[FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.

Thu, 03 Feb 2011 07:46:15 -0800 

Forwarded to openssl-users for discussion.

Best regards,
        Lutz

----- Forwarded message from Ryan Wehrle <ryaner...@gmail.com> -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:date:message-id:subject:from:to
        :content-type:content-transfer-encoding;
        bh=3SVqXgi7XU2AyKoIAg/VcZOohkhWLoGcOoKp1DiDvDk=;
        b=ZUJ6eCdhqG0h+ngPIKyLyMlCq01n0oosXtQsTZcHpCtbUAQf56BS9QqlL4FExWbv37
        B6JGAP655zKncgyS3jNI5Vc2SPcPb/VOWyRuEX41X9D5ZY5t8JK2w32kC4UvQnp1IfS+
        zRM7B8vBpRxg59oMVSN6RTm614C6EpCHmykWk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type
        :content-transfer-encoding;
        b=YOwcRm54U5D8GeoTmcDzmBYbFXUFV0B1cFp2JVd95Us2SNfo4mnypM8kAwrTXLAcU8
        vrWYlHFFdnrEw2IHqoZxNanZP3Cp8ZNGD5y+oUgw/s4PZlFVtjRRY4IHvHi/NOgVjjGR
        B2pIaT7YHgSOyqbilSsPzmMHsMYHaGXYpXUzE=
Date: Mon, 31 Jan 2011 03:40:12 -0600
Subject: Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost
        ServerName set.
From: Ryan Wehrle <ryaner...@gmail.com>
To: openssl-b...@openssl.org

Essentially here are my results:
In other browsers (IE/FF/Chrome):
If I set the ServerName property to RFiles.org
- then try to goto https://RFiles.org, apache will crash.
- then try to goto https://MilesMilitusCallidus.com, I can connect
perfectly fine.
If I set the ServerName property to MilesMilitusCallidus.com
- then try to goto https://MilesMilitusCallidus.com, apache will crash.
- then try to goto https://RFiles.org, I can connect perfectly fine.

In Opera 11.01:
If I set the ServerName property to RFiles.org
- then try to goto https://RFiles.org, apache will crash.
- then try to goto https://MilesMilitusCallidus.com, the page loads forever.
If I set the ServerName property to MilesMilitusCallidus.com
- then try to goto https://MilesMilitusCallidus.com, apache will crash.
- then try to goto https://RFiles.org, the page loads forever.
For some odd reason, apache/openssl doesn't like the ServerName
property under the SSL virutal host. If I set it, whatever the domain
is set to (example rfiles.org), then type that domain in for https,
apache will crash.

(httpd.exe crashes because of ssleay32.dll from OpenSSL 1.0.0c)
The config that makes it crash (httpd-ssl.conf), then try to visit
"RFiles.org" since that is the property set for "ServerName":


-----------------------------------------------------------------------------------------------------------------------------httpd-ssl.conf
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:Z:/Apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex default
TraceEnable Off

<VirtualHost *:443>
        DocumentRoot "Z:/Apache/_MilesMilitusCallidus.com_SSL"
        ServerName RFiles.org
        ServerAdmin cae...@milesmilituscallidus.com
        ErrorLog "Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/error_ssl.log"
        TransferLog 
"Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/access_ssl.log"
        LogLevel debug

        SSLEngine on

        SSLProtocol -All +SSLv3 +TLSv1
        #SSLCipherSuite HIGH:MEDIUM
        SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile      
"Z:/Apache/conf/_OpenSSL/_SSL/certs/mmc.com-cert.pem"
        SSLCertificateKeyFile   
"Z:/Apache/conf/_OpenSSL/_SSL/pkeys/mmc.com-key.pem"
        SSLCACertificateFile
        "Z:/Apache/conf/_OpenSSL/_SSL/certs/ca-RFiles.org-cert.pem"
        SSLCARevocationFile     
"Z:/Apache/conf/_OpenSSL/_SSL/crl/ca-RFiles.org-crl.pem"

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "Z:/Apache/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0

        CustomLog 
"Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/ssl_request.log" \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

----- End forwarded message -----
--
Lutz Jaenicke           jaeni...@openssl.org
OpenSSL Project         http://www.openssl.org/~jaenicke/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to