Received: (qmail 50351 invoked by uid 501); 15 Mar 2002 18:02:26 -0000
Message-Id: <20020315180226.50350.qmail@apache.org>
Date: 15 Mar 2002 18:02:26 -0000
From: Justin Holdsworth <J.Holdsworth@nopworld.com>
Reply-To: J.Holdsworth@nopworld.com
To: submit@bugz.apache.org
Subject: using ssl together witrh reverse proxy/rewrite fails
X-Send-Pr-Version: 3.110

>Number:         10204
>Category:       mod_proxy
>Synopsis:       using ssl together witrh reverse proxy/rewrite fails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Mar 15 10:10:01 PST 2002
>Closed-Date:    Sun Mar 31 17:34:38 PST 2002
>Last-Modified:  Sun Mar 31 17:34:38 PST 2002
>Originator:     J.Holdsworth@nopworld.com
>Release:        2.0.32
>Organization:
>Environment:
Linux log.nop.nopworld.com 2.4.17-grsecurity-1.9.2 #5 Tue Jan 15 16:21:23 GMT 2002 i686 unknown
Linux redhat 7.2 
>Description:
We are trying to use apache2 to provide reverse proxy services in the same way as we use apache1.3, https://servername/server1/pages.xxx is requested from http://seerver1/pages.xxx. This works in 1.3 but in 2.0.32 we get
 [Fri Mar 15 17:50:44 2002] [error] mod_ssl: SSL error on writing data (OpenSSL library error follows)
[Fri Mar 15 17:50:44 2002] [error] OpenSSL: error:140D0114:SSL routines:SSL_write:uninitialized
[Fri Mar 15 17:50:44 2002] [error] mod_ssl: failed to write 16 of 16 bytes (reason unknown).

Requesting ssl encrypted pages off the actual server itself works fine. Its onl when we try and use the proxying capabilities that we fail.
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: rbb
State-Changed-When: Sun Mar 31 17:34:37 PST 2002
State-Changed-Why:
Proxy over SSL support was added to the server very recently.  It will be available in a public release starting with 2.0.34
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]