RE: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 9 Dec 2005, Nick Burch wrote:
On Wed, 7 Dec 2005, Nick Burch wrote:
I'm also half tempted to try and make that error message more useful. Anyone know much about that area of code, or should I just dive in?

I've done this. I still haven't quite figured out my problem, but I have narrowed it down quite a bit. Now to go investigate why my certificate isn't making it into mc->tPublicCert....

Any mod_ssl experts about? I think something very odd is going on during certificate/key loading.

I've added a bit more debugging into ssl_pphrase_Handle of ssl_engine_pphrase.c. Before doing the normal vhost iteration, I'm iterating over all the vhosts, printing out their name + if they have SSL enabled. Then, I've got the main vhost iteration loop to print out if it's going to skip a vhost.

From this, I see all my vhosts are defined, and correctly set for SSL/not
SSL. During the loading iteration, it loads one certificate+key fine. Then it loads the second. After that, no more vhosts are checked!

It seems therefore that it's dropping out of the vhost iteration early for some reason, and hence not loading all the certificates+keys.

Can anyone comment on this? The changes I've made to ssl_engine_pphrase.c to show this info are below.

Thanks
Nick


--- ssl_engine_pphrase.c.sav    2005-12-09 17:29:33.000000000 +0000
+++ ssl_engine_pphrase.c        2005-12-09 17:58:31.704577206 +0000
@@ -173,13 +173,26 @@
      */
     for (pServ = s; pServ != NULL; pServ = pServ->next) {
         sc = mySrvConfig(pServ);
+        cpVHostID = ssl_util_vhostid(p, pServ);
+                       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
+                                       "SSL on vhost %s: %d",
+                                       cpVHostID,
+                                       sc->enabled);
+       }
+    for (pServ = s; pServ != NULL; pServ = pServ->next) {
+        sc = mySrvConfig(pServ);
+        cpVHostID = ssl_util_vhostid(p, pServ);

-        if (!sc->enabled)
+        if (!sc->enabled) {
+                       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
+ "SSL not enabled on vhost %s, skipping SSL setup for it",
+                                       cpVHostID );
             continue;
+               }

-        cpVHostID = ssl_util_vhostid(p, pServ);
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, pServ,
- "Loading certificate & private key of SSL-aware server"); + "Loading certificate & private key of SSL-aware server %s",
+                                        cpVHostID);

         /*
          * Read in server certificate(s): This is the easy part
@@ -236,6 +249,10 @@
             ucp = ssl_asn1_table_set(mc->tPublicCert, cp, length);
             (void)i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */

+                       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
+                     "Loaded certificate from %s",
+                                        sc->server->pks->cert_files[0]);
+
             /*
              * Free the X509 structure


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux