[Bug 1872478] Re: Support TLSv1.3 PHA in POST requests with cert authentication
Andreas Hasenack
andreas at canonical.com
Mon Apr 13 16:39:36 UTC 2020
** Description changed:
- Apache is lacking proper support for post-handhake-auth in TLSv1.3 POST
- requests using certificate authentication.
+ [Impact]
+ Apache is lacking proper support for post-handhake-auth in TLSv1.3 POST requests using certificate authentication. This is used by freeipa, but any client doing a TLSv1.3 POST with certificate authentication is impacted and would need to downgrade the protocol to TLSv1.2.
This was fixed in debian[1] via patches from upstream[2]. There is an
upstream bug report[3] requesting the backport of these patches from
trunk.
- Test case:
+ It's also being shipped in Fedora[4] already.
+
+
+ [Test Case]
$ lxc launch ubuntu-daily:focal ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this other bug report and place them in /etc/apache2:
cd /etc/apache2
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
These certs are luckily still valid until june 2020, so they can be used
for this bug as well.
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <<EOF
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
LogLevel info ssl:warn
ServerAdmin webmaster at localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x" combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Location />
SSLRenegBufferSize 1024
SSLVerifyClient require
Require ssl-verify-client
</Location>
</VirtualHost>
</IfModule>
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
Verify that cert authentication is required:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --tlsv1.3 -f -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
Verify that a GET request with the client certificate works:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10918 100 10918 0 0 969k 0 --:--:-- --:--:-- --:--:-- 969k
Verify that POST request with the client certificate fails:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 142 0 0 100 142 0 12909 --:--:-- --:--:-- --:--:-- 14200
curl: (22) The requested URL returned error: 403 Forbidden
Server logs for the above:
==> /var/log/apache2/error.log <==
[Mon Apr 13 14:49:03.357183 2020] [ssl:error] [pid 12248:tid 139782462109440] [client 10.0.100.38:41002] AH02263: Re-negotiation handshake failed: Client certificate missing
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:49:03 +0000] "POST / HTTP/1.1" 403 3798 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-
With the fixed packages, the POST request works:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11060 100 10918 100 142 101k 1352 --:--:-- --:--:-- --:--:-- 102k
And the server log confirms it was a POST request, using certificates, and TLSv1.3:
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:52:26 +0000] "POST / HTTP/1.1" 200 17118 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=client-auth
To test the error message changed by tlsv13-add-logno.diff, submit a slightly bigger POST request:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:" -F file=@/bin/ls
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 139k 0 0 100 139k 0 27.1M --:--:-- --:--:-- --:--:-- 27.1M
curl: (22) The requested URL returned error: 413 Request Entity Too Large
And in the server log:
==> /var/log/apache2/error.log <==
[Mon Apr 13 15:00:37.446562 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH02018: request body exceeds maximum size (1024) for SSL buffer
[Mon Apr 13 15:00:37.446620 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH10228: could not buffer message body to allow TLS Post-Handshake Authentication to proceed
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:15:00:37 +0000] "POST / HTTP/1.1" 413 3721 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-
+
+ [Regression Potential]
+
+ [Other Info]
+
1. https://bugs.debian.org/955348
2. https://svn.apache.org/viewvc?view=revision&revision=1870095 and https://svn.apache.org/viewvc?view=revision&revision=1870097
3. https://bz.apache.org/bugzilla/show_bug.cgi?id=64242
+ 4. https://bugzilla.redhat.com/show_bug.cgi?id=1775146
** Description changed:
[Impact]
Apache is lacking proper support for post-handhake-auth in TLSv1.3 POST requests using certificate authentication. This is used by freeipa, but any client doing a TLSv1.3 POST with certificate authentication is impacted and would need to downgrade the protocol to TLSv1.2.
This was fixed in debian[1] via patches from upstream[2]. There is an
upstream bug report[3] requesting the backport of these patches from
trunk.
It's also being shipped in Fedora[4] already.
-
[Test Case]
$ lxc launch ubuntu-daily:focal ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this other bug report and place them in /etc/apache2:
cd /etc/apache2
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
These certs are luckily still valid until june 2020, so they can be used
for this bug as well.
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <<EOF
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
LogLevel info ssl:warn
ServerAdmin webmaster at localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x" combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Location />
SSLRenegBufferSize 1024
SSLVerifyClient require
Require ssl-verify-client
</Location>
</VirtualHost>
</IfModule>
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
Verify that cert authentication is required:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --tlsv1.3 -f -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
Verify that a GET request with the client certificate works:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10918 100 10918 0 0 969k 0 --:--:-- --:--:-- --:--:-- 969k
Verify that POST request with the client certificate fails:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 142 0 0 100 142 0 12909 --:--:-- --:--:-- --:--:-- 14200
curl: (22) The requested URL returned error: 403 Forbidden
Server logs for the above:
==> /var/log/apache2/error.log <==
[Mon Apr 13 14:49:03.357183 2020] [ssl:error] [pid 12248:tid 139782462109440] [client 10.0.100.38:41002] AH02263: Re-negotiation handshake failed: Client certificate missing
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:49:03 +0000] "POST / HTTP/1.1" 403 3798 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-
With the fixed packages, the POST request works:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11060 100 10918 100 142 101k 1352 --:--:-- --:--:-- --:--:-- 102k
And the server log confirms it was a POST request, using certificates, and TLSv1.3:
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:52:26 +0000] "POST / HTTP/1.1" 200 17118 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=client-auth
To test the error message changed by tlsv13-add-logno.diff, submit a slightly bigger POST request:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:" -F file=@/bin/ls
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 139k 0 0 100 139k 0 27.1M --:--:-- --:--:-- --:--:-- 27.1M
curl: (22) The requested URL returned error: 413 Request Entity Too Large
And in the server log:
==> /var/log/apache2/error.log <==
[Mon Apr 13 15:00:37.446562 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH02018: request body exceeds maximum size (1024) for SSL buffer
[Mon Apr 13 15:00:37.446620 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH10228: could not buffer message body to allow TLS Post-Handshake Authentication to proceed
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:15:00:37 +0000] "POST / HTTP/1.1" 413 3721 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-
-
- [Regression Potential]
+ [Regression Potential]
+ TLSv1.3 has introduced changes that generated bugs in the past. The PHA change in particular is still to this day impacting many clients. Clients who claim to support TLSv1.3, negotiate this version of the protocol, but don't implement it fully and lack PHA.
+ Regressions can happen, but we should be able to back this change out in that case. It also gives some comfort knowing that this change is already applied upstream (but not backported to 2.4), and in other distributions (debian and fedora). It's also good that we have a simple test case.
[Other Info]
+ If this can't make it into focal prior to release, it can become an SRU, but the versioning might have to be changed then (i.e., become 2.4.41-4ubuntu2.1 instead of 2.4.41-4ubuntu3).
1. https://bugs.debian.org/955348
2. https://svn.apache.org/viewvc?view=revision&revision=1870095 and https://svn.apache.org/viewvc?view=revision&revision=1870097
3. https://bz.apache.org/bugzilla/show_bug.cgi?id=64242
4. https://bugzilla.redhat.com/show_bug.cgi?id=1775146
** Description changed:
[Impact]
Apache is lacking proper support for post-handhake-auth in TLSv1.3 POST requests using certificate authentication. This is used by freeipa, but any client doing a TLSv1.3 POST with certificate authentication is impacted and would need to downgrade the protocol to TLSv1.2.
This was fixed in debian[1] via patches from upstream[2]. There is an
upstream bug report[3] requesting the backport of these patches from
trunk.
It's also being shipped in Fedora[4] already.
[Test Case]
$ lxc launch ubuntu-daily:focal ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this other bug report and place them in /etc/apache2:
cd /etc/apache2
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
These certs are luckily still valid until june 2020, so they can be used
for this bug as well.
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <<EOF
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
LogLevel info ssl:warn
ServerAdmin webmaster at localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x" combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Location />
SSLRenegBufferSize 1024
SSLVerifyClient require
Require ssl-verify-client
</Location>
</VirtualHost>
</IfModule>
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
Verify that cert authentication is required:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --tlsv1.3 -f -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
Verify that a GET request with the client certificate works:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10918 100 10918 0 0 969k 0 --:--:-- --:--:-- --:--:-- 969k
Verify that POST request with the client certificate fails:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 142 0 0 100 142 0 12909 --:--:-- --:--:-- --:--:-- 14200
curl: (22) The requested URL returned error: 403 Forbidden
Server logs for the above:
==> /var/log/apache2/error.log <==
[Mon Apr 13 14:49:03.357183 2020] [ssl:error] [pid 12248:tid 139782462109440] [client 10.0.100.38:41002] AH02263: Re-negotiation handshake failed: Client certificate missing
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:49:03 +0000] "POST / HTTP/1.1" 403 3798 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-
With the fixed packages, the POST request works:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11060 100 10918 100 142 101k 1352 --:--:-- --:--:-- --:--:-- 102k
And the server log confirms it was a POST request, using certificates, and TLSv1.3:
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:52:26 +0000] "POST / HTTP/1.1" 200 17118 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=client-auth
To test the error message changed by tlsv13-add-logno.diff, submit a slightly bigger POST request:
root at ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:" -F file=@/bin/ls
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 139k 0 0 100 139k 0 27.1M --:--:-- --:--:-- --:--:-- 27.1M
curl: (22) The requested URL returned error: 413 Request Entity Too Large
And in the server log:
==> /var/log/apache2/error.log <==
[Mon Apr 13 15:00:37.446562 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH02018: request body exceeds maximum size (1024) for SSL buffer
[Mon Apr 13 15:00:37.446620 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH10228: could not buffer message body to allow TLS Post-Handshake Authentication to proceed
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:15:00:37 +0000] "POST / HTTP/1.1" 413 3721 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-
[Regression Potential]
TLSv1.3 has introduced changes that generated bugs in the past. The PHA change in particular is still to this day impacting many clients. Clients who claim to support TLSv1.3, negotiate this version of the protocol, but don't implement it fully and lack PHA.
Regressions can happen, but we should be able to back this change out in that case. It also gives some comfort knowing that this change is already applied upstream (but not backported to 2.4), and in other distributions (debian and fedora). It's also good that we have a simple test case.
[Other Info]
If this can't make it into focal prior to release, it can become an SRU, but the versioning might have to be changed then (i.e., become 2.4.41-4ubuntu2.1 instead of 2.4.41-4ubuntu3).
- 1. https://bugs.debian.org/955348
+ 1. https://bugs.debian.org/955348 and https://salsa.debian.org/apache-team/apache2/-/commit/86b49fbd189484353d8462f2eb694cd6c9a53342
2. https://svn.apache.org/viewvc?view=revision&revision=1870095 and https://svn.apache.org/viewvc?view=revision&revision=1870097
3. https://bz.apache.org/bugzilla/show_bug.cgi?id=64242
4. https://bugzilla.redhat.com/show_bug.cgi?id=1775146
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1872478
Title:
Support TLSv1.3 PHA in POST requests with cert authentication
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1872478/+subscriptions
More information about the Ubuntu-server-bugs
mailing list