Custom Query (16 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (10 - 12 of 16)

1 2 3 4 5 6
Ticket Resolution Summary Owner Reporter
#24 fixed mod-proxy test in gnutls_hooks.c inadequate; breaks localhost encryption Daniel Kahn Gillmor Peter Gamache
Description

The following block of code in gnutls_hooks.c doesn't actually test for use by mod_proxy, but takes a shortcut (comparing IPs) that breaks local connectivity for processes running on the same host:

if (c->remote_addr->hostname || apr_strnatcmp(c->remote_ip,c->local_ip) == 0) {
/* Connection initiated by Apache (mod_proxy) => ignore */
         return OK;
}

These work fine when coming from other hosts but break if used on the same machine that's running Apache+gnutls:

# gnutls-cli-debug localhost
Resolving 'localhost'...
Connecting to '127.0.0.1:443'...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... yes
Checking for TLS 1.0 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.0... yes

Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1

# openssl s_client -connect localhost:443
CONNECTED(00000003)
140710953731744:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Guess what works though? A plaintext request on port 443:

# telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /
<html><body text="#ffffff" bgcolor="#000000"><p><tt>It is pitch black.  You are likely to be eaten by a grue.<br />></tt></p></body></html>
Connection closed by foreign host.
#25 fixed Can't locate API module structure `ssl_module' Daniel Kahn Gillmor Christopher Dreher
Description

Hey,

i compiled the current git build (10. September 2014) for an older apache 2.2.3. when i now try to load the module i get the following error msg:

#:/usr/src/mod_gnutls# /etc/init.d/apache2 restart Forcing reload of web server (apache2)...apache2: Syntax error on line 185 of /etc/apache2/apache2.conf: Syntax error on line 4 of /etc/apache2/mods-enabled/gnutls.load: Can't locate API module structure `ssl_module' in file /usr/lib/apache2/modules/mod_gnutls.so: /usr/lib/apache2/modules/mod_gnutls.so: undefined symbol: ssl_module failed!

should it work with apache 2.2.3?

#26 worksforme End of file found: GnuTLS: Error reading data. (-54) 'Error in the pull function.' Daniel Kahn Gillmor Christopher Dreher
Description

When connecting by Google Chrome 37 or Mozilla Firefox 32 the connection to my HTTPS secured vhosts fails. Connections by IE 11 work fine. You can try it yourself by https://www.drehcom.de.

Loglevel is already set to info. What I see is only:

Tue Sep 16 09:29:42 2014] [info] (70014)End of file found: GnuTLS: Error reading data. (-54) 'Error in the pull function.' [Tue Sep 16 09:29:42 2014] [error] [client 195.243.60.226] request failed: error reading the headers

I am using the latest branch.

I compiled it for Apache/2.2.3

1 2 3 4 5 6
Note: See TracQuery for help on using queries.