b***@apache.org
2018-11-02 16:23:32 UTC
https://bz.apache.org/bugzilla/show_bug.cgi?id=62880
Bug ID: 62880
Summary: "Failed to configure CA certificate chain" because
OpenSSL's error queue is not cleared
Product: Apache httpd-2
Version: 2.4.37
Hardware: PC
OS: Linux
Status: NEW
Keywords: PatchAvailable
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: ***@httpd.apache.org
Reporter: apache-***@michael-kaufmann.ch
Target Milestone: ---
Created attachment 36241
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36241&action=edit
Bugfix (clear the error queue before loading CA chains)
When using mod_ssl and mod_md in a complex setup (some virtual hosts managed by
mod_md, some not), I got this error from mod_ssl:
AH01903: Failed to configure CA certificate chain!
Before loading the certificate chain, mod_ssl does not clear OpenSSL's error
queue. After loading the certificate chain, mod_ssl inspects the whole error
queue, and finds something. Probably an OpenSSL function called by mod_md has
added something to the error queue.
See also https://github.com/icing/mod_md/issues/84#issuecomment-375959559
The attached patch fixes the bug.
Bug ID: 62880
Summary: "Failed to configure CA certificate chain" because
OpenSSL's error queue is not cleared
Product: Apache httpd-2
Version: 2.4.37
Hardware: PC
OS: Linux
Status: NEW
Keywords: PatchAvailable
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: ***@httpd.apache.org
Reporter: apache-***@michael-kaufmann.ch
Target Milestone: ---
Created attachment 36241
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36241&action=edit
Bugfix (clear the error queue before loading CA chains)
When using mod_ssl and mod_md in a complex setup (some virtual hosts managed by
mod_md, some not), I got this error from mod_ssl:
AH01903: Failed to configure CA certificate chain!
Before loading the certificate chain, mod_ssl does not clear OpenSSL's error
queue. After loading the certificate chain, mod_ssl inspects the whole error
queue, and finds something. Probably an OpenSSL function called by mod_md has
added something to the error queue.
See also https://github.com/icing/mod_md/issues/84#issuecomment-375959559
The attached patch fixes the bug.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org