git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Reverse proxy not sending certificate


Am 18.10.2018 um 17:32 schrieb Schettler, Marty L.:
Good advice. Thanks! However, I just retested with 2.4.35 and I get the exact same results as with 2.4.34. Any other ideas? I’d welcome a workaround too.

Could well be

http://svn.apache.org/viewvc?rev=1844226&view=rev

which is still missing in 2.4.35. It will be part of the fortcoming 2.4.37, but you can also easily apply the small change to your 2.4.35 sources if you build yourself. You only need to add the two lines marked with a leading "+" sign here:

http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?r1=1844226&r2=1844225&pathrev=1844226

Regards,

Rainer

*From:*William A Rowe Jr [mailto:wrowe@xxxxxxxxxxxxx]
*Sent:* Friday, October 12, 2018 6:26 PM
*To:* users@xxxxxxxxxxxxxxxx
*Subject:* Re: [users@httpd] Reverse proxy not sending certificate

A number of regressions are fixed in 2.4.35, please retest against that version.

On Fri, Oct 12, 2018, 15:27 Schettler, Marty L. <Martin.L.Schettler@xxxxxxxxxx <mailto:Martin.L.Schettler@xxxxxxxxxx>> wrote:

    My reverse proxy config doesn’t work with SSL any more as I try to
    upgrade from 2.4.29 to 2.4.34.

    My config:

    SSLProxyEngine On

    SSLProxyMachineCertificateFile /path/to/server_crt_and_key.crt

    SSLProxyCACertificatePath /etc/cacerts

    <Location /proxy>

       ProxyPass https://host01:9443/p

       ProxyPassReverse https://host01:9443/p

       SSLVerifyClient require

    </Location>

    Again, this works just fine with 2.4.29. However, in 2.4.34 I get a
    502 in my browser “Error reading from remote server” and my httpd
    log file has a warning “AH02268: Proxy client callback: (host01:443)
    downstream server wanted client certificate but none are
    configured.” Is this possible related to PR 62232? If so, I thought
    it would have been fixed in 2.4.32.

    Any help is greatly appreciated!!

    Marty

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx