Date: Mon, 16 Jun 2014 16:03:38 +0200 From: Rainer Duffner <rainer@ultra-secure.de> To: apache@FreeBSD.org Subject: Strange error after upgrading from Apache 2.2.25 to 2.2.27 (and upgrading from FreeBSD9 to FreeBSD10) Message-ID: <20140616160338.39144da0@suse3.ewadmin.local>
next in thread | raw e-mail | index | archive | help
Hi, I have a system that does the following: SSLProxyEngine on SSLProxyMachineCertificateFile /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt SSLProxyCACertificateFile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt SSLProxyVerify require SSLProxyVerifyDepth 1 This configuration worked with FreeBSD9, apache-2.2.25. However, after the upgrade to FreeBSD10 and apache-2.2.27, I get: [Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(696): Configuring client authentication [Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(1414): CA certificate: /C=CH/ST=ZH/L=Zuerich/O=H-Net AG, Ingbk/OU=Swiss Medical Suite Docbox Forwarder Test Facility/CN=SMS Docbox Proxy Test Certification Authority/emailAddress=info.swissmedicalsuite.docbox.proxy.ch [Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(1414): CA certificate: /C=CH/ST=ZH/L=Zuerich/O=H-Net AG/OU=H-Net Secure Operations/CN=ihe.h-net.ch/emailAddress=ihe@h-net.ch incomplete client cert configured for SSL proxy (missing or encrypted private key?) I'm a bit puzzled by this, because I don't see any obvious error. openssl verify -CAfile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt: OK They seem to match... Can anybody share some insight? I know it's this part that is problematic, because if I comment out this section (and a similar section in another config-file, that uses the same syntax), apache starts again. Rainer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140616160338.39144da0>