[mod_gnutls-devel] Reverse proxy tests fail with latest Apache
Sunil Mohan Adapa
sunil at medhas.org
Wed Apr 11 14:19:21 CEST 2018
On Monday 09 April 2018 12:34 PM, Thomas Klute wrote:
> Am 04.04.2018 um 12:49 schrieb Sunil Mohan Adapa:
>> I am investigating a serious regression on all FreedomBoxes with reverse
>> proxying TLS connections. I found that the following tests fail with
>> Apache 2.4.33-1 (Debian):
>>
>> FAIL: test-19_TLS_reverse_proxy.bash
>> FAIL: test-20_TLS_reverse_proxy_client_auth.bash
>> FAIL: test-21_TLS_reverse_proxy_wrong_cert.bash
>> FAIL: test-22_TLS_reverse_proxy_crl_revoke.bash
>> FAIL: test-23_TLS_reverse_proxy_mismatched_priorities.bash
>>
>> Can someone please confirm.
>
> This seems to be a result of Apache changing the API used by mod_proxy
> to set up its client connections, in particular introducing the
> "ssl_engine_set" function.
>
> Please try the attached patch and let me know if it fixes the issue.
>
I confirm that the patch fixes the issue. I did the following:
- I build a .deb with the patch applied on top of mod-gnutls_0.8.2-3
inside cowbuilder. All tests have passed while they were failing without
the patch.
- I installed the built .deb on FreedomBox machine and confirmed that
the original problem with reverse proxying has been fixed.
Thank you very much for a prompt fix. Now, if we could have a release
with the fix sneak into Debian... :)
--
Sunil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/mod_gnutls-devel/attachments/20180411/04b34795/attachment.sig>
More information about the mod_gnutls-devel
mailing list