Am 18.10.2018 um 17:32 schrieb Schettler, Marty L.:
Good advice. Thanks! However, I just retested with 2.4.35 and I get the exact same results as with 2.4.34. Any other ideas? I’d welcome a workaround too.
Could well be http://svn.apache.org/viewvc?rev=1844226&view=revwhich is still missing in 2.4.35. It will be part of the fortcoming 2.4.37, but you can also easily apply the small change to your 2.4.35 sources if you build yourself. You only need to add the two lines marked with a leading "+" sign here:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?r1=1844226&r2=1844225&pathrev=1844226 Regards, Rainer
*From:*William A Rowe Jr [mailto:wrowe@xxxxxxxxxxxxx] *Sent:* Friday, October 12, 2018 6:26 PM *To:* users@xxxxxxxxxxxxxxxx *Subject:* Re: Reverse proxy not sending certificateA number of regressions are fixed in 2.4.35, please retest against that version.On Fri, Oct 12, 2018, 15:27 Schettler, Marty L. <Martin.L.Schettler@xxxxxxxxxx <mailto:Martin.L.Schettler@xxxxxxxxxx>> wrote:My reverse proxy config doesn’t work with SSL any more as I try to upgrade from 2.4.29 to 2.4.34. My config: SSLProxyEngine On SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt SSLProxyCACertificatePath /etc/cacerts <Location /proxy> ProxyPass https://host01:9443/p ProxyPassReverse https://host01:9443/p SSLVerifyClient require </Location> Again, this works just fine with 2.4.29. However, in 2.4.34 I get a 502 in my browser “Error reading from remote server” and my httpd log file has a warning “AH02268: Proxy client callback: (host01:443) downstream server wanted client certificate but none are configured.” Is this possible related to PR 62232? If so, I thought it would have been fixed in 2.4.32. Any help is greatly appreciated!! Marty
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|