[Modules] GnuTLSClientVerify segmentation fault

Jack Bates ms419 at freezone.co.uk
Fri Sep 5 12:17:27 EDT 2008 

I am trying to configure client certificate verification for a
particular path on my server. (Eventually I want to require client
certificate verification for access to my Subversion repository.)

When this lead to segmentation faults, I tried debugging in gdb, however
I am struggling with this a bit.

Attached is my test httpd.conf and a screenlog of my gdb session. When I
run Apache with this test httpd.conf, I confirm that accessing
https://localhost:8080/ works. (I am using Firefox and it apparently
makes a secure request and successfully displays the expected page.)

However accessing https://localhost:8080/test leads to segmentation
faults every time.

How can I provide more debugging information? I suspect that the gdb
backtrace is not helpful because I am missing some debugging symbols,
but I am struggling a bit to understand gdb and not sure which symbols I
am missing. I compiled mod_gnutls from Subversion, using:

autoreconf -vfi
./configure --with-apxs=/usr/sbin/apxs2
make

Maybe I am missing symbols for Apache, or libgnutls?

I am running Debian unstable, Apache 2.2.9, and libgnutls 2.4.1. I
observed segmentation faults when trying to configure GnuTLSClientVerify
with mod_gnutls 0.5.1, 0.5.2, and Subversion r386

Jack
-------------- next part --------------
Listen 8080
ServerRoot /home/jablko/trash
PidFile apache2.pid
LoadModule gnutls_module /home/jablko/trash/mod_gnutls/src/.libs/libmod_gnutls.so
GnuTLSEnable On

GnuTLSPriorities NORMAL

GnuTLSCertificateFile ssl/certs/ssl-cert-snakeoil.pem
GnuTLSKeyFile ssl/private/ssl-cert-snakeoil.key

<Location /test>
  GnuTLSClientVerify require
</Location>
-------------- next part --------------
ket% gdb /usr/sbin/apache2
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
(gdb) r -X -f httpd.conf 
Starting program: /usr/sbin/apache2 -X -f httpd.conf
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[New Thread 0xb74c6700 (LWP 21465)]
[New Thread 0xb746eb90 (LWP 21471)]
[New Thread 0xb6c6db90 (LWP 21472)]
[New Thread 0xb646cb90 (LWP 21473)]
[New Thread 0xb5c6bb90 (LWP 21474)]
[New Thread 0xb546ab90 (LWP 21475)]
[New Thread 0xb4c69b90 (LWP 21476)]
[New Thread 0xb4468b90 (LWP 21477)]
[New Thread 0xb3c67b90 (LWP 21478)]
[New Thread 0xb3466b90 (LWP 21479)]
[New Thread 0xb2c65b90 (LWP 21480)]
[New Thread 0xb2464b90 (LWP 21481)]
[New Thread 0xb1c63b90 (LWP 21482)]
[New Thread 0xb1462b90 (LWP 21483)]
[New Thread 0xb0c61b90 (LWP 21484)]
[New Thread 0xb0460b90 (LWP 21485)]
[New Thread 0xafc5fb90 (LWP 21486)]
[New Thread 0xaf45eb90 (LWP 21487)]
[New Thread 0xaec5db90 (LWP 21488)]
[New Thread 0xae45cb90 (LWP 21489)]
[New Thread 0xadc5bb90 (LWP 21490)]
[New Thread 0xad45ab90 (LWP 21491)]
[New Thread 0xacc59b90 (LWP 21492)]
[New Thread 0xac458b90 (LWP 21493)]
[New Thread 0xabc57b90 (LWP 21494)]
[New Thread 0xab456b90 (LWP 21495)]
[New Thread 0xaac55b90 (LWP 21496)]
[New Thread 0xaa454b90 (LWP 21497)]
[Thread 0xb746eb90 (LWP 21471) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xadc5bb90 (LWP 21490)]
0x00000050 in ?? ()
(gdb) bt
#0  0x00000050 in ?? ()
#1  0xb7859852 in ?? () from /usr/lib/libgnutls.so.26
#2  0x08e4e8c0 in ?? ()
#3  0xadc5ae38 in ?? ()
#4  0x00000000 in ?? ()
(gdb) 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.outoforder.cc/pipermail/modules/attachments/20080905/eed10052/attachment.bin

More information about the Modules mailing list