Bug #3182: Test config reports invalid ssl.pemfile in $HTTP["host"] condition - Lighttpd - lighty labs

Actions

Copy link

Bug #3182

closed

Test config reports invalid ssl.pemfile in $HTTP["host"] condition

Added by flynn almost 2 years ago. Updated almost 2 years ago.

Status:

Fixed

Priority:

Normal

Category:

core

Target version:

1.4.69

ASK QUESTIONS IN Forums:

Description

Testing the lighttpd configuration (version 1.4.68) on the cmdline

lighttpd -f /etc/lighttpd/lighttpd.conf -tt

reports

2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition
2023-01-05 08:29:56: (mod_openssl.c.2532) ssl.pemfile is valid only in global scope or $SERVER["socket"] condition

if the ssl.pemfile is inside a $HTTP["host"] condition with a regular expression:

$HTTP["host"] =~ "^(abc|efg)\.ghi\.jk$" {
  ssl.pemfile = ...

According to the official documentation on https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL this is valid. Restarting lighttpd does NOT generate an entry in the error log file.

This seems to bo only an issue using the test config cmdline option.

I'm not sure, whether this is new in version 1.4.68 or existed before ...

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by gstrauss almost 2 years ago

Status changed from New to Patch Pending

ick. The trace is new with 1.4.68. Configuration directives are very, very rarely removed and I removed a mess of historical TLS directives in lightptd 1.4.68. Unfortunately, there is also a special case to avoid trace for ssl.pemfile, which is allowed in $HTTP["host"]. Other than the incorrect trace, I do not think this has ill-effect, but am digging further to be more certain.

Actions

Copy link