Chinese characters in installation path on Windows

Started by proxyman, February 14, 2022, 11:21:39 PM

Previous topic - Next topic

proxyman

Hello,

I've deployed Apache2.4.52 to my server on a Chinese OS. If the installation path contains non-ASCII characters, I get an error at startup for SSL Certificate fopen operations:

Some details:
OS: Windows 10 64-bit, Chinese locale (or Japanese/Portuguese/English)
Location to which the files are copied to: User-specified folder. If a user specified folder contains non-ASCII characters, Apache fails to start up.
Reason of failure: fopen() used instead of the wide-char variant (_wfopen)

During SSL initialization - there's an error - Unable to configure verify locations for client authentication
The SSL certs and private key are in a folder whose folder-name contains Chinese/non-ASCII characters.
Library error: error:02FFF02A:system library:func(4095):Illegal byte sequence (fopen('C:/\xe5\xa4\xa7\xe5...(localized path with Chinese characters)'))

Is there a way to modify the library to read non-ASCII paths? I haven't tried with 8.3 filenames (AbsoluteShortFileName), but I would like to avoid it as you can turn off 8.3 names in NTFS. I'm using Apache as a reverse proxy, and I need to use it on Japanese, Portuguese and Chinese locales where I don't have control over the path to which Apache gets deployed. Is there a way to handle this problem?

Thank you.
PM

mario

I have a German Windows 10.

I tried a folder with the name 中國人

http://localhost/%e4%b8%ad%e5%9c%8b%e4%ba%ba/info.php

That works.

Isn't fopen from PHP?

From document root, I can open the file in that folder


<?php
$file 
file_get_contents("中國人/info.php");
print_r($file);

proxyman

#2
Thank you, Mario. Let me provide some more context.

1. Apache2.4 is deployed to C:/中國人/Apache24 folder
2. Define SRVROOT "C:/中國人/Apache24"
3. I've configured SSL from folder:
    C:/中國人/Apache24/conf/ssl:
    SSLCertificateFile conf/ssl/server.crt
    SSLCertificateKeyFile conf/ssl/server.key
    SSLCACertificateFile conf/ssl/rootCA.crt

Apache service startup fails with an error logged in the error.log file:
Starting the 'Apache2.4' service
The 'Apache2.4' service is running.
sl:emerg] [pid 11580:tid 604] AH01895: Unable to configure verify locations for client authentication
[Wed Feb 16 00:59:49.965963 2022] [ssl:emerg] [pid 11580:tid 604] SSL Library Error: error:02FFF002:system library:func(4095):No such file or directory (fopen('C:/\xe4\xb8\xad\xe5\x9c\x8b\xe4\xba\xba/Apache24/conf/ssl/rootCA.crt', 'r'))
[Wed Feb 16 00:59:49.965963 2022] [ssl:emerg] [pid 11580:tid 604] SSL Library Error: error:20FFF080:BIO routines:CRYPTO_internal:no such file
[Wed Feb 16 00:59:49.965963 2022] [ssl:emerg] [pid 11580:tid 604] SSL Library Error: error:0BFFF002:x509 certificate routines:CRYPTO_internal:system lib
[Wed Feb 16 00:59:49.965963 2022] [ssl:emerg] [pid 11580:tid 604] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

I've verified that the files actually exist at the configured locations. Apache service runs under the Local System account, and the certificate, key and Root CA certificate are all having RWX permissions for the SYSTEM account - as are the parent folders. If I replace the non-ASCII folder name with, e.g. C:/Chinese/Apache24/conf/ssl - everything works fine.

I'm not using any PHP here - I'm not hosting anything on the server itself - it's a simple reverse proxy, and the error is observed even if I disable the VirtualHost ProxyPass mapping for my routes.

Thanks for your help and patience.
PM



mario

I did not start the path with 中國人
However, it works with 中國人 in the path


<VirtualHost *:443>
ServerName exmaple.com

DirectoryIndex index.php

<IfModule fcgid_module>
FcgidInitialEnv PHPRC "${PHP74RC}"
FcgidInitialEnv PATH "${PHP74RC};C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;"
FcgidInitialEnv SystemRoot "C:\\Windows"
FcgidInitialEnv SystemDrive "C:"
FcgidInitialEnv TEMP "C:\\WINDOWS\\TEMP"
FcgidInitialEnv TMP "C:\\WINDOWS\\TEMP"
FcgidInitialEnv windir "C:\\WINDOWS"
FcgidPassHeader Authorization
<Files ~ "\.php$">
Options Indexes FollowSymLinks ExecCGI
AddHandler fcgid-script .php
FcgidWrapper "C:/php74/php-cgi.exe" .php
</Files>
</IfModule>

CustomLog "C:\nul" common

SetEnv APPLICATION_ENV development
DocumentRoot "${WORKROOT}website"
<Directory "${WORKROOT}website">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA]
</Directory>

SSLEngine on
SSLCertificateFile conf/中國人/fullchain.pem
SSLCertificateKeyFile conf/中國人/privkey.pem

<Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
SSLOptions +StdEnvVars
</Files>
</VirtualHost>


proxyman

I tried your suggestion. I checked and I'm using the LibreSSL package of Apache 2.4.52 (httpd-2.4.52-lre342-x64-vs16.zip). Could that be the difference? I tried putting the localized directory after /conf, but even that did not make a difference.

<VirtualHost *:443>
DirectoryIndex index.php

SetEnv APPLICATION_ENV development

SSLEngine on
        #Combined Cert + RootCA
SSLCertificateFile "C:/中國人/Apache24/conf/ssl/server.crt"
SSLCertificateKeyFile "C:/中國人/Apache24/conf/ssl/server.key"

<Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
SSLOptions +StdEnvVars
</Files>
</VirtualHost>


Still getting this error:
Starting the 'Apache2.4' service
The 'Apache2.4' service is running.
sl:emerg] [pid 62152:tid 612] AH02562: Failed to configure certificate localhost:443:0 (with chain), check C:/\xe4\xb8\xad\xe5\x9c\x8b\xe4\xba\xba/Apache24/conf/ssl/server.crt
[Wed Feb 16 01:49:34.196581 2022] [ssl:emerg] [pid 62152:tid 612] SSL Library Error: error:02FFF002:system library:func(4095):No such file or directory (fopen('C:/\xe4\xb8\xad\xe5\x9c\x8b\xe4\xba\xba/Apache24/conf/ssl/server.crt', 'r'))
[Wed Feb 16 01:49:34.196581 2022] [ssl:emerg] [pid 62152:tid 612] SSL Library Error: error:20FFF002:BIO routines:CRYPTO_internal:system lib
[Wed Feb 16 01:49:34.207538 2022] [ssl:emerg] [pid 62152:tid 612] SSL Library Error: error:14FFF002:SSL routines:(UNKNOWN)SSL_internal:system lib
AH00016: Configuration Failed

Thank you for all your help!
Regards,
PM

proxyman

That's it - the LibreSSL version of Apache's 2.4.52 package cannot handle localized folders in the path for SSL Configuration (SSLCertificateFile, SSLCertificateKeyFile). With the OpenSSL version, the same configuration works:

Starting the 'Apache2.4' service
The 'Apache2.4' service is running.
pm_winnt:notice] [pid 54060:tid 628] AH00455: Apache/2.4.52 (Win64) OpenSSL/1.1.1m configured -- resuming normal operations
[Wed Feb 16 02:14:18.548683 2022] [mpm_winnt:notice] [pid 54060:tid 628] AH00456: Server built: Dec 17 2021 15:13:12
...
Normal startup

Would this be a defect or as designed for the LibreSSL version? For already deployed servers, what would my best course of action be?
Thank you for your quick replies and tests, Mario. I'm grateful for your help.

Regards,
PM

mario



mario

Thank you for the feedback that it is LibreSSL that fails.