[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apache over ssl stopped working

Hi,

a while back i had a working setup for webmail(squirrelmail) over SSL.
I basically forced http and https over port 9000 so everthing
was going over SSL.
These are the components:
apache          1.3.31-1
apache-common   1.3.31-1
php4            4.3.4-4
squirrelmail    1.5.0-1
openssl         0.9.7d-3
libssl-dev      0.9.7d-2
libssl0.9.7     0.9.7d-2

Since then i added a config for a webmail.domain virtualhost to apache
and if made a new certificate to test setting up a CA.
After running great for a while, i started having problems in that
https connections didn't work anymore. After a restart, all was fine.
Now, even after a reboot the https. Doesn't work anymore. If have
added my configs below. Note that since those problems started, i've
installed the latest versions of the aformentioned softwares so this
could have something to do with it.

Anyway, here are some results:
http://domain.ddts.net:9000/~benedict/index.html, works
https://domain.ddts.net:9000/~benedict/index.html, doesn't work

http://domain.ddts.net:9000/cgi-bin/man/man2html, only works if i
comment the mod_rewrite.c part.

https://domain.ddts.net:9000/mail doesn't get found (that's what the
error message tells me). This point to squirrelmail
https://webmail.domain.ddts.net:9000 doesn't work either.

I made a simple php file in ~benedict and taht works so it seems that
my php config is correct.

Excerpt from acces.log with <IfModule mod_rewrite.c> enabled
============================================================
192.168.1.10 - - [29/May/2004:00:25:30 +0200] "GET /cgi-bin/man/man2html
HTTP/1.1" 302 242 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1"
192.168.1.10 - - [29/May/2004:00:25:30 +0200] "\x80g\x01\x03" 302 - "-"
"-"
   -> the last line is when i try via https

Excerpt from acces.log with <IfModule mod_rewrite.c> disabled
=============================================================
192.168.1.10 - - [29/May/2004:00:42:26 +0200] "\x80g\x01\x03" 200 361
"-" "-"
   -> the last line is when i try via https and more specifically
      https://domain.ddts.net:9000/mail
Matching error message from error.log
[Sat May 29 00:41:25 2004] [error] [client 81.xxx.xxx.xxx] File does not
exist: /var/www/mail

Check with openssl
==================
root@arthur:/var/log/apache[00:56:35]#  openssl s_client -connect
localhost:9000 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080B06E8 [080B0D78] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00
..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00
.............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40
b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00
..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 78 11
..............x.
0070 - 01 4a be 89 a6 c1 31 04-2e a6 78 c1 79 cc 06 92
.J....1...x.y...
0080 - f1 e7 ab 5e 66 0c 4d 67-60 d6 54 d5 94 dd         ...^f.Mg`.T...
SSL_connect:SSLv2/v3 write client hello A
read from 080B06E8 [080B62D8] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
7155:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
root@arthur:/var/log/apache[00:57:09]#

This seems rather weird! It seems to have problems with my certificate?

My httpd.conf
=============
ServerType standalone
ServerRoot /etc/apache
LockFile /var/lock/apache.lock
PidFile /var/run/apache.pid
ScoreBoardFile /var/run/apache.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 100
Include /etc/apache/modules.conf
<IfModule mod_status.c>
  ExtendedStatus On
</IfModule>
Port 9000
User www-data
Group www-data
ServerAdmin webmaster@domain.ddts.net
ServerName localhost
DocumentRoot /var/www
<Directory />
    Options SymLinksIfOwnerMatch
    AllowOverride None
</Directory>
<Directory /var/www/>
    Options Indexes Includes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<IfModule mod_userdir.c>
    UserDir public_html
</IfModule>
<Directory /home/*/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
    </Limit>
    <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
        Order deny,allow
        Deny from all
    </Limit>
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.php3 index.php index.htm index.shtml
index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
UseCanonicalName On
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile /usr/share/misc/file/magic.mime
</IfModule>
HostnameLookups Off
ErrorLog /var/log/apache/error.log
LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
%T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
%P %T" debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/apache/access.log combined
ServerSignature Off
Alias /icons/ /usr/share/apache/icons/
<Directory /usr/share/apache/icons>
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory /usr/lib/cgi-bin/>
    AllowOverride None
    Options ExecCGI -MultiViews
    Order allow,deny
    Allow from all
</Directory>
<IfModule mod_autoindex.c>
   IndexOptions FancyIndexing NameWidth=*
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/deb.gif .deb
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    DefaultIcon /icons/unknown.gif
    ReadmeName README
    HeaderName HEADER
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>
<IfModule mod_mime.c>
    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz
    AddLanguage da .dk
    AddLanguage nl .nl
    AddLanguage en .en
    AddLanguage et .ee
    AddLanguage fr .fr
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage it .it
    AddLanguage ja .ja
    AddCharset ISO-2022-JP .jis
    AddLanguage pl .po
    AddCharset ISO-8859-2 .iso-pl
    AddLanguage pt .pt
    AddLanguage pt-br .pt-br
    AddLanguage lb .lu
    AddLanguage ca .ca
    AddLanguage es .es
    AddLanguage sv .se
    AddLanguage cs .cz
    <IfModule mod_negotiation.c>
        LanguagePriority en da nl et fr de el it ja pl pt pt-br lb ca es
sv
    </IfModule>
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
    AddType application/x-tar .tgz
    AddType image/bmp .bmp
    AddType text/x-hdml .hdml
</IfModule>
AddDefaultCharset on
<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
<IfModule mod_perl.c>
  Alias /perl/ /var/www/perl/
  <Location /perl>
    SetHandler perl-script
    PerlHandler Apache::Registry
    Options +ExecCGI
  </Location>
</IfModule>
Alias /doc/ /usr/share/doc/
<Location /doc>
  order deny,allow
  deny from all
  allow from 127.0.0.0/255.0.0.0
  Options Indexes FollowSymLinks MultiViews
</Location>
Alias /www /var/www
<Directory /var/www>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
    </Limit>
    <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
        Order deny,allow
        Deny from all
    </Limit>
</Directory>
<IfModule mod_proxy.c>
</IfModule>
<IfModule mod_rewrite.c>
  <IfModule mod_ssl.c>
      RewriteEngine on
      RewriteCond %{HTTPS} !=on
      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
  </IfModule>
</IfModule>

NameVirtualHost domain.ddts.net:9000

<VirtualHost domain.ddts.net:9000>
   SSLEngine On
   SSLCertificateFile /etc/apache/apache.crt
   SSLCertificateKeyFile /etc/apache/apache.key
   DocumentRoot /var/www
   DirectoryIndex index.php index.php3 index.html
   ServerName domain.ddts.net
   Alias /www /var/www
   Alias /mail /usr/share/squirrelmail
   ErrorLog /var/log/apache/domain.ddts.net-error.log
   CustomLog /var/log/apache/host.domain.ddts.net.log debug
</VirtualHost>
<VirtualHost webmail.domain.ddts.net:9000>
   SSLEngine On
   SSLCertificateFile /etc/apache/apache.crt
   SSLCertificateKeyFile /etc/apache/apache.key
   DocumentRoot /usr/share/squirrelmail
   DirectoryIndex index.php index.php3 index.html
   ServerName webmail.domain.ddts.net
</VirtualHost>
Include /etc/apache/conf.d

My modules.conf from apache
===========================
# Autogenerated file - do not edit!
# This file is maintained by the apache package.
# To update it, run the command:
#    /usr/sbin/apache-modconf apache
ClearModuleList
AddModule mod_so.c
AddModule mod_macro.c
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so
LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
LoadModule info_module /usr/lib/apache/1.3/mod_info.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so

Any ideas or better ways to debug are appreciated. If set "LogLevel
debug"
in the httpd.conf but that doesn't seem to help that much.

Regards,
Benedict
Reply to: