elaka / mod-spdy

Automatically exported from code.google.com/p/mod-spdy
0 stars 0 forks source link

SSL Certificate Error with mod_spdy active #94

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What version/revision number of mod_spdy are you using?
RPM Package Install: mod-spdy-beta_current_x86_64.rpm
Downloaded and installed on 2014-07-27

What version of Apache are you using, and on what operating system?  (Use
`apache2ctl -v` to check.)
Server version: Apache/2.2.15 (Unix)
Server built:   Jul 23 2014 14:17:29

OS  CentOS 6.5 (Final)
Version Parallels Plesk v12.0.18_build1200140606.15 os_CentOS 6
Linux 3.10.23-xxxx-std-ipv6-64 #1 SMP Mon Dec 9 18:53:52 CET 2013 x86_64 x86_64 
x86_64 GNU/Linux

What other Apache modules are you using?  (Use `apache2ctl -M` to check.)
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 auth_digest_module (shared)
 authn_file_module (shared)
 authn_alias_module (shared)
 authn_dbm_module (shared)
 authn_default_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 authz_owner_module (shared)
 authz_groupfile_module (shared)
 authz_dbm_module (shared)
 authz_default_module (shared)
 include_module (shared)
 log_config_module (shared)
 logio_module (shared)
 env_module (shared)
 ext_filter_module (shared)
 mime_magic_module (shared)
 expires_module (shared)
 deflate_module (shared)
 headers_module (shared)
 usertrack_module (shared)
 setenvif_module (shared)
 mime_module (shared)
 dav_module (shared)
 status_module (shared)
 autoindex_module (shared)
 dav_fs_module (shared)
 vhost_alias_module (shared)
 negotiation_module (shared)
 dir_module (shared)
 actions_module (shared)
 speling_module (shared)
 alias_module (shared)
 substitute_module (shared)
 rewrite_module (shared)
 cache_module (shared)
 suexec_module (shared)
 disk_cache_module (shared)
 cgi_module (shared)
 version_module (shared)
 authn_dbd_module (shared)
 cgid_module (shared)
 dbd_module (shared)
 filter_module (shared)
 unique_id_module (shared)
 reqtimeout_module (shared)
 fcgid_module (shared)
 ssl_module (shared)
 perl_module (shared)
 python_module (shared)
Syntax OK

What browser version did you use to access the mod_spdy server?  On what
operating system? What flags was the browser invoked with?  (For
Chrome/Chromium, go to about:version to check.)
Google Chrome   36.0.1985.125 (Official Build 283153) m
OS  Windows 
Blink   537.36 (@177902)
JavaScript  V8 3.26.31.8
Flash   14.0.0.145
User Agent  Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like 
Gecko) Chrome/36.0.1985.125 Safari/537.36
Command Line    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
--flag-switches-begin --enable-origin-chip-v2-hide-on-mouse-release 
--flag-switches-end
Executable Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Profile Path    C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Profile 1
Variations  74785582-3f4a17df
e950616e-37fb3cc2
8afebf76-72a6f50b
c70841c8-a2567007
29f8fea-dffbf7ac
195ce1b5-d93a0620
3664a344-be9e69ba
9e5c75f1-f7f90a1c
24dca50e-837c4893
ca65a9fe-91ac3782
8d790604-9cb2a91c
4ea303a6-3d47f4f4
d8f57532-3f4a17df
b2612322-f8cf70e2
ea1014b7-dd21eb5a
5a3c10b5-e1cc0f14
244ca1ac-4ad60575
f47ae82a-746c2ad4
3ac60855-486e2a9c
246fb659-4c073154
f296190c-970d9ef1
4442aae2-a5822863
ed1d377-e1cc0f14
75f0f0a0-e1cc0f14
e2b18481-a90023b1
e7e71889-4ad60575
cbf0c14e-bf3e6cfd

Also Internet Explorer 11.0.9600.17207

What steps will reproduce the problem?
1. Activate mod_spdy module
2.
3.

What is the expected result? What do you see instead?
I should get my website (prestashop store) and I get the default Plesk / Apache 
webpage.
On the error_log I get the error:
[Mon Jul 28 08:09:53 2014] [warn] RSA server certificate CommonName (CN) 
`www.MYDOMAINNAME.TLD' does NOT match server name!? 

Please provide any additional information below.
Server Info:
CentOS 6.5
Apache 2.2.15
control panel Plesk 12.0.18
OpenSSL 1.0.1e-fips 11 Feb 2013

The SSL Certificate for the domain includes a SAN for the www subdomain
so it works for both MYDOMAINNAME.TLD and www.MYDOMAINNAME.TLD

SSL Labs test gives the website a scroe of A- on the SSL Test/Check.
Everything works well (website / store is SSL only) until I enable the mod_spdy.
Deactivating the mod_spdy all goes back to normal (website / store works and 
its SSL only).

Original issue reported on code.google.com by fpaul...@funny-cat.com on 28 Jul 2014 at 10:45

GoogleCodeExporter commented 8 years ago
More details from error_log

[Mon Jul 28 08:10:13 2014] [warn] RSA server certificate CommonName (CN) 
`www.MYDOMAINNAME.TLD' does NOT match server name!?
[Mon Jul 28 08:10:13 2014] [warn] Init: Name-based SSL virtual hosts only work 
for clients with TLS server name indication support (RFC 4366)
[Mon Jul 28 08:10:13 2014] [notice] mod_python: Creating 4 session mutexes 
based on 256 max processes and 0 max threads.
[Mon Jul 28 08:10:13 2014] [notice] mod_python: using mutex_directory /tmp 
[Mon Jul 28 08:10:13 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.9 
mod_ssl/2.2.27 OpenSSL/1.0.1h mod_python/3.3.1 Python/2.6.6 mod_perl/2.0.4 
Perl/v5.10.1 configured -- resuming normal operations

Original comment by fpaul...@funny-cat.com on 28 Jul 2014 at 11:01

GoogleCodeExporter commented 8 years ago
Please close this issue or append this to the issue 31

It was, yet again, a SSLRequireSSL problem.
Once I commented all of those directives on all of the conf files that Plesk / 
Apache uses the website worked fine (with SPDY/3)

Original comment by s...@funny-cat.com on 29 Jul 2014 at 9:16

GoogleCodeExporter commented 8 years ago

Original comment by mdste...@google.com on 29 Jul 2014 at 2:27