Ubuntu
apache2 package

apache2-2.4.29-1ubuntu4.12 causes SSL Client Certificate verification to fail

Bug #1865999 reported by fluff
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Upgraded from apache2-2.4.29-1ubuntu4.11 to apache2-2.4.29-1ubuntu4.12 caused SSL Client certificate verification to stop working. Downgrading apache2, apache2-bin, apache2-data, apache2-utils back to 2.4.29-1ubuntu4.11 restored SSL Client certificate verification functionality. No configuration changes where made.

---
In /etc/apache2/mods-enabled/ssl.conf:

SSLCACertificateFile "/etc/ssl/certs/ca.pem"

In /etc/apache2/sites-enabled/000-default-le-ssl.conf:
<Location "/wp-login.php">
   <If "! -R 'n.n.n.n/32'">
      SSLOptions +StdEnvVars
      SSLVerifyClient require
   </If>
</Location>
---
Log output when connecting to apache2-2.4.29-1ubuntu4.12:

[Wed Mar 04 08:03:21.266624 2020] [ssl:error] [pid 20037:tid 140559339464448] [client 1.2.3.4] AH: verify client post handshake
[Wed Mar 04 08:03:28.654651 2020] [ssl:error] [pid 20037:tid 140559339464448] [client 1.2.3.4] AH02263: Re-negotiation handshake failed: Client certificate missing

---
root@www:/var/log# lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04

See original description
fluff (dune-fluffigt)
description: updated
Revision history for this message
fluff (dune-fluffigt) wrote :

Seems to be because of https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1834671

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Paride Legovini (paride) wrote :

I'm marking this bug as a duplicate of #1865900. Please comment back if you don't agree the two bug reports are for the same issue.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.