osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62880] New: "Failed to configure CA certificate chain" because OpenSSL's error queue is not cleared


https://bz.apache.org/bugzilla/show_bug.cgi?id=62880

            Bug ID: 62880
           Summary: "Failed to configure CA certificate chain" because
                    OpenSSL's error queue is not cleared
           Product: Apache httpd-2
           Version: 2.4.37
          Hardware: PC
                OS: Linux
            Status: NEW
          Keywords: PatchAvailable
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: apache-bugzilla@xxxxxxxxxxxxxxxxxxx
  Target Milestone: ---

Created attachment 36241
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36241&action=edit
Bugfix (clear the error queue before loading CA chains)

When using mod_ssl and mod_md in a complex setup (some virtual hosts managed by
mod_md, some not), I got this error from mod_ssl:

AH01903: Failed to configure CA certificate chain!

Before loading the certificate chain, mod_ssl does not clear OpenSSL's error
queue. After loading the certificate chain, mod_ssl inspects the whole error
queue, and finds something. Probably an OpenSSL function called by mod_md has
added something to the error queue.

See also https://github.com/icing/mod_md/issues/84#issuecomment-375959559

The attached patch fixes the bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx