Date: Tue, 07 Feb 2006 15:55:32 +0100 From: =?UTF-8?B?S8O2dmVzZMOhbiBHw6Fib3I=?= <gabor.kovesdan@t-hosting.hu> To: clemet@FreeBSD.org Cc: ports@FreeBSD.org Subject: [Fwd: Re: [users@httpd] SSL in Apache 2.2.0] Message-ID: <43E8B4E4.5080904@t-hosting.hu>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------020104050501040606040800 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, this is the copy of the mail I wrote to the Apache users mailig list. One of the developers say that he can't reproduce my issue. Maybe the error is in my environment or in the apache22 port, I don't know, but I'd like to ask you to help me investigate this. My config files are available online: http://tux.t-hosting.hu/config.bz2 Even the certs and the private key are included. I have FreeBSD 5.3 on an amd64 production machine. As you can see the problem is that apache 2.2 doesn't start if I enbale SSLEngine on globally, and there's no error message. If enabled only in a VirtualHost block, it starts but I get that error message I wrote in the mail. Could somebody try to reproduce this, please? Thanks in advance, Gabor Kovesdan --------------020104050501040606040800 Content-Type: message/rfc822; name="Re: [users@httpd] SSL in Apache 2.2.0" Content-Transfer-Encoding: 8bit Content-Disposition: inline; filename="Re: [users@httpd] SSL in Apache 2.2.0" Message-ID: <43E8A98B.8090209@t-hosting.hu> Date: Tue, 07 Feb 2006 15:07:07 +0100 From: =?UTF-8?B?S8O2dmVzZMOhbiBHw6Fib3I=?= <gabor.kovesdan@t-hosting.hu> User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@httpd.apache.org Subject: Re: [users@httpd] SSL in Apache 2.2.0 References: <43E2393A.3000006@t-hosting.hu> <20060207134604.GA17960@redhat.com> In-Reply-To: <20060207134604.GA17960@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Joe Orton wrote: >On Thu, Feb 02, 2006 at 05:54:18PM +0100, Kövesdán Gábor wrote: > > >>CustomLog /var/log/apache/httpd-ssl_request.log \ >> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >> >>If I set here (globally) SSLEngine optional or on, Apache didn't even >>start, and I get this in the error log: >> >> > >You need "SSLEngine on" somewhere. What error was produced from >apachectl? How did it fail to start? There aren't any errors in the >error_log you posted. > > > Exactly what I wrote. I know SSLEngine On is needed somewhere. Here is the result once more. Take the config I made online (there's the link in the bugreport), modify httpd-ssl.conf to contain SSLEngine On (that file is included in httpd.conf), and start the server with debug loging: root@server# apachectl start root@server# tail -n 30 /var/log/apache/httpd-error.log [Thu Feb 02 18:10:28 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key [Thu Feb 02 18:11:21 2006] [notice] Apache/2.2.0 (FreeBSD) configured -- resuming normal operations [Thu Feb 02 20:53:46 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03\x01 [Thu Feb 02 20:53:46 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Thu Feb 02 20:53:46 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Fri Feb 03 18:34:51 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03\x01 [Fri Feb 03 18:34:51 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Fri Feb 03 18:34:51 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Mon Feb 06 13:37:46 2006] [error] [client 83.216.45.137] Invalid method in request \x80g\x01\x03\x01 [Mon Feb 06 13:37:46 2006] [error] [client 83.216.45.137] Invalid method in request \x80g\x01\x03 [Mon Feb 06 15:43:39 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03\x01 [Mon Feb 06 15:43:39 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 [Mon Feb 06 15:43:39 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 [Mon Feb 06 15:43:45 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 [Tue Feb 07 14:56:18 2006] [notice] caught SIGTERM, shutting down [Tue Feb 07 14:56:25 2006] [info] mod_unique_id: using ip addr 217.20.133.7 [Tue Feb 07 14:56:26 2006] [info] Init: Seeding PRNG with 0 bytes of entropy [Tue Feb 07 14:56:26 2006] [info] Loading certificate & private key of SSL-aware server [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Tue Feb 07 14:56:26 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Feb 07 14:56:26 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Feb 07 14:56:26 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue Feb 07 14:56:26 2006] [info] Init: Initializing (virtual) servers for SSL [Tue Feb 07 14:56:26 2006] [info] Configuring server for SSL protocol [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(538): Configuring client authentication [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(1113): CA certificate: /O=T-Hosting.Hu/OU=Certificate Authority/emailAddress=postmaster@t-hosting.hu/L=Budapest/ST=Budapest/C=HU/CN=server.t-hosting.hu [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(685): Configuring server certificate chain (1 CA certificate) [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(729): Configuring RSA server certificate [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key You can see, I stopped the server at 14:56:18 and restarted it to load the modified config with SSLEngine On. Here's no errer even if the debug loglevel is selected, but when I type ps aux: root@server# ps aux | grep httpd root 69658 0.0 0.1 5808 1032 p0 S+ 2:59PM 0:00.00 grep httpd It doesn't seem to be a configuration error. If SSLEngine On is just enabled in a VirtualHost it starts normally: root@server# apachectl start root@server# ps aux | grep httpd root 69789 5.5 2.2 163948 22808 ?? Ss 3:04PM 0:00.33 /usr/local/sbin/httpd -k start www 69790 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69791 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69792 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69793 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69794 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69795 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69796 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69797 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69798 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69799 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start root 69801 0.0 0.1 5808 1032 p0 S+ 3:04PM 0:00.00 grep httpd root@server# tail -n 18 /var/log/apache/httpd-error.log [Tue Feb 07 15:04:17 2006] [notice] caught SIGTERM, shutting down [Tue Feb 07 15:04:21 2006] [info] mod_unique_id: using ip addr 217.20.133.7 [Tue Feb 07 15:04:22 2006] [info] Init: Seeding PRNG with 0 bytes of entropy [Tue Feb 07 15:04:22 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Feb 07 15:04:22 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Feb 07 15:04:22 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue Feb 07 15:04:22 2006] [info] Init: Initializing (virtual) servers for SSL [Tue Feb 07 15:04:22 2006] [info] Server: Apache/2.2.0, Interface: mod_ssl/2.2.0, Library: OpenSSL/0.9.8a [Tue Feb 07 15:04:22 2006] [info] mod_unique_id: using ip addr 217.20.133.7 [Tue Feb 07 15:04:23 2006] [info] Init: Seeding PRNG with 0 bytes of entropy [Tue Feb 07 15:04:23 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Feb 07 15:04:23 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Feb 07 15:04:23 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue Feb 07 15:04:23 2006] [info] Init: Initializing (virtual) servers for SSL [Tue Feb 07 15:04:23 2006] [info] Server: Apache/2.2.0, Interface: mod_ssl/2.2.0, Library: OpenSSL/0.9.8a [Tue Feb 07 15:04:23 2006] [notice] Apache/2.2.0 (FreeBSD) configured -- resuming normal operations [Tue Feb 07 15:04:23 2006] [info] Server built: Jan 31 2006 11:43:51 [Tue Feb 07 15:04:23 2006] [debug] prefork.c(991): AcceptMutex: flock (default: flock) But when I try to see that virtualhost via SSL I get: [Tue Feb 07 15:06:18 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 Thanks, Gabor Kovesdan --------------020104050501040606040800--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43E8B4E4.5080904>