[Issues] [mod_gnutls 0000087]: mod_gnutls doesn't work with mod_proxy_http
Mantis Bug Tracker
issues at outoforder.cc
Mon Nov 3 14:15:58 EST 2008
A NOTE has been added to this issue.
======================================================================
http://issues.outoforder.cc/view.php?id=87
======================================================================
Reported By: csak
Assigned To: nmav
======================================================================
Project: mod_gnutls
Issue ID: 87
Category: Other
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
Apache Version: Apache/2.2.8 (Debian) DAV/2 SVN/1.4.6
mod_gnutls/0.5.1 mod_ssl/2.2.8 OpenSSL/0.9.8g
======================================================================
Date Submitted: 2008-06-13 13:13 EDT
Last Modified: 2008-11-03 14:15 EST
======================================================================
Summary: mod_gnutls doesn't work with mod_proxy_http
Description:
We get this error when we try to use mod_gnutls to proxy a service. The
proxying works on the similarly configured HTTP virtualhost.
The certificate is returned to the client, but then the borwser just
doesn't receive data until timeout.
I'm using a cacert.org class 3 certificate which works flawlessly on
OpenSSL.
The server produces the error message GnuTLS: Handshake Failed. Hit
Maximum Attempts.
The system is running an up-to date version of debian testing.
======================================================================
----------------------------------------------------------------------
(0000122) nmav (manager) - 2008-10-16 14:24
http://issues.outoforder.cc/view.php?id=87#c122
----------------------------------------------------------------------
Would increasing the HANDSHAKE_MAX_TRIES to 1024 in gnutls_io.c solve your
issue?
----------------------------------------------------------------------
(0000123) nmav (manager) - 2008-10-16 14:26
http://issues.outoforder.cc/view.php?id=87#c123
----------------------------------------------------------------------
Need feedback on the HANDSHAKE_MAX_TRIES proposal.
----------------------------------------------------------------------
(0000133) llucax (reporter) - 2008-11-03 09:26
http://issues.outoforder.cc/view.php?id=87#c133
----------------------------------------------------------------------
Please, see thread
http://lists.outoforder.cc/pipermail/modules/2008-October/000202.html
I think the problem is the proxied server is receiving the encrypted data
instead of the decrypted HTTP request.
----------------------------------------------------------------------
(0000134) nmav (manager) - 2008-11-03 14:15
http://issues.outoforder.cc/view.php?id=87#c134
----------------------------------------------------------------------
Ah, thank you. Would be easy for you to post a simple mod_proxy
configuration for me to check this issue?
Issue History
Date Modified Username Field Change
======================================================================
2008-06-13 13:13 csak New Issue
2008-06-13 13:13 csak Apache Version => Apache/2.2.8
(Debian) DAV/2 SVN/1.4.6 mod_gnutls/0.5.1 mod_ssl/2.2.8 OpenSSL/0.9.8g
2008-10-16 14:24 nmav Note Added: 0000122
2008-10-16 14:26 nmav Note Added: 0000123
2008-10-16 14:26 nmav Assigned To => nmav
2008-10-16 14:26 nmav Status new => feedback
2008-10-18 01:29 nmav Issue Monitored: nmav
2008-11-03 09:26 llucax Note Added: 0000133
2008-11-03 14:15 nmav Note Added: 0000134
======================================================================
More information about the Issues
mailing list