[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#485635: apache2-mpm-prefork: Incorrect warning with wildcard ssl certificates

Package: apache2-mpm-prefork
Version: 2.2.3-4+etch4
Severity: minor

There seems to be a bug in the matching code to decide if the certificate
matches the vhost name. In my log files, I'm getting logs of incorrect
warnings of the form:
  [warn] RSA server certificate CommonName (CN) `*.example.com' does NOT
  match server name!?

In one particular case, I have:
  ServerName fluffy.torchbox.com
  subject= /C=UK/ST=Oxfordshire/L=Oxford/O=Torchbox/OU=Web
  Servers/CN=*.torchbox.com

But still get the warning:
  [warn] RSA server certificate CommonName (CN) `*.torchbox.com' does
  NOT match server name!?

So it looks like the checking code is incorrect

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (200, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages apache2-mpm-prefork depends on:
ii  apa 2.2.3-4+etch4                        Next generation, scalable, extenda
ii  lib 1.2.7-8.2                            The Apache Portable Runtime Librar
ii  lib 1.2.7+dfsg-2                         The Apache Portable Runtime Utilit
ii  lib 2.7-10                               GNU C Library: Shared libraries
ii  lib 4.4.20-8                             Berkeley v4.4 Database Libraries [
ii  lib 1.95.8-3.4                           XML parsing C library - runtime li
ii  lib 2.1.30-13.3                          OpenLDAP libraries
ii  lib 7.4-1                                Perl 5 Compatible Regular Expressi
ii  lib 8.1.11-0etch1                        PostgreSQL C client library
ii  lib 3.3.8-1.1                            SQLite 3 shared library
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 universally unique id library

apache2-mpm-prefork recommends no packages.

-- no debconf information
Reply to: