have problem establish SSL connection in 1.4.30
Added by silence almost 13 years ago
environment:
- CentOS 5 x64, kernel 2.6.18-92.el5
- Lighttpd v1.4.30
- Configure with --with-openssl --with-openssl-libs=/usr/lib --with-fam
- openssl v0.9.8e
- lighttpd.conf, the setting for SSL
$SERVER["socket"] == "0.0.0.0:4343" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/server.pem" accesslog.filename = "/var/log/lighttpd/portal_access.log" server.document-root = var.portalUI.document-root fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/tmp/php-fastcgi.socket", "bin-path" => "/usr/bin/php-cgi", "max-procs" => 4, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "8", "PHP_FCGI_MAX_REQUESTS" => "1000" ) ) ) ) } - server.pem is created by following command:
openssl req -new -x509 -keyout /etc/lighttpd/server.pem -out /etc/lighttpd/server.pem -days 3650 -nodes -subj '/CN=My Server/O=MyWeb'
I try to use curl to connect to my web:
$> curl -vk https://localhost:4343 * About to connect() to localhost port 4343 * Trying 127.0.0.1... connected * Connected to localhost (127.0.0.1) port 4343 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to localhost:4343 * Closing connection #0 curl: (35) Unknown SSL protocol error in connection to localhost:4343
use openssl to test:
$> openssl s_client -connect localhost:4343 CONNECTED(00000003) 5890:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:182:
The lighttpd seems to disconnect the client SSL connection immediately, the http connection is always fine.
If I rollback to install 1.4.28, everything is OK....
Does anyone have the same problem?
Thanks!
Replies (1)
RE: have problem establish SSL connection in 1.4.30 - Added by carpii almost 13 years ago
Try upgrading to 4.1.31
There was a problem introduced into lighty 4.1.30 which could cause lighty to segfault on the first SSL request.