Hi all, I'm running httpd 2.2.3 on win32 with openssl 0.9.8d as a reverse proxy server. One of the things this sever needs to do is to act as a reverse proxy for applications that do not speak SSL, to SSL-only servers.
I have configured the following: SSLMutex default SSLRandomSeed startup builtin SSLSessionCache none <VirtualHost 192.168.2.231:8443> DocumentRoot d:/WebServer/www ProxyRequests Off ProxyPreserveHost On RequestHeader set ClientProtocol HTTPS SSLProxyMachineCertificateFile d:/WebServer/apache2/conf/ssl/cellcom_cpm.cert SSLProxyEngine On ProxyPass /cpm/ https://192.118.30.12/ ProxyPassReverse /cpm/ https://192.118.30.12/ </VirtualHost> This worked for a few months, then suddenly started returning the following error and dying: [Mon Dec 18 10:17:53 2006] [error] (502)Unknown error: proxy: pass request body failed to 192.118.30.12:443 (192.118.30.12) [Mon Dec 18 10:17:53 2006] [error] (502)Unknown error: proxy: pass request body failed to 192.118.30.12:443 (192.118.30.12) from 192.168.2.1 () I ran httpd in debug mode and got the following: [Mon Dec 18 10:17:53 2006] [debug] mod_proxy_http.c(54): proxy: HTTP: canonicalising URL //192.118.30.12/cpm.wsdl [Mon Dec 18 10:17:53 2006] [debug] proxy_util.c(1378): [client 192.168.2.1] proxy: https: found worker https://192.118.30.12/ for https://192.118.30.12/cpm.wsdl [Mon Dec 18 10:17:53 2006] [debug] mod_proxy.c(756): Running scheme https handler (attempt 0) [Mon Dec 18 10:17:53 2006] [debug] mod_proxy_http.c(1662): proxy: HTTP: serving URL https://192.118.30.12/cpm.wsdl [Mon Dec 18 10:17:53 2006] [debug] proxy_util.c(1798): proxy: HTTPS: has acquired connection for (192.118.30.12) [Mon Dec 18 10:17:53 2006] [debug] proxy_util.c(1858): proxy: connecting https://192.118.30.12/cpm.wsdl to 192.118.30.12:443 [Mon Dec 18 10:17:53 2006] [debug] proxy_util.c(1951): proxy: connected /cpm.wsdl to 192.118.30.12:443 [Mon Dec 18 10:17:53 2006] [debug] proxy_util.c(2045): proxy: HTTPS: fam 2 socket created to connect to 192.118.30.12 [Mon Dec 18 10:17:53 2006] [debug] proxy_util.c(2141): proxy: HTTPS: connection complete to 192.118.30.12:443 (192.118.30.12) [Mon Dec 18 10:17:53 2006] [info] [client 192.118.30.12] Connection to child 249 established (server israel-test.backbone.locationet.com:8443) [Mon Dec 18 10:17:53 2006] [info] Seeding PRNG with 0 bytes of entropy [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/connect initialization [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv2/v3 write client hello A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 7/7 bytes from BIO#ec6da0 [mem: f03140] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 16 03 01 00 2a 02 ....*. | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1751): | 0007 - <SPACES/NULS> [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 40/40 bytes from BIO#ec6da0 [mem: f03147] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 00 26 03 01 fa 44 46 43-f0 21 42 c5 5f 67 8b 95 .&...DFC.!B._g.. | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0010: 03 0d d9 c8 dd 01 b1 19-52 76 3a 0f 39 1a c7 91 ........Rv:.9... | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0020: 4c d1 ee 4c 00 00 04 L..L... | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1751): | 0040 - <SPACES/NULS> [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read server hello A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 5/5 bytes from BIO#ec6da0 [mem: f03140] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 16 03 01 11 b1 ..... | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 4529/4529 bytes from BIO#ec6da0 [mem: f03145] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ (snip BIO dump) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1190): Certificate Verification: depth: 2, subject: /CN=CelCaRoot, issuer: /CN=CelCaRoot [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1190): Certificate Verification: depth: 2, subject: /CN=CelCaRoot, issuer: /CN=CelCaRoot [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1190): Certificate Verification: depth: 1, subject: /DC=il/DC=co/DC=cellcom/DC=corp/DC=sdmz/CN=sdmzca, issuer: /CN=CelCaRoot [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1190): Certificate Verification: depth: 0, subject: /C=IL/ST=Israel/L=Natania/O=Cellcom/OU=IT/CN=CPM-QA.cellcom.co.il, issuer: /DC=il/DC=co/DC=cellcom/DC=corp/DC=sdmz/CN=sdmzca [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read server certificate A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 5/5 bytes from BIO#ec6da0 [mem: f03140] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 16 03 01 00 08 ..... | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 8/8 bytes from BIO#ec6da0 [mem: f03145] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 0d 00 00 04 01 01 ...... | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1751): | 0008 - <SPACES/NULS> [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read server certificate request A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 5/5 bytes from BIO#ec6da0 [mem: f03140] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 16 03 01 00 04 ..... | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 4/4 bytes from BIO#ec6da0 [mem: f03145] (BIO dump follows) [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1747): | 0000: 0e . | [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1751): | 0004 - <SPACES/NULS> [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read server done A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1526): Proxy client certificate callback: (israel-test.backbone.locationet.com:8443) entered [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1499): Proxy client certificate callback: (israel-test.backbone.locationet.com:8443) no acceptable CA list, sending /O=Cellcom/CN=Locationet [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write client certificate A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write client key exchange A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate verify A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change cipher spec A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_io.c(1786): OpenSSL: I/O error, 5 bytes expected to read on BIO#ec6da0 [mem: f03140] [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read finished A [Mon Dec 18 10:17:53 2006] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read finished A [Mon Dec 18 10:17:53 2006] [info] [client 192.118.30.12] SSL Proxy connect failed [Mon Dec 18 10:17:53 2006] [info] [client 192.118.30.12] Connection closed to child 249 with abortive shutdown (server israel-test.backbone.locationet.com:8443) [Mon Dec 18 10:17:53 2006] [error] (502)Unknown error: proxy: pass request body failed to 192.118.30.12:443 (192.118.30.12) [Mon Dec 18 10:17:53 2006] [error] (502)Unknown error: proxy: pass request body failed to 192.118.30.12:443 (192.118.30.12) from 192.168.2.1 () I can't seem to find any definite answer googling this error. I'll be glad to have any lead on the subject. Cheers, Shai Yallin IT Manager & Developer LocatioNet Systems Ltd. Tel: +972-9-8856451 Fax: +972-9-8856452 Mobile: +972-54-4840868 "...we will be restoring normality just as soon as we are sure what is normal anyway."