i just experienced a weird problem with my apache 2.0.47 installation: http basic auth using md5 hashed passwords works fine, but http basic auth using sha1 hashed passwords (htpasswd2 -cs htpasswd mylogin) doesn't work at all. the apache2 error_log at "loglevel debug" is not specific and wrong (the submitted user credentials were correct): [Tue Aug 26 08:40:21 2003] [error] [client 192.168.1.33] user bla: authentication failure for "/test": Password Mismatch Server version: Apache/2.0.47 Server built: Aug 22 2003 21:33:23 i've tried to track down the problem with the help of #apache @freenode, but all we found out was that apparently md5 hashes work but sha1 don't. both worked fine with my previous apache 1.3.x (gentoo) Reproducible: Always Steps to Reproduce: 1. emerge apache 2.0.47 2. setup apache and config a dir to use basic auth (.htaccess) 3. create a new htpasswd file using sha1 hashes: htpasswd2 -cs htpasswd mylogin 4. test it using "loglevel debug" 5. compare the whole thing to using md5 hashes instead Actual Results: if using sha1 hashes: access denied if using md5 hashes: works fine Expected Results: if using sha1 hashes: works fine if using md5 hashes: works fine i don't really use any special setup/hw, just an i586 box i don't know whether this bug only affects my box. however i followed all standard gentoo procedures when emerging and configuring apache 2.0.47. i set this bug to critical as it prevents previous htpasswd files from working, resulting in big annoyance as an admin is usually not supposed to know those passwords. thus he can't regenerate the htpasswd file using md5 hashed pwds (which is a work-around)
please repeat the tests with 2.0.48-r1/2 and include your emerge info output and openssl version if the problem still occurs.
Daniel, Do you have an update on this bug? Thanks chuck
i've checked it again on my current system, and yes, the phenomenon is still there. some details of my emerge info: Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.6.4) ================================================================= System uname: 2.6.4 i686 VIA Samuel 2 Gentoo Base System version 1.4.3.13 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.7.7 ACCEPT_KEYWORDS="x86" CFLAGS="-march=c3 -mcpu=c3 -m3dnow -fomit-frame-pointer -mmmx -O3 -pipe" (btw: the bug also appeared with very conservative cflag settings) CHOST="i586-pc-linux-gnu" COMPILER="gcc3" CXXFLAGS="-march=c3 -mcpu=c3 -m3dnow -fomit-frame-pointer -mmmx -O3 -pipe" USE="apache2 apm arts avi berkdb crypt cups curl encode foomaticdb gdbm gif gpm gtk2 imlib java jpeg libg++ libwww mad maildir mikmod motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python quicktime readline sdl slang spell ssl svga tcpd tetex truetype x86 xml2 xmms xv zlib" openssl version: OpenSSL 0.9.7d 17 Mar 2004 the thing about the apache2 error log not being specific enough to determine the reason of this behavior still applies. however, as no other gentoo user has confirmed this behavior so far, i suggest to close this bug report.
Closing bug.
