Actions
Bug #3182
closedTest config reports invalid ssl.pemfile in $HTTP["host"] condition
ASK QUESTIONS IN Forums:
No
Description
Testing the lighttpd configuration (version 1.4.68) on the cmdline
lighttpd -f /etc/lighttpd/lighttpd.conf -tt
reports
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition 2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition 2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition 2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
if the
ssl.pemfile is inside a $HTTP["host"] condition with a regular expression:
$HTTP["host"] =~ "^(abc|efg)\.ghi\.jk$" {
ssl.pemfile = ...
According to the official documentation on https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL this is valid. Restarting lighttpd does NOT generate an entry in the error log file.
This seems to bo only an issue using the test config cmdline option.
I'm not sure, whether this is new in version 1.4.68 or existed before ...
Updated by gstrauss over 1 year ago
- Status changed from New to Patch Pending
ick. The trace is new with 1.4.68. Configuration directives are very, very rarely removed and I removed a mess of historical TLS directives in lightptd 1.4.68. Unfortunately, there is also a special case to avoid trace for ssl.pemfile, which is allowed in $HTTP["host"]. Other than the incorrect trace, I do not think this has ill-effect, but am digging further to be more certain.
Updated by gstrauss over 1 year ago
This bug causes excess trace, but not other ill-effect.
Updated by gstrauss over 1 year ago
- Status changed from Patch Pending to Fixed
Applied in changeset 82a26c1bdb2fda2d19d281abde8d1b0e39bff21b.
Actions
Also available in: Atom