Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2014-11-29 08:39:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2 (Old) and /work/SRC/openSUSE:Factory/.apache2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2" Changes: -------- --- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2014-11-13 09:21:37.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2014-11-29 08:39:29.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Nov 27 13:38:25 UTC 2014 - [email protected] + +- small improvement of ssl instructions [bnc#891813] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gensslcert ++++++ --- /var/tmp/diff_new_pack.voBbrl/_old 2014-11-29 08:39:32.000000000 +0100 +++ /var/tmp/diff_new_pack.voBbrl/_new 2014-11-29 08:39:32.000000000 +0100 @@ -182,14 +182,14 @@ modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` if [ ".$modcrt" != ".$modkey" ]; then - error "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2 + error "gensslcert:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2 myexit $LINENO $? fi echo;myecho Verify: matching certificate signature $openssl verify -CAfile $sslcrtdir/${name}ca.crt $sslcrtdir/${name}server.crt || myexit $LINENO $? if [ $? -ne 0 ]; then - error "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2 + error "gensslcert:Error: Failed to verify signature on resulting X.509 certificate" 1>&2 myexit $LINENO $? fi ++++++ sysconfig.apache2 ++++++ --- /var/tmp/diff_new_pack.voBbrl/_old 2014-11-29 08:39:32.000000000 +0100 +++ /var/tmp/diff_new_pack.voBbrl/_new 2014-11-29 08:39:32.000000000 +0100 @@ -51,16 +51,22 @@ # * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax. # You may also name an absolute path if you like. # -# * NOTE ON SSL: before you can use mod_ssl, you need a server certificate. -# A test certificate can be created by (as root): -# cd /usr/share/doc/packages/apache2; /bin/sh ./mkcert.sh make --no-print-directory /usr/bin/openssl /usr/sbin/ test -# Please feel free to have a look at the mkcert.sh script to see how certificates can be created. -# Also, you need to set the ServerName inside the <VirtualHost _default_:443> -# block to the fully qualified domain name (see /etc/HOSTNAME). -# * if your server certificate is protected by a passphrase you should increase the -# APACHE_START_TIMEOUT (see above) -# * to finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS -# below. +# * NOTES ON SSL: +# 1. Before you can use mod_ssl, you need a server certificate. +# A test certificate can be created by entering e. g. +# +# $ gensslcert -n a.com -C a.com -e [email protected] +# +# See gensslcert -h for or gensslcert script itself for details. +# 2. Also, you need to set the ServerName inside the <VirtualHost _default_:443> +# block to the fully qualified domain name (see /etc/HOSTNAME). +# 3. If your server certificate is protected by a passphrase you should increase the +# APACHE_START_TIMEOUT (see above) +# 4. Consider to load also socache_shmcb module, see +# http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache +# for details. +# 5. To finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS +# below. # # * modules listed here will be ignored if they are not installed # -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
