[mod_gnutls-devel] Reverse proxy tests fail with latest Apache

Sunil Mohan Adapa sunil at medhas.org
Wed Apr 11 14:19:21 CEST 2018

On Monday 09 April 2018 12:34 PM, Thomas Klute wrote:
> Am 04.04.2018 um 12:49 schrieb Sunil Mohan Adapa:
>> I am investigating a serious regression on all FreedomBoxes with reverse
>> proxying TLS connections.  I found that the following tests fail with
>> Apache 2.4.33-1 (Debian):
>> FAIL: test-19_TLS_reverse_proxy.bash
>> FAIL: test-20_TLS_reverse_proxy_client_auth.bash
>> FAIL: test-21_TLS_reverse_proxy_wrong_cert.bash
>> FAIL: test-22_TLS_reverse_proxy_crl_revoke.bash
>> FAIL: test-23_TLS_reverse_proxy_mismatched_priorities.bash
>> Can someone please confirm.
> This seems to be a result of Apache changing the API used by mod_proxy
> to set up its client connections, in particular introducing the
> "ssl_engine_set" function.
> Please try the attached patch and let me know if it fixes the issue.

I confirm that the patch fixes the issue. I did the following:

- I build a .deb with the patch applied on top of mod-gnutls_0.8.2-3
inside cowbuilder. All tests have passed while they were failing without
the patch.

- I installed the built .deb on FreedomBox machine and confirmed that
the original problem with reverse proxying has been fixed.

Thank you very much for a prompt fix. Now, if we could have a release
with the fix sneak into Debian... :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/mod_gnutls-devel/attachments/20180411/04b34795/attachment.sig>

More information about the mod_gnutls-devel mailing list