OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62417] configure: error: cannot run /usr/local/bin/bash build/config.sub similar to 21377


https://bz.apache.org/bugzilla/show_bug.cgi?id=62417

--- Comment #12 from Dennis Clarke <dclarke@xxxxxxxxxxxxx> ---
OKay .. server is running and seems to support TLS v1.3 with a test from
the openssl s_client thus : 

tls13 $ /usr/local/bin/openssl s_client -connect beta.tls13.net:443 -debug
-state -tls1_3
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x100851c00 [0x1008530b0] (238 bytes => 238 (0xEE))
0000 - 16 03 01 00 e9 01 00 00-e5 03 03 6f 37 f3 07 e9   ...........o7...
0010 - 32 c8 7f 52 65 dd 36 de-e7 ad 12 9d 9c 8f 1f b5   2..Re.6.........
.
.
. etc etc 
.
.
.

SSL_connect:TLSv1.3 read encrypted extensions
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
read from 0x100851c00 [0x1008aab63] (5 bytes => 5 (0x5))
0000 - 17 03 03 01 19                                    .....
read from 0x100851c00 [0x1008aab68] (281 bytes => 281 (0x119))
.
.
.
SSL_connect:TLSv1.3 read server certificate verify
.
.
.
-----END CERTIFICATE-----
subject=CN = *.tls13.net

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3281 bytes and written 318 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key:
C1EA188089C8453F4C8D0C7EA5A43A48E70645B541F165D79A2D5FDB0DAB73057CF7D06344B5E864E456D71957867922
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1527832235
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
---
read from 0x100851c00 [0x1008aab63] (5 bytes => 0 (0x0))
read:errno=0
write to 0x100851c00 [0x1008aecc3] (24 bytes => 24 (0x18))
0000 - 17 03 03 00 13 21 31 4f-bf e6 5c 3a f9 97 80 9d   .....!1O..\:....
0010 - cd 9f f7 4f 18 d8 6b d4-                          ...O..k.
SSL3 alert write:warning:close notify
read from 0x100851c00 [0x100845940] (8192 bytes => 0 (0x0))
tls13 $ 

That all looks correct except for the "unable to get local issuer certificate"


The Apache 2.5.1 server ssl logs claim : 

beta # grep "\.201" ssl_error_log
[Fri Jun 01 05:50:35.464787 2018] [ssl:info] [pid 29510:tid 27] [client
68.179.116.201:40912] AH01964: Connection to child 88 established (server
beta.tls13.net:443)
[Fri Jun 01 05:50:35.465720 2018] [ssl:debug] [pid 29510:tid 27]
ssl_engine_kernel.c(2297): [client 68.179.116.201:40912] AH02043: SSL virtual
host for servername beta.tls13.net found
[Fri Jun 01 05:50:35.501553 2018] [ssl:debug] [pid 29510:tid 27]
ssl_engine_kernel.c(2222): [client 68.179.116.201:40912] AH02041: Protocol:
TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
[Fri Jun 01 05:50:35.501610 2018] [ssl:error] [pid 29510:tid 27] [client
68.179.116.201:40912] AH02042: rejecting client initiated renegotiation
[Fri Jun 01 05:50:35.502045 2018] [ssl:debug] [pid 29510:tid 27]
ssl_engine_io.c(1400): (130)Software caused connection abort: [client
68.179.116.201:40912] AH02007: SSL handshake interrupted by system [Hint: Stop
button pressed in browser?!]
[Fri Jun 01 05:50:35.502320 2018] [ssl:info] [pid 29510:tid 27] [client
68.179.116.201:40912] AH01998: Connection closed to child 88 with abortive
shutdown (server beta.tls13.net:443)
beta # 
beta # /usr/local/bin/openssl ciphers -V -s -tls1_3
          0x13,0x02 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any 
Enc=AESGCM(256) Mac=AEAD
          0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any 
Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0x13,0x01 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any 
Enc=AESGCM(128) Mac=AEAD
beta # 

That looks correct .. however I have yet to get a beta/nightly Mozilla browser
to connect.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx