enterprise-support team mailing list archive

Thread
Date

[Bug 1865999] [NEW] apache2-2.4.29-1ubuntu4.12 causes SSL Client Certificate verification to fail

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: fluff <1865999@xxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Mar 2020 08:24:12 -0000
Reply-to: Bug 1865999 <1865999@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Upgraded from apache2-2.4.29-1ubuntu4.11 to apache2-2.4.29-1ubuntu4.12
caused SSL Client certificate verification to stop working. Downgrading
apache2, apache2-bin, apache2-data, apache2-utils back to
2.4.29-1ubuntu4.11 restored SSL Client certificate verification
functionality. No configuration changes where made.

---
In /etc/apache2/mods-enabled/ssl.conf:

SSLCACertificateFile "/etc/ssl/certs/ca.pem"

In /etc/apache2/sites-enabled/000-default-le-ssl.conf:
<Location "/wp-login.php">
   <If "! -R 'n.n.n.n/32'">
      SSLOptions +StdEnvVars
      SSLVerifyClient require
   </If>
</Location>
---
Log output when connecting to apache2-2.4.29-1ubuntu4.12:

[Wed Mar 04 08:03:21.266624 2020] [ssl:error] [pid 20037:tid 140559339464448] [client 1.2.3.4] AH: verify client post handshake
[Wed Mar 04 08:03:28.654651 2020] [ssl:error] [pid 20037:tid 140559339464448] [client 1.2.3.4] AH02263: Re-negotiation handshake failed: Client certificate missing

---
root@www:/var/log# lsb_release -rd
Description:	Ubuntu 18.04.4 LTS
Release:	18.04

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1865999

Title:
  apache2-2.4.29-1ubuntu4.12 causes SSL Client Certificate verification
  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1865999/+subscriptions