 73 2e 75 75 6e 65 74 2e-63 6f 2e 7a 61 31 27 30 x.xxxxx.xx.xx1'0
00c0 - 25 06 09 2a 86 48 86 f7-0d 01 09 01 16 18 6b 68 %..*.H........kh
00d0 - 65 74 61 6e 40 66 72 65-65 62 73 64 2e 6f 73 2e etan@freebsd.os.
00e0 - 6f 72 67 2e 7a 61 30 1e-17 0d 30 30 30 33 31 36 org.za0...000316
00f0 - 31 33 35 33 35 37 5a 17-0d 30 31 30 33 31 36 31 135357Z..0103161
0100 - 33 35 33 35 37 5a 30 81-ba 31 0b 30 09 06 03 55 35357Z0..1.0...U
0110 - 04 06 13 02 5a 41 31 16-30 14 06 03 55 04 08 13 ....ZA1.0...U...
0120 - 0d 43 61 70 65 20 50 72-6f 76 69 6e 63 65 31 12 .Cape Province1.
0130 - 30 10 06 03 55 04 07 13-09 43 61 70 65 20 54 6f 0...U....Cape To
0140 - 77 6e 31 17 30 15 06 03-55 04 0a 13 0e 4f 53 20 wn1.0...U....OS
0150 - 55 73 65 72 73 20 47 72-6f 75 70 31 1e 30 1c 06 Users Group1.0..
0160 - 03 55 04 0b 13 15 53 79-73 74 65 6d 20 41 64 6d .U....System Adm
0170 - 69 6e 69 73 74 72 61 74-69 6f 6e 31 1d 30 1b 06 inistration1.0..
0180 - 03 55 04 03 13 14 62 6f-66 68 2e 6f 70 73 2e 75 .U....xxxx.xxx.x
0190 - 75 6e 65 74 2e 63 6f 2e-7a 61 31 27 30 25 06 09 xxxx.xx.xx1'0%..
01a0 - 2a 86 48 86 f7 0d 01 09-01 16 18 6b 68 65 74 61 *.H........kheta
01b0 - 6e 40 66 72 65 65 62 73-64 2e 6f 73 2e 6f 72 67 n@freebsd.os.org
01c0 - 2e 7a 61 30 81 9f 30 0d-06 09 2a 86 48 86 f7 0d .za0..0...*.H...
01d0 - 01 01 01 05 00 03 81 8d-00 30 81 89 02 81 81 00 .........0......
01e0 - c6 74 3d ee b5 6f 0a e0-25 6a 79 20 df ed 61 2f .t=..o..%jy ..a/
01f0 - 6e 84 33 ec 26 8b 1d e4-d1 13 47 71 50 4a 21 ca n.3.&.....GqPJ!.
0200 - d4 e7 1b 09 9b a9 53 34-0d af 00 5b 2d c5 a4 4a ......S4...[-..J
0210 - 13 a8 d0 ea 72 43 3e fa-a1 26 a5 22 ab 38 0c 41 ....rC>..&.".8.A
0220 - 5e c4 be 69 0d ab 85 0f-3f 51 4b 5c fa f4 f0 80 ^..i....?QK\....
0230 - 0d d6 7a 1e cd 89 36 32-c9 12 85 ec 8f 41 fe 7f ..z...62.....A..
0240 - 26 74 89 4a 99 47 bd ec-18 31 78 ba af 59 21 41 &t.J.G...1x..Y!A
0250 - 7c e7 e4 8a b1 a3 86 69-a4 b9 e6 51 51 61 60 3d |......i...QQa`=
0260 - 02 03 01 00 01 a3 82 01-1b 30 82 01 17 30 1d 06 .........0...0..
0270 - 03 55 1d 0e 04 16 04 14-3b 63 2e 78 2b 36 dd 15 .U......;c.x+6..
0280 - 05 ea 73 6f b3 7d 24 10-2b 77 02 c5 30 81 e7 06 ..so.}$.+w..0...
0290 - 03 55 1d 23 04 81 df 30-81 dc 80 14 3b 63 2e 78 .U.#...0....;c.x
02a0 - 2b 36 dd 15 05 ea 73 6f-b3 7d 24 10 2b 77 02 c5 +6....so.}$.+w..
02b0 - a1 81 c0 a4 81 bd 30 81-ba 31 0b 30 09 06 03 55 ......0..1.0...U
02c0 - 04 06 13 02 5a 41 31 16-30 14 06 03 55 04 08 13 ....ZA1.0...U...
02d0 - 0d 43 61 70 65 20 50 72-6f 76 69 6e 63 65 31 12 .Cape Province1.
02e0 - 30 10 06 03 55 04 07 13-09 43 61 70 65 20 54 6f 0...U....Cape To
02f0 - 77 6e 31 17 30 15 06 03-55 04 0a 13 0e 4f 53 20 wn1.0...U....OS
0300 - 55 73 65 72 73 20 47 72-6f 75 70 31 1e 30 1c 06 Users Group1.0..
0310 - 03 55 04 0b 13 15 53 79-73 74 65 6d 20 41 64 6d .U....System Adm
0320 - 69 6e 69 73 74 72 61 74-69 6f 6e 31 1d 30 1b 06 inistration1.0..
0330 - 03 55 04 03 13 14 62 6f-66 68 2e 6f 70 73 2e 75 .U....xxxx.xxx.x
0340 - 75 6e 65 74 2e 63 6f 2e-7a 61 31 27 30 25 06 09 xxxx.xx.xx1'0%..
0350 - 2a 86 48 86 f7 0d 01 09-01 16 1820489:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:215:
6b 68 65 74 61 *.H........kheta
0360 - 6e 40 66 72 65 65 62 73-64 2e 6f 73 2e 6f 72 67 n@freebsd.os.org
0370 - 2e 7a 61 82 01 00 30 0c-06 03 55 1d 13 04 05 30 .za...0...U....0
0380 - 03 01 01 ff 30 0d 06 09-2a 86 48 86 f7 0d 01 01 ....0...*.H.....
0390 - 04 05 00 03 81 81 00 62-00 38 25 f7 5d 35 4c b6 .......b.8%.]5L.
03a0 - 41 af 41 2f 46 57 90 a2-ae 19 a5 f8 A.A/FW......
read from 0807F4C0 [080953B1] (107 bytes => 0 (0x0))
Khetan Gajjar.
---
khetan@uunet.co.za * khetan@os.org.za * PGP Key, contact
UUNET South Africa * FreeBSD enthusiast * details and other
http://www.uunet.co.za * http://www.freebsd.org * information at
System Administration * http://office.os.org.za * kg+details@uunet.co.za
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004031923140.1802-100000>