Strange error after upgrading from Apache 2.2.25 to 2.2.27 (and upgrading from FreeBSD9 to FreeBSD10)

Rainer Duffner rainer at
Mon Jun 16 14:03:50 UTC 2014


I have a system that does the following:

SSLProxyEngine on
SSLProxyMachineCertificateFile /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt
SSLProxyCACertificateFile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt
SSLProxyVerify require 
SSLProxyVerifyDepth 1

This configuration worked with FreeBSD9, apache-2.2.25.

However, after the upgrade to FreeBSD10 and apache-2.2.27, I get:

[Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(696): Configuring
client authentication
[Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(1414): CA
certificate: /C=CH/ST=ZH/L=Zuerich/O=H-Net AG, Ingbk/OU=Swiss Medical
Suite Docbox Forwarder Test Facility/CN=SMS Docbox Proxy Test
[Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(1414): CA
certificate: /C=CH/ST=ZH/L=Zuerich/O=H-Net AG/OU=H-Net Secure
Operations/ at incomplete client
cert configured for SSL proxy (missing or encrypted private key?)

I'm a bit puzzled by this, because I don't see any obvious error.

openssl verify
-CAfile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt:

They seem to match...

Can anybody share some insight?

I know it's this part that is problematic, because if I comment out
this section (and a similar section in another config-file, that uses
the same syntax), apache starts again.


More information about the freebsd-apache mailing list