Project

General

Profile

Actions

Bug #3182

closed

Test config reports invalid ssl.pemfile in $HTTP["host"] condition

Added by flynn 23 days ago. Updated 23 days ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:
No

Description

Testing the lighttpd configuration (version 1.4.68) on the cmdline

lighttpd -f /etc/lighttpd/lighttpd.conf -tt

reports
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition

if the ssl.pemfile is inside a $HTTP["host"] condition with a regular expression:
$HTTP["host"] =~ "^(abc|efg)\.ghi\.jk$" {
  ssl.pemfile = ...

According to the official documentation on https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL this is valid. Restarting lighttpd does NOT generate an entry in the error log file.

This seems to bo only an issue using the test config cmdline option.

I'm not sure, whether this is new in version 1.4.68 or existed before ...

Actions #1

Updated by gstrauss 23 days ago

  • Status changed from New to Patch Pending

ick. The trace is new with 1.4.68. Configuration directives are very, very rarely removed and I removed a mess of historical TLS directives in lightptd 1.4.68. Unfortunately, there is also a special case to avoid trace for ssl.pemfile, which is allowed in $HTTP["host"]. Other than the incorrect trace, I do not think this has ill-effect, but am digging further to be more certain.

Actions #2

Updated by gstrauss 23 days ago

This bug causes excess trace, but not other ill-effect.

Actions #3

Updated by gstrauss 23 days ago

  • Status changed from Patch Pending to Fixed
Actions

Also available in: Atom