Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Apache2 segmentation fault when using SSLVerifyClient

Reply
Thread Tools Display Modes

Apache2 segmentation fault when using SSLVerifyClient

 
 
Stephan B.
Guest
Posts: n/a

 
      12-15-2003, 02:20 AM
Hi,

I run an https intranet-Site using Apache2 with mod_ssl. The "pure", server
certified https-tunnel works fine, but when I require a client certificate
by setting SSLVerifyClient to "required", a segmentation fault occurs:

child pid 6364 exit signal Segmentation fault (11)

I am running SuSE Linux 8.2 with apache2-2.0.48-14 and openssl-0.9.6i-19. I
created my own CA which certified the certificates for both server and
client. Root and client-certificate are installed on a WinXP Pro Machine
with the latest patches. Because I read somewhere, that the SSLSessionCache
could be a problem, I set it to "none", but it didn't help... :-(

To achieve SSL-support I changed the following things:

- /etc/sysconfig/apache2: added "ssl" to APACHE_MODULES , set
APACHE_SERVER_FLAGS to "-D SSL -D STATUS"

- /etc/apache2/ssl.conf: set SSLCACertificateFile, SSLCertificateFile,
SSLCertificateKeyFile to the apropriate files, SSLVerifyClient require,
SSLVerifyDepth 10

I would be very thankful for any advises, what could be the problem....

With regards,

Stephan Boldt
 
Reply With Quote
 
 
 
 
Joachim Ring
Guest
Posts: n/a

 
      12-15-2003, 11:38 AM
> I run an https intranet-Site using Apache2 with mod_ssl. The "pure", server
> certified https-tunnel works fine, but when I require a client certificate
> by setting SSLVerifyClient to "required", a segmentation fault occurs:
>
> child pid 6364 exit signal Segmentation fault (11)

could you please turn up the log level to debug and take post a
snapshot of that failed client auth.

> - /etc/apache2/ssl.conf: set SSLCACertificateFile, SSLCertificateFile,
> SSLCertificateKeyFile to the apropriate files, SSLVerifyClient require,
> SSLVerifyDepth 10

do you need a verify depth of 10? normally if you sign your certs with
your own ca, 1 should be right.

i assume the apache and openssl versions you mentioned are with latest
backported security fixes, there have been quite a lot of holes in the
asn1 parser code used for client certs in openssl lately. otoh, you
own certs should not be malicious, right?

anyways, did you try a client cert from a commercial ca in order to
check that your own ones are not the problem? most commercial ca's
offer free of charge demo certs, a good place is
http://www.tc-trustcenter.de as their demo cert is valid for a whole
year - you need the corresponding class 1 root ca cert too, of
course...

joachim
 
Reply With Quote
Reply

« error NETDEV WATCHDOG | iptable freezeup »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
telnet: "segmentation fault" everytimes antiw Linux Networking 9 10-14-2006 09:22 PM
segmentation fault in tcptraceroute Alex Bransky Linux Networking 2 10-13-2004 04:03 PM
Segmentation fault need help Marcia Hon Linux Networking 4 02-16-2004 07:13 PM
Shell command gets Segmentation Fault Hagit Linux Networking 2 01-02-2004 01:13 PM
segmentation fault Steven Luk Linux Networking 3 12-10-2003 02:55 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11