Cosmic verification
Confirming the bug with the distro packages:
*** 2.4.34-1ubuntu2.1 500
500 http://br.archive.ubuntu.com/ubuntu cosmic-updates/main amd64 Packages
index is downloaded, but after a long delay:
# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.2
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 10918 100 10918 0 0 705 0 0:00:15 0:00:15 --:--:-- 2567
Updating apache and repeating the download:
*** 2.4.34-1ubuntu2.2 500
500 http://br.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages
Now it's fast:
# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.2
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 10918 100 10918 0 0 1332k 0 --:--:-- --:--:-- --:--:-- 1332k
Log confirms client certificate authentication is still being used:
10.0.100.50 - - [05/Jul/2019:13:58:13 +0000] "GET / HTTP/1.1" 200 16525 "-" "curl/7.61.0" protocol=TLSv1.2 commonName=client-auth
The slight difference in downloaded data (16544 vs 16525) is due to less tls keep-alive pings in the success case. The md5 of index.html is identical:
# md5sum index.html*
3526531ccd6c6a1d2340574a305a18f8 index.html
3526531ccd6c6a1d2340574a305a18f8 index.html-before
Cosmic verification br.archive. ubuntu. com/ubuntu cosmic-updates/main amd64 Packages
Confirming the bug with the distro packages:
*** 2.4.34-1ubuntu2.1 500
500 http://
index is downloaded, but after a long delay: /ubuntu/ --cacert /etc/apache2/ cacert. pem --cert client-auth.pem --key client-auth.key --tlsv1.2
Dload Upload Total Spent Left Speed
# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
100 10918 100 10918 0 0 705 0 0:00:15 0:00:15 --:--:-- 2567
access log confirms the client certificate was used: 2019:13: 40:32 +0000] "GET / HTTP/1.1" 200 16544 "-" "curl/7.61.0" protocol=TLSv1.2 commonName= client- auth
10.0.100.50 - - [05/Jul/
Updating apache and repeating the download: br.archive. ubuntu. com/ubuntu cosmic- proposed/ main amd64 Packages
*** 2.4.34-1ubuntu2.2 500
500 http://
Now it's fast: /ubuntu/ --cacert /etc/apache2/ cacert. pem --cert client-auth.pem --key client-auth.key --tlsv1.2
Dload Upload Total Spent Left Speed
# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
100 10918 100 10918 0 0 1332k 0 --:--:-- --:--:-- --:--:-- 1332k
Log confirms client certificate authentication is still being used: 2019:13: 58:13 +0000] "GET / HTTP/1.1" 200 16525 "-" "curl/7.61.0" protocol=TLSv1.2 commonName= client- auth
10.0.100.50 - - [05/Jul/
The slight difference in downloaded data (16544 vs 16525) is due to less tls keep-alive pings in the success case. The md5 of index.html is identical: d2340574a305a18 f8 index.html d2340574a305a18 f8 index.html-before
# md5sum index.html*
3526531ccd6c6a1
3526531ccd6c6a1
Cosmic verification succeeded.