Date: Thu, 26 Jun 2014 23:16:18 +0200 From: olli hauer <ohauer@gmx.de> To: Rainer Duffner <rainer@ultra-secure.de> Cc: apache@FreeBSD.org Subject: Re: Strange error after upgrading from Apache 2.2.25 to 2.2.27 (and upgrading from FreeBSD9 to FreeBSD10) Message-ID: <53AC8DA2.1020809@gmx.de> In-Reply-To: <20140623104833.2f6fb94d@suse3.ewadmin.local> References: <20140616160338.39144da0@suse3.ewadmin.local> <20140623104833.2f6fb94d@suse3.ewadmin.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-06-23 10:48, Rainer Duffner wrote: > Am Mon, 16 Jun 2014 16:03:38 +0200 > schrieb Rainer Duffner <rainer@ultra-secure.de>: > >> Hi, >> >> >> I have a system that does the following: >> >> SSLProxyEngine on >> SSLProxyMachineCertificateFile /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt >> SSLProxyCACertificateFile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt >> SSLProxyVerify require >> SSLProxyVerifyDepth 1 >> >> >> This configuration worked with FreeBSD9, apache-2.2.25. >> >> However, after the upgrade to FreeBSD10 and apache-2.2.27, I get: > > > Also, it does work with FreeBSD 9.2p8 and apache-2.2.27. > > So it really seems to be a problem with FreeBSD 10's OpenSSL. > One of the difference between 8/9 and 10 is the OpenSSL version 0.9.8? and 1.0.1? It seems you are not the only one and it has something to do with the SSL key format (PKCS#8 / PKCS#1) New OpenSSL is using PKCS#1 which is not supported by mod_ssl but the cert can be converted to PKCS#8 See the Answer from Joe Orton on the RHEL bugtracker http://mail-archives.apache.org/mod_mbox/httpd-bugs/201310.mbox/%3Cbug-55673-7868@https.issues.apache.org/bugzilla/%3E https://bugzilla.redhat.com/show_bug.cgi?id=1025057 // olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53AC8DA2.1020809>