#92 Issue (Bug tracker) 3305224 Resurfaces in latest webmin+virt

[Anonymous]

Trying to connect to the server in SSL in Chrome renders a:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

All other browsers just won't load or throw some other "page not responding" type error.

Miniserve.error renders:

Use of uninitialized value in string eq at ./webmin-lib.pl line 1712.
restarting miniserv
[21/Jul/2012:10:52:51 -0400] Restarting
Pre-loaded virtual-server/virtual-server-lib-funcs.pl in virtual_server
Pre-loaded virtual-server/feature-unix.pl in virtual_server
Pre-loaded virtual-server/feature-dir.pl in virtual_server
Pre-loaded virtual-server/feature-dns.pl in virtual_server
Pre-loaded virtual-server/feature-mail.pl in virtual_server
Pre-loaded virtual-server/feature-web.pl in virtual_server
Pre-loaded virtual-server/feature-webalizer.pl in virtual_server
Pre-loaded virtual-server/feature-ssl.pl in virtual_server
Pre-loaded virtual-server/feature-logrotate.pl in virtual_server
Pre-loaded virtual-server/feature-mysql.pl in virtual_server
Pre-loaded virtual-server/feature-postgres.pl in virtual_server
Pre-loaded virtual-server/feature-ftp.pl in virtual_server
Pre-loaded virtual-server/feature-spam.pl in virtual_server
Pre-loaded virtual-server/feature-virus.pl in virtual_server
Pre-loaded virtual-server/feature-webmin.pl in virtual_server
Pre-loaded virtual-server/feature-virt.pl in virtual_server
Pre-loaded virtual-server/feature-virt6.pl in virtual_server
Pre-loaded WebminCore
[21/Jul/2012:10:52:54 -0400] miniserv.pl started
[21/Jul/2012:10:52:54 -0400] Using MD5 module Digest::MD5
[21/Jul/2012:10:52:54 -0400] PAM authentication enabled
Failed to initialize SSL connection
Failed to initialize SSL connection

Repeat access renders in dmesg:
perl[1309]: segfault at 00000000000003b1 rip 000000370b8a2cf0 rsp 00007fffb16dea18 error 4

Perl tested ok, all perl mods working ok. Apache's SSL works fine.

[Anonymous]

Sorry for not logging in, that report was mine, also I didn't have the versions:

Webmin 1.590
Virtualmin 3.93

Kernel Linux 2.6.18-308.8.1.el5 on x86_64
Perl perl-5.8.8-38.el5.x86_64

[Anonymous]

Just a note: I think that webmin and/or virtualmin may not be compatable with Linux 2.6.18-308.8.1.el5 on x86_64. I'm going to restore the later kernel but I have 8 other servers running just fine, the only thing these machines don't have in common is that kernel.

[Anonymous]

That was not the issue... We rebooted with the older kernel, no joy.

[Jamie Cameron]

Are you making use of SSL client certificates in Webmin on that system?

[Anonymous]

I think we dabbled in that a while back but it was disabled a long time ago. Plus I don't think there is a way I can get in there and change this without a SSL connection.

[Jamie Cameron]

Could you post the /etc/webmin/miniserv.conf file from your system? I'd like to see what SSL settings you have enabled ..

[Anonymous]

port=10000
host=box19.goldsboronetworks.com
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ppath=
ssl=0
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
session=1
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/box19.goldsboronetworks.com.key
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
passdelay=1
sessiononly=/virtual-server/remote.cgi
preload=virtual-server=virtual-server/virtual-server-lib-funcs.pl virtual-server=virtual-server/feature-unix.pl virtual-server=virtual-server/feature-dir.pl virtual-server=virtual-server/feature-dns.pl virtual-server=virtual-server/feature-mail.pl virtual-server=virtual-server/feature-web.pl virtual-server=virtual-server/feature-webalizer.pl virtual-server=virtual-server/feature-ssl.pl virtual-server=virtual-server/feature-logrotate.pl virtual-server=virtual-server/feature-mysql.pl virtual-server=virtual-server/feature-postgres.pl virtual-server=virtual-server/feature-ftp.pl virtual-server=virtual-server/feature-spam.pl virtual-server=virtual-server/feature-virus.pl virtual-server=virtual-server/feature-webmin.pl virtual-server=virtual-server/feature-virt.pl virtual-server=virtual-server/feature-virt6.pl
premodules=WebminCore
logouttimes=
extracas=/etc/webmin/RapidSSL.crt
ssl_redirect=0
preroot_root=virtual-server-theme
ca=/etc/webmin/acl/ca.pem
anonymous=/virtualmin-mailman/unauthenticated=anonymous /virtualmin-signup=anonymous
preroot=virtual-server-theme
mobile_preroot=virtual-server-mobile
mobile_prefixes=m. mobile.
noshowstderr=
expires_paths=
gzip=
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
server=MiniServ/1.590
pam_end=1
pam_conv=1
blockuser_time=
blocklock=
blockuser_failures=
no_pam=0
logouttime=
utmp=1
no_resolv_myname=0
sockets=
ipv6=1
precache=
certfile=/etc/webmin/box19.goldsboronetworks.com.crt

[Anonymous]

Jamie, if you need, send me a skype request michael.lee.wells and I'll give you root access to this system to check it out further.

[Anonymous]

Jamie, do keep in mind that ssl=0 is set that way just so I can login right now, generally it is set to 1 and redirect is also set to 1.

[Jamie Cameron]

Does only Chrome trigger this, or do you see it in other browsers too?

[Anonymous]

"All other browsers just won't load or throw some other "page not responding" type error."

I said really clearly the first time that other browsers say the site is non-responsive or throw an alike error.

In fact you can try it yourself https://box19.goldsboronetworks.com .

As I also stated, you are more than welcome to root / webmin access to the machine.

[Anonymous]

Nightly:

The connection was interrupted

The connection to box19.goldsboronetworks.com:10000 was interrupted while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Nightly is permitted to access the Web.

[Anonymous]

IE9:

This problem can be caused by a variety of issues, including:
•Internet connectivity has been lost.
•The website is temporarily unavailable.
•The Domain Name Server (DNS) is not reachable.
•The Domain Name Server (DNS) does not have a listing for the website's domain.
•There might be a typing error in the address.
•If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

[Anonymous]

And again, http works just fine.

[Jamie Cameron]

Remote access to the system would be really useful - you can email me directly at jcameron@webmin.com with the login details. I'd need root SSH access though.

[Jamie Cameron]

I had a look at your system, and it seems that the problem only happens when you have configured Webmin to use an intermediate SSL cert. When I disabled that, I was able to connect OK and the certificate was considered valid by my browser.

Are you sure an intermediate cert was needed in your case?

[Anonymous]

Yeah, she's working without that intermediate.

[Anonymous]

Jamie, why would this happen? Is webmin incapable of intermediate certificates?

[Jamie Cameron]

Webmin can handle intermediate certs - but in your case, the underlying OpenSSL library that Webmin calls is crashing on that cert.

Have you used the same intermediate cert with other servers like Apache? Also, is the intermediate cert required to use the domain's SSL cert?