Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 262277 - www-servers/apache-2.2.10 with SNI and mpm-peruser - SSL error on request
Summary: www-servers/apache-2.2.10 with SNI and mpm-peruser - SSL error on request
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High normal
Assignee: Apache Team - Bugzilla Reports
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-12 16:05 UTC by Vladimir Kulev
Modified: 2009-10-08 19:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Kulev 2009-03-12 16:05:39 UTC 
I have Apache installed with SNI and peruser MPM enabled. The configuration is as followed:

Listen 443
NameVirtualHost *:443

<VirtualHost *:443>
ServerName admin.firun.ru
ServerEnvironment admin admin
DocumentRoot "/home/admin/admin.firun.ru/htdocs"

SSLEngine on
SSLOptions StrictRequire
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

.....
</VirtualHost>

Firefox describes SSL error as "ssl_error_rx_record_too_long", IE7 just fails. Both of them ask me to verify my self-signed certificate first, so error is somewhere in the middle of connection.

If I disable SNI (with use flag or "<VirtualHost admin.firun.ru:443>") or change MPM module everything works right.

Reproducible: Always

Steps to Reproduce:
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2009-03-12 22:20:51 UTC 
Please post you "emerge --info" as well as the output of
  emerge -qpv apache

Reopen this bug when you provide the requested information.
Comment 2 Vladimir Kulev 2009-03-12 22:46:03 UTC 
You know, I am using paludis, so this might be more helpful. In any case I will do everything to help solving this problem.

# emerge --info
Portage 2.1.6.7 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.8_p20080602-r1, 2.6.27.12 i686)
=================================================================
System uname: Linux-2.6.27.12-i686-Intel-R-_Core-TM-2_Quad_CPU_Q6600_@_2.40GHz-with-glibc2.0
Timestamp of tree: Mon, 09 Mar 2009 09:05:01 +0000
distcc 3.0 i686-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7-r1, 2.1.7
dev-lang/python:     2.5.2-r7
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.4.3-r1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.63
sys-devel/automake:  1.7.9-r1, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=i686 -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=i686 -O2 -pipe"
DISTDIR="/usr/distfiles"
FEATURES="ccache distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1"
LINGUAS="en ru"
MAKEOPTS="-j8"

# paludis -q apache
* www-servers/apache
    gentoo:                  2.2.9-r1 2.2.10 (2.2.11)K {:2}
    installed:               2.2.10* {:2}
    Description:             The Apache Web Server.
    Homepage:                http://httpd.apache.org/
    License:                 Apache-2.0 Apache-1.1
    Installed time:          Thu Mar 12 15:24:23 2009
    Use flags:               (-debug) (-doc) (ldap) (-selinux) (sni) (ssl) (-static) (-suexec) (-threads) apache2_modules: (actions) (alias) (-asis) (auth_basic) (-auth_digest) (authn_alias) (authn_anon) (-authn_dbd) (authn_dbm) (authn_default) (authn_file) (authz_dbm) (authz_default) (authz_groupfile) (authz_host) (authz_owner) (authz_user) (autoindex) (cache) (-cern_meta) (-charset_lite) (dav) (dav_fs) (dav_lock) (-dbd) (deflate) (dir) (disk_cache) (-dumpio) (env) (expires) (ext_filter) (file_cache) (filter) (headers) (-ident) (-imagemap) (include) (info) (log_config) (-log_forensic) (logio) (mem_cache) (mime) (mime_magic) (negotiation) (-proxy) (-proxy_ajp) (-proxy_balancer) (-proxy_connect) (-proxy_ftp) (-proxy_http) (rewrite) (setenvif) (speling) (status) (-substitute) (unique_id) (userdir) (usertrack) (-version) (vhost_alias) apache2_mpms: (-event) (-itk) (peruser) (-prefork) (-worker)
    From repositories:       gentoo
    Installed using:         paludis-0.34.5
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2009-03-13 00:23:08 UTC 
(In reply to comment #2)
> You know, I am using paludis, so this might be more helpful. In any case I will
> do everything to help solving this problem.

> # paludis -q apache

Try paludis --info www-servers/apache instead.
Comment 4 Vladimir Kulev 2009-03-13 00:28:32 UTC 
As you requested:

# paludis --info www-servers/apache::installed
paludis 0.34.5                                        
Paludis build information:                            
    Compiler:                                         
        CXX:                   i686-pc-linux-gnu-g++ 4.1.2 (Gentoo 4.1.2 p1.0.2)
        CXXFLAGS:               -march=i686 -O2 -pipe                           
        LDFLAGS:               -Wl,-O1                                          
        DATE:                  2009-02-27T03:16:28+0300                         

    Libraries:
        C++ Library:           GNU libstdc++ 20070214

    Reduced Privs:
        reduced_uid:           108
        reduced_uid->name:     paludisbuild
        reduced_uid->dir:      /var/tmp/paludis
        reduced_gid:           450             
        reduced_gid->name:     paludisbuild    

    Paths:
        DATADIR:               /usr/share
        LIBDIR:                /usr/lib  
        LIBEXECDIR:            /usr/libexec
        SYSCONFDIR:            /etc        
        PYTHONINSTALLDIR:                  
        RUBYINSTALLDIR:                    

Environment:
    Format:                    paludis
    Config dir:                /etc/paludis
    World file:                /var/db/pkg/world

Repository installed-virtuals:
    format:                    installed_virtuals
    root:                      /                 

Repository virtuals:
    format:                    virtuals

Repository gentoo:
    format:                    ebuild
    location:                  /var/paludis/repositories/gentoo
    append_repository_name_to_write_cache: true                
    binary_destination:        false                           
    binary_keywords:                                           
    binary_uri_prefix:                                         
    builddir:                  /var/tmp/paludis                
    cache:                     /var/paludis/repositories/gentoo/metadata/cache
    distdir:                   /usr/distfiles                                 
    eapi_when_unknown:         0                                              
    eapi_when_unspecified:     0                                              
    eclassdirs:                /var/paludis/repositories/gentoo/eclass        
    ignore_deprecated_profiles: false                                         
    layout:                    traditional                                    
    names_cache:               /var/paludis/repositories/gentoo/.cache/names  
    newsdir:                   /var/paludis/repositories/gentoo/metadata/news 
    profile_eapi_when_unspecified: 0                                          
    profiles:                  /var/paludis/repositories/gentoo/profiles/default/linux/x86/2008.0
    securitydir:               /var/paludis/repositories/gentoo/metadata/glsa                    
    setsdir:                   /var/paludis/repositories/gentoo/sets                             
    sync:                      rsync://rsync.gentoo.org/gentoo-portage                           
    sync_options:                                                                                
    use_manifest:              use                                                               
    write_cache:               /var/paludis/repositories/gentoo/.cache/metadata                  

Repository installed:
    format:                    vdb
    location:                  /var/db/pkg
    builddir:                  /var/tmp/paludis
    names_cache:               /var/db/pkg/.cache/names
    provides_cache:            /var/db/pkg/.cache/provides
    root:                      /                          

Repository misc:
    format:                    ebuild
    location:                  /var/paludis/repositories/misc
    append_repository_name_to_write_cache: true              
    binary_destination:        false                         
    binary_keywords:                                         
    binary_uri_prefix:                                       
    builddir:                  /var/tmp/paludis              
    cache:                     /var/empty                    
    distdir:                   /usr/distfiles                
    eapi_when_unknown:         0                             
    eapi_when_unspecified:     0                             
    eclassdirs:                /var/paludis/repositories/gentoo/eclass /var/paludis/repositories/misc/eclass
    ignore_deprecated_profiles: false                                                                       
    layout:                    traditional                                                                  
    master_repository:         gentoo                                                                       
    names_cache:               /var/paludis/repositories/misc/.cache/names                                  
    newsdir:                   /var/paludis/repositories/misc/metadata/news                                 
    profile_eapi_when_unspecified: 0                                                                        
    profiles:                  /var/paludis/repositories/gentoo/profiles/default/linux/x86/2008.0           
    securitydir:               /var/paludis/repositories/misc/metadata/glsa                                 
    setsdir:                   /var/paludis/repositories/misc/sets                                          
    sync:                                                                                                   
    sync_options:                                                                                           
    use_manifest:              use                                                                          
    write_cache:               /var/paludis/repositories/misc/.cache/metadata                               

Package www-servers/apache-2.2.10::installed:

        >>> Running ebuild phase killoldmisc as paludisbuild:paludisbuild...
        bunzip2 < /var/db/pkg/www-servers/apache-2.2.10/environment.bz2 > /var/tmp/paludis/environment-www-servers-apache-2.2.10-11789
        ebuild_scrub_environment /var/tmp/paludis/environment-www-servers-apache-2.2.10-11789                                         
        ebuild_safe_source /var/tmp/paludis/environment-www-servers-apache-2.2.10-11789                                               
        rm /var/tmp/paludis/environment-www-servers-apache-2.2.10-11789                                                               
        >>> Starting builtin_killoldmisc                                                                                              
        >>> Done builtin_killoldmisc                                                                                                  
        >>> Completed ebuild phase killoldmisc                                                                                        
        >>> Running ebuild phases initmisc infovars info as paludisbuild:paludisbuild...                                              
        bunzip2 < /var/db/pkg/www-servers/apache-2.2.10/environment.bz2 > /var/tmp/paludis/environment-www-servers-apache-2.2.10-11847
        ebuild_scrub_environment /var/tmp/paludis/environment-www-servers-apache-2.2.10-11847                                         
        ebuild_safe_source /var/tmp/paludis/environment-www-servers-apache-2.2.10-11847                                               
        rm /var/tmp/paludis/environment-www-servers-apache-2.2.10-11847                                                               
        >>> Starting builtin_initmisc                                                                                                 
        >>> Done builtin_initmisc                                                                                                     
        >>> Starting builtin_infovars                                                                                                 
        ACCEPT_KEYWORDS=x86                                                                                                           
        CBUILD=i686-pc-linux-gnu                                                                                                      
        CFLAGS=-march=i686 -O2 -pipe                                                                                                  
        CHOST=i686-pc-linux-gnu                                                                                                       
        CONFIG_PROTECT=/etc /etc                                                                                                      
        CONFIG_PROTECT_MASK=/etc/gentoo-release /etc/env.d/java/ /etc/php/cli-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/udev/rules.d /etc/fonts/fonts.conf /etc/terminfo /etc/eselect/postgresql /etc/ca-certificates.conf /etc/revdep-rebuild /etc/env.d /etc/gconf                                                                                                              
        CPPFLAGS=                                                                                                                         
        CTARGET=                                                                                                                          
        CXXFLAGS=-march=i686 -O2 -pipe                                                                                                    
        DISTDIR=/var/db/pkg/www-servers/apache-2.2.10                                                                                     
        FEATURES=strict sfperms                                                                                                           
        FFLAGS=                                                                                                                           
        GENTOO_MIRRORS=                                                                                                                   
        INSTALL_MASK=                                                                                                                     
        LANG=                                                                                                                             
        LC_ALL=C                                                                                                                          
        LDFLAGS=-Wl,-O1 -Wl,--no-as-needed                                                                                                
        LINGUAS=en ru                                                                                                                     
        MAKEOPTS=-j8                                                                                                                      
        PORTAGE_COMPRESS=                                                                                                                 
        PORTAGE_COMPRESS_FLAGS=                                                                                                           
        PORTAGE_CONFIGROOT=                                                                                                               
        PORTAGE_RSYNC_EXTRA_OPTS=                                                                                                         
        PORTAGE_RSYNC_OPTS=                                                                                                               
        PORTAGE_TMPDIR=/var/tmp/paludis                                                                                                   
        PORTDIR=/var/db/pkg/www-servers/apache-2.2.10                                                                                     
        PORTDIR_OVERLAY=                                                                                                                  
        SYNC=
        USE=ldap sni ssl x86 alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1 alsa_cards_emu10k1x alsa_cards_ens1370 alsa_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audioalsa_cards_via82xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mmap_emul alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_nullalsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol apache2_modules_actions apache2_modules_alias apache2_modules_auth_basic apache2_modules_authn_alias apache2_modules_authn_anon apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_rewrite apache2_modules_setenvif apache2_modules_speling apache2_modules_status apache2_modules_unique_id apache2_modules_userdir apache2_modules_usertrack apache2_modules_vhost_alias apache2_mpms_peruser elibc_glibc input_devices_evdev input_devices_keyboard input_devices_mouse kernel_linux lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text linguas_en linguas_ru userland_GNU video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i810 video_cards_intel video_cards_mach64 video_cards_mga video_cards_neomagic video_cards_nv video_cards_r128 video_cards_radeon video_cards_savagevideo_cards_sis video_cards_tdfx video_cards_trident video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo x86
        >>> Done builtin_infovars
        >>> Starting pkg_info
        >>> Done pkg_info
        >>> Completed ebuild phases initmisc infovars info
        >>> Running ebuild phase tidyupmisc as paludisbuild:paludisbuild...
        bunzip2 < /var/db/pkg/www-servers/apache-2.2.10/environment.bz2 > /var/tmp/paludis/environment-www-servers-apache-2.2.10-11925
        ebuild_scrub_environment /var/tmp/paludis/environment-www-servers-apache-2.2.10-11925
        ebuild_safe_source /var/tmp/paludis/environment-www-servers-apache-2.2.10-11925
        rm /var/tmp/paludis/environment-www-servers-apache-2.2.10-11925
        >>> Starting builtin_tidyupmisc
        rm -fr /var/tmp/paludis/www-servers-apache-2.2.10-misc
        >>> Done builtin_tidyupmisc
        >>> Completed ebuild phase tidyupmisc
Comment 5 Corentin Chary (RETIRED) gentoo-dev 2009-07-06 18:09:58 UTC 
Same here, but this should be fixed by :
http://www.mail-archive.com/peruser@telana.com/msg00274.html
Comment 6 Corentin Chary (RETIRED) gentoo-dev 2009-07-07 13:20:27 UTC 
(In reply to comment #5)
> Same here, but this should be fixed by :
> http://www.mail-archive.com/peruser@telana.com/msg00274.html
> 

After reading more carefully the patch, it seems pretty old and don't know if it really work.
Comment 7 Martin Mlynar 2009-08-09 20:30:02 UTC 
I have a same problem here even without SNI. With only one SSL host enabled.
Comment 8 Martin Mlynar 2009-08-09 20:33:53 UTC 
According to my experiments it seems that everytime when I just use "NameVirtualHost *:443" (even when only one vhost is configured) things stop working
Comment 9 Benedikt Böhm (RETIRED) gentoo-dev 2009-09-17 10:31:19 UTC 
peruser and namebased ssl virtual hosts do not work yet. peruser 0.4.0 will probably change that.
Comment 10 Benedikt Böhm (RETIRED) gentoo-dev 2009-10-08 19:12:07 UTC 
i've updated the peruser patch to 0.4.0b1 in apache-2.2.14-r1 which supports SNI. please test