Custom Query (16 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (10 - 12 of 16)

1 2 3 4 5 6
Ticket Resolution Summary Owner Reporter
#135 invalid mod_gnutls bug ? Daniel Kahn Gillmor Feelingsannkimo
Description

我使用 mod_ssl 沒問題, 換成 mod_gnutls 會有一些問題! web 使用上正常: https://mani5.qoowoo.com/ http://www.sslchecker.com/sslchecker?su=58c1428092b59c3d2776ef893d47104d SSL is not trusted 只有 mod_gnutls 會有這樣問題!

#18 fixed mod_gnutls: Does not support aarch64 Daniel Kahn Gillmor Daniel Kahn Gillmor
Description

imported from mantis, e-ndy wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=926157

#24 fixed mod-proxy test in gnutls_hooks.c inadequate; breaks localhost encryption Daniel Kahn Gillmor Peter Gamache
Description

The following block of code in gnutls_hooks.c doesn't actually test for use by mod_proxy, but takes a shortcut (comparing IPs) that breaks local connectivity for processes running on the same host:

if (c->remote_addr->hostname || apr_strnatcmp(c->remote_ip,c->local_ip) == 0) {
/* Connection initiated by Apache (mod_proxy) => ignore */
         return OK;
}

These work fine when coming from other hosts but break if used on the same machine that's running Apache+gnutls:

# gnutls-cli-debug localhost
Resolving 'localhost'...
Connecting to '127.0.0.1:443'...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... yes
Checking for TLS 1.0 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.0... yes

Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1

# openssl s_client -connect localhost:443
CONNECTED(00000003)
140710953731744:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Guess what works though? A plaintext request on port 443:

# telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /
<html><body text="#ffffff" bgcolor="#000000"><p><tt>It is pitch black.  You are likely to be eaten by a grue.<br />></tt></p></body></html>
Connection closed by foreign host.
1 2 3 4 5 6
Note: See TracQuery for help on using queries.