[Issues] [mod_gnutls 0000122]: For some virtualhosts, Modgnutls ignores configured GnuTLSX509CertificateFile

Mantis Bug Tracker issues at outoforder.cc
Sun Dec 19 17:42:28 EST 2010 

The following issue has been SUBMITTED. 
====================================================================== 
http://issues.outoforder.cc/view.php?id=122 
====================================================================== 
Reported By:                AlainKnaff
Assigned To:                
====================================================================== 
Project:                    mod_gnutls
Issue ID:                   122
Category:                   Configuration Issue
Reproducibility:            always
Severity:                   major
Priority:                   high
Status:                     new
Apache Version:             2.2.11-2ubuntu2.7 
====================================================================== 
Date Submitted:             2010-12-19 17:42 EST
Last Modified:              2010-12-19 17:42 EST
====================================================================== 
Summary:                    For some virtualhosts, Modgnutls ignores configured
GnuTLSX509CertificateFile
Description: 
For some virtualhosts, Modgnutls ignores configured GnuTLSX509CertificateFile
and uses the certificate for a random other site instead.

I've got a virtual host defined as follows:

<VirtualHost *:443>
        GnuTLSEnable on
        GnuTLSPriorities NORMAL:%COMPAT
        GnuTLSX509CertificateFile ssl.crt/www.alain.knaff.lu.crt
        GnuTLSX509KeyFile ssl.key/server2048.key

        ServerName www.alain.knaff.lu
        ServerAlias knaff.lu alain.knaff.lu
        DocumentRoot /home/aknaff/public_html
</VirtualHost>

When accessing it as https://knaff.lu , GnuTLS uses the correct certificate
(i.e. the one in ssl.crt/www.alain.knaff.lu.crt)

When accessing it as https://www.alain.knaff.lu , GnuTLS uses the certificate of
a different virtual host residing on the same server (lll.lu)

Steps to Reproduce: 
1. Set up virtual host as above
2. Access it using firefox, using https://www.alain.knaff.lu
3. Watch for "certificate matches a different site" errors.

On my server, this reproduces the error 100% percent of the time. However, I am
unsure why it picks the certificate for lll.lu, rather than the certificate for
one of the many other domains residing on the server.

====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-12-19 17:42 AlainKnaff     New Issue                                    
2010-12-19 17:42 AlainKnaff     File Added: www.alain.knaff.lu.crt              
     
======================================================================

More information about the Issues mailing list