Custom Query (16 matches)
Results (7 - 9 of 16)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#24 | fixed | mod-proxy test in gnutls_hooks.c inadequate; breaks localhost encryption | ||
Description |
The following block of code in gnutls_hooks.c doesn't actually test for use by mod_proxy, but takes a shortcut (comparing IPs) that breaks local connectivity for processes running on the same host: if (c->remote_addr->hostname || apr_strnatcmp(c->remote_ip,c->local_ip) == 0) { /* Connection initiated by Apache (mod_proxy) => ignore */ return OK; } These work fine when coming from other hosts but break if used on the same machine that's running Apache+gnutls: # gnutls-cli-debug localhost Resolving 'localhost'... Connecting to '127.0.0.1:443'... Checking for SSL 3.0 support... no Checking whether %COMPAT is required... yes Checking for TLS 1.0 support... no Checking for TLS 1.1 support... no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.2 support... no Checking whether we need to disable TLS 1.0... yes Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 # openssl s_client -connect localhost:443 CONNECTED(00000003) 140710953731744:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Guess what works though? A plaintext request on port 443: # telnet localhost 443 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / <html><body text="#ffffff" bgcolor="#000000"><p><tt>It is pitch black. You are likely to be eaten by a grue.<br />></tt></p></body></html> Connection closed by foreign host. |
|||
#23 | fixed | enable pkcs11 for server secret key material | ||
Description |
Nikos writes on-list with a good suggestion:
I also think this would be a useful feature. |
|||
#22 | fixed | test suite not VPATH-safe | ||
Description |
=========================================
========================================= # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: run_tests.sh ================== make: Entering an unknown directory make: * t: No such file or directory. Stop. make: Leaving an unknown directory |