Bug 11162

Summary: Startup error with multiple SSL certificates
Product: [Retired] Red Hat Secure Web Server Reporter: Bailey, Greg <gbailey>
Component: securewebAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3.2CC: gbailey
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-05-08 23:08:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Bailey, Greg 2000-05-01 21:24:34 UTC
I'm trying to configure multiple SSL-enabled sites with Secure Web Server
version 3.2 as included with RedHat 6.2 Professional.  I have working
KEY/CERTIFICATE combinations for both sites, currently being used with
Apache-SSL.

In trying to replace Apache-SSL with RedHat Secure Web Server, I am unable
to start the webserver when both IP-based virtual hosts are configured.

I'm getting the following error:

[Fri Apr 28 09:49:01 2000] [error] mod_ssl: Couldn't recover size of server
key www.enhancecom.com:443/KEY_LENGTH

Does anyone have a simple configuration file that simply adds an IP-based
virtual host that is SSL enabled?

Comment 1 Bailey, Greg 2000-05-02 18:43:59 UTC
I have tested these keys and configuration with Apache 1.3.12 + mod_ssl 2.6.3 +
OpenSSL 0.9.5a, and DID NOT encounter this bug.

Consequently, I believe this to be a bug either in BSAFE or with RedHat's
integration w/BSAFE, although without the source it's difficult to tell, isn't
it?  :-(

Comment 2 Nalin Dahyabhai 2000-05-03 18:57:59 UTC
What sort of keys are the certificates generated with?  Are they signed by a
root CA, or local?

Comment 3 Nalin Dahyabhai 2000-05-04 15:29:59 UTC
This is a confirmed bug.  An errata is being tested.

Comment 4 Need Real Name 2000-07-28 21:16:43 UTC
Bug is not fixed.  Now even when trying to use SSL with a single domain 
environment, errors are generated in the ssl_engine_log file and the server 
crashes.

I was running 3.2-12, and I applied the errata to v3.2.1-1 and I still get the 
error with the SSL engine being unable to determine the length of the key.

Mr. Kang in Incident support has copies of all of our log files and our 
configuration file.  This error is reproduceable, and support feels that it is 
a bug.