Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Answered
Priority: High
Fix Version/s: None
Affects Version/s: 2.2.7, 2.3.1
Component/s: Integration - Apache/Subversion, Integration/Connectors
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The issue:

when using self signed certificates for SSL, the apache mod_authnz_crowd module (Crowd Apache Connector) rejects the certificate regardless of configuration on the crowd server.

The symptoms:

when setting CrowdURL to a https value in apache you will receive a 500 error through the browser, looking in the apache error_log you will see: "Failed to send authentication request (CURLcode 60)" - this is returned by the CURL library that the module uses to make its connection, and error code 60 from the CURL library can be found here http://curl.haxx.se/libcurl/c/libcurl-errors.html
/>
CURLE_SSL_CACERT (60) - Peer certificate cannot be authenticated with known CA certificates.

A quick look at the CURL manual (http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLVERIFYPEER) reveals: This option determines whether curl verifies the authenticity of the peer's certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.

The Solution:

See attached patch file, simple one liner fix.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

crowd_client.patch
0.6 kB
29/Jul/2011 8:22 AM
crowd_client-ssl-verification.patch
5 kB
13/Apr/2012 2:18 PM

Activity

People

Assignee:: Unassigned

Reporter:: Moodle Sysadmin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 29/Jul/2011 8:22 AM

Updated:: 15/Aug/2019 7:05 AM

Resolved:: 15/Mar/2013 6:19 AM

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified