Re: [users@httpd] SSL in Apache 2.2.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Joe Orton wrote:


On Thu, Feb 02, 2006 at 05:54:18PM +0100, Kövesdán Gábor wrote:

CustomLog /var/log/apache/httpd-ssl_request.log \
        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
If I set here (globally) SSLEngine optional or on, Apache didn't even start, and I get this in the error log:
You need "SSLEngine on" somewhere. What error was produced from apachectl? How did it fail to start? There aren't any errors in the error_log you posted.
Exactly what I wrote. I know SSLEngine On is needed somewhere. Here is the result once more. Take the config I made online (there's the link in the bugreport), modify httpd-ssl.conf to contain SSLEngine On (that file is included in httpd.conf), and start the server with debug loging: 

root@server# apachectl start
root@server# tail -n 30 /var/log/apache/httpd-error.log
[Thu Feb 02 18:10:28 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key [Thu Feb 02 18:11:21 2006] [notice] Apache/2.2.0 (FreeBSD) configured -- resuming normal operations [Thu Feb 02 20:53:46 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03\x01 [Thu Feb 02 20:53:46 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Thu Feb 02 20:53:46 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Fri Feb 03 18:34:51 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03\x01 [Fri Feb 03 18:34:51 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Fri Feb 03 18:34:51 2006] [error] [client 81.183.61.98] Invalid method in request \x80g\x01\x03 [Mon Feb 06 13:37:46 2006] [error] [client 83.216.45.137] Invalid method in request \x80g\x01\x03\x01 [Mon Feb 06 13:37:46 2006] [error] [client 83.216.45.137] Invalid method in request \x80g\x01\x03 [Mon Feb 06 15:43:39 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03\x01 [Mon Feb 06 15:43:39 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 [Mon Feb 06 15:43:39 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 [Mon Feb 06 15:43:45 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 
[Tue Feb 07 14:56:18 2006] [notice] caught SIGTERM, shutting down
[Tue Feb 07 14:56:25 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Tue Feb 07 14:56:26 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Feb 07 14:56:26 2006] [info] Loading certificate & private key of SSL-aware server [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Tue Feb 07 14:56:26 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Feb 07 14:56:26 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Feb 07 14:56:26 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue Feb 07 14:56:26 2006] [info] Init: Initializing (virtual) servers for SSL 
[Tue Feb 07 14:56:26 2006] [info] Configuring server for SSL protocol
[Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(538): Configuring client authentication [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(1113): CA certificate: /O=T-Hosting.Hu/OU=Certificate Authority/emailAddress=postmaster@xxxxxxxxxxxx/L=Budapest/ST=Budapest/C=HU/CN=server.t-hosting.hu [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(685): Configuring server certificate chain (1 CA certificate) [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(729): Configuring RSA server certificate [Tue Feb 07 14:56:26 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key
You can see, I stopped the server at 14:56:18 and restarted it to load the modified config with SSLEngine On. Here's no errer even if the debug loglevel is selected, but when I type ps aux: 

root@server# ps aux | grep httpd
root     69658  0.0  0.1  5808 1032  p0  S+    2:59PM   0:00.00 grep httpd

It doesn't seem to be a configuration error.
If SSLEngine On is just enabled in a VirtualHost it starts normally:

root@server# apachectl start
root@server# ps aux | grep httpd
root 69789 5.5 2.2 163948 22808 ?? Ss 3:04PM 0:00.33 /usr/local/sbin/httpd -k start www 69790 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69791 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69792 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69793 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69794 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69795 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69796 0.0 2.2 164012 22872 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69797 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69798 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start www 69799 0.0 2.2 163972 22836 ?? S 3:04PM 0:00.00 /usr/local/sbin/httpd -k start 
root     69801  0.0  0.1  5808 1032  p0  S+    3:04PM   0:00.00 grep httpd

root@server# tail -n 18 /var/log/apache/httpd-error.log
[Tue Feb 07 15:04:17 2006] [notice] caught SIGTERM, shutting down
[Tue Feb 07 15:04:21 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Tue Feb 07 15:04:22 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Feb 07 15:04:22 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Feb 07 15:04:22 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Feb 07 15:04:22 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue Feb 07 15:04:22 2006] [info] Init: Initializing (virtual) servers for SSL [Tue Feb 07 15:04:22 2006] [info] Server: Apache/2.2.0, Interface: mod_ssl/2.2.0, Library: OpenSSL/0.9.8a 
[Tue Feb 07 15:04:22 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Tue Feb 07 15:04:23 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Feb 07 15:04:23 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Feb 07 15:04:23 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Feb 07 15:04:23 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Tue Feb 07 15:04:23 2006] [info] Init: Initializing (virtual) servers for SSL [Tue Feb 07 15:04:23 2006] [info] Server: Apache/2.2.0, Interface: mod_ssl/2.2.0, Library: OpenSSL/0.9.8a [Tue Feb 07 15:04:23 2006] [notice] Apache/2.2.0 (FreeBSD) configured -- resuming normal operations 
[Tue Feb 07 15:04:23 2006] [info] Server built: Jan 31 2006 11:43:51
[Tue Feb 07 15:04:23 2006] [debug] prefork.c(991): AcceptMutex: flock (default: flock) 

But when I try to see that virtualhost via SSL I get:
[Tue Feb 07 15:06:18 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 

Thanks,

Gabor Kovesdan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux