Strange error after upgrading from Apache 2.2.25 to 2.2.27 (and upgrading from FreeBSD9 to FreeBSD10)
olli hauer
ohauer at gmx.de
Thu Jun 26 21:16:27 UTC 2014
On 2014-06-23 10:48, Rainer Duffner wrote:
> Am Mon, 16 Jun 2014 16:03:38 +0200
> schrieb Rainer Duffner <rainer at ultra-secure.de>:
>
>> Hi,
>>
>>
>> I have a system that does the following:
>>
>> SSLProxyEngine on
>> SSLProxyMachineCertificateFile /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt
>> SSLProxyCACertificateFile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt
>> SSLProxyVerify require
>> SSLProxyVerifyDepth 1
>>
>>
>> This configuration worked with FreeBSD9, apache-2.2.25.
>>
>> However, after the upgrade to FreeBSD10 and apache-2.2.27, I get:
>
>
> Also, it does work with FreeBSD 9.2p8 and apache-2.2.27.
>
> So it really seems to be a problem with FreeBSD 10's OpenSSL.
>
One of the difference between 8/9 and 10 is the OpenSSL version 0.9.8? and 1.0.1?
It seems you are not the only one and it has something to do with the SSL key format (PKCS#8 / PKCS#1)
New OpenSSL is using PKCS#1 which is not supported by mod_ssl but the cert can be converted to PKCS#8
See the Answer from Joe Orton on the RHEL bugtracker
http://mail-archives.apache.org/mod_mbox/httpd-bugs/201310.mbox/%3Cbug-55673-7868@https.issues.apache.org/bugzilla/%3E
https://bugzilla.redhat.com/show_bug.cgi?id=1025057
// olli
More information about the freebsd-apache
mailing list