Project

General

Profile

have problem establish SSL connection in 1.4.30

Added by silence about 10 years ago

environment:
  • CentOS 5 x64, kernel 2.6.18-92.el5
  • Lighttpd v1.4.30
  • Configure with --with-openssl --with-openssl-libs=/usr/lib --with-fam
  • openssl v0.9.8e
  • lighttpd.conf, the setting for SSL
    $SERVER["socket"] == "0.0.0.0:4343" {
    ssl.engine = "enable" 
    ssl.pemfile = "/etc/lighttpd/server.pem" 
    accesslog.filename = "/var/log/lighttpd/portal_access.log" 
    server.document-root        = var.portalUI.document-root
    fastcgi.server             = ( ".php" =>
                                   ( "localhost" =>
                                     (
                                       "socket" => "/tmp/php-fastcgi.socket",
                                       "bin-path" => "/usr/bin/php-cgi",
                                       "max-procs" => 4,
                                       "bin-environment" =>
                                       (
                                         "PHP_FCGI_CHILDREN" => "8",
                                         "PHP_FCGI_MAX_REQUESTS" => "1000" 
                                       )
                                     )
                                   )
                                )
    }
    
  • server.pem is created by following command:
    openssl req -new -x509 -keyout /etc/lighttpd/server.pem -out /etc/lighttpd/server.pem -days 3650 -nodes -subj '/CN=My Server/O=MyWeb'
    

I try to use curl to connect to my web:

$> curl -vk https://localhost:4343
* About to connect() to localhost port 4343
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 4343
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:4343
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:4343

use openssl to test:

$> openssl s_client -connect localhost:4343
CONNECTED(00000003)
5890:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:182:

The lighttpd seems to disconnect the client SSL connection immediately, the http connection is always fine.
If I rollback to install 1.4.28, everything is OK....
Does anyone have the same problem?
Thanks!


Replies (1)

RE: have problem establish SSL connection in 1.4.30 - Added by carpii about 10 years ago

Try upgrading to 4.1.31

There was a problem introduced into lighty 4.1.30 which could cause lighty to segfault on the first SSL request.

    (1-1/1)