[BUG] Server send wrong Certificate 1.4.11

#1
Hi,

I have a problem with the certificates for ssl with openlitespeed 1.4.11. They work except my last virtualhost.

I have korinar.com, www.korinar.com to a "korinar" virtualhost and it return the proper certificate. -ok-
I have somestatistic_subdomain.korinar.com to a "stat" virtualhost and it return the proper certificate. -ok-
I have minecraftmap.korinar.com to a "minecraftmap" vhost and it return the cert for korinar.com/www.korinar.com. -fail-

I did about two week ago get the same problem. The domain was a different domain (not korinar.com) and the server was returning the korinar.com/www.korinar.com certificate. At that time I did put a * in the host list for the korinar.com vhost so people without SNI could still get the proper certificate and removing that * fixed that issue. But still putting the * should not have affected it and other domain was working fine even if korinar.com vhost did have an *.

I don't know how to fix the current one as it have no wildcard and the proper certificate are set in the minecraftmap.korinar.com vhost and I confirmed with openssl that it was indeed the correct certificate file.
 
#2
I got it fixed but I might found others bugs.

I got in the log.
- another domain invalid document root : /usr/local/lsws/site/otherdomain/site/site
- some error about bad config in minecraftmap

my minecraftmap.korinar.com setting :
Virtual Host Root : $SERVER_ROOT/site/minecraftmap
Document Root : $DOC_ROOT/site (That was my mistake)

I changed the setting for full patch (I should have put $VH_ROOT) and it fixed it and the error for the other domain invalid document root is gone too. So somehow it referenced the error on another domain vhost on the log even if it was minecraftmap vhost the problem. And even with the other domain vhost invalid document root, that other domain was working fine.
 
#3
OK, I was able to get the bug again and here the proper description if a real bug:

The DOC_ROOT variable is not reinitialised when it load the vhost so if you put $DOC_ROOT in a vhost document_root (it should not be), it actually the path of the previous vhost in the vhost list that get loaded and the logger give the error about the other domain document root patch. $DOC_ROOT and other VH_ROOT and should be reinitialised when it switch to another vhost, I think.
 

lsfoo

Administrator
#4
Hi Destroyfx,

If I understood you correctly, your bug was that having this config here:
Document Root : $DOC_ROOT/site
caused the Doc Root of a virtual host to be set to the previous vhost's document root, correct?

I was able to reproduce that bug, and the patch at the bottom should set the document root to the VH_ROOT before the DOC_ROOT is set, to prevent this issue from occurring again.

If that was not the exact issue, please let us know, and we will investigate further.

Thank you for the bug report,
Kevin

Code:
diff --git src/http/httpvhost.cpp src/http/httpvhost.cpp
index f724c21..ccac70d 100644
--- src/http/httpvhost.cpp
+++ src/http/httpvhost.cpp
@@ -2450,6 +2450,8 @@ HttpVHost *HttpVHost::configVHost(XmlNode *pNode)
                 "vhost root") != 0)
             break;
+        ConfigCtx::getCurConfigCtx()->setDocRoot(ConfigCtx::getCurConfigCtx()->getVhRoot());
+
         const char *pConfFile = pNode->getChildValue("configFile");
         if (pConfFile != NULL)
 
Top