RE: mod ssl for windows
...this _does_ work with mod_jserv, as long as it's compiled with -DEAPI. binaries are available in the modssl contributions section. rgds michael -Ursprungliche Nachricht- Von: Noah White [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 11. Juli 2002 16:40 An: '[EMAIL PROTECTED]' Betreff: RE: mod ssl for windows Just as an FYI. This does not work with mod_jserv. -Original Message- From: JOURDAIN Philippe [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 10:41 AM To: [EMAIL PROTECTED] Subject: RE: mod ssl for windows http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-Ope nSSL_0.9.6d- Wi n32.zip __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: CCT issues with netscape and mod_ssl Urgent - On our productionsystem.
Cliff, Here is what I did. Any ideas what I can do to quickly fix it? On 1.3.24 I ran make certificate TYPE=custom, and sent the csr off to esign be signed, but not this time because I wanted to keep the keys esigned keys. Not so funny thing is that it is that ALL is well when I get there on MSIE browsers. cd apache_1.3.26 cd ../../mod_ssl gunzip mod_ssl-2.8.10-1.3.26.tar.gz tar -vxf mod_ssl-2.8.10-1.3.26.tar cd mod_ssl-2.8.10-1.3.26 make clean less INSTALL # Read the INSTALL file cd ../../openssl/openssl-0.9.6b make clean # Used gcc. Gcc supports position independant code flag. ./Configure no-threads solaris-sparcv9-gcc -fPIC make make test cd ../../mm/mm-1.1.3 ./configure --disable-shared make cd ../../mod_ssl/mod_ssl-2.8.10-1.3.26 # --enable-rule=SHARED_CORE ./configure --with-apache=../../apache/apache_1.3.26 cd ../../apache/apache_1.3.26 env LIBS=/usr/lib/libC.so.5 CFLAGS=-fPIC SSL_BASE=../../openssl/openssl-0.9.6b ./configure --enable-module=ssl --enable-module=so --enable-shared=ssl --enable -module=rewrite --prefix=/opt/apache --runtimedir=/var/opt/apache --logfiledir=/ var/opt/apache make make install # ls -l ssl.crt total 548 lrwxrwxrwx 1 root root 19 Jul 1 17:16 0cf14d7d.0 - snakeoil-ca-dsa.crt lrwxrwxrwx 1 root root 6 Jul 1 17:16 27c9619a.0 - ca.crt lrwxrwxrwx 1 root root 16 Jul 1 17:16 5d8360e1.0 - snakeoil-dsa.crt lrwxrwxrwx 1 root root 16 Jul 1 17:16 82ab5372.0 - snakeoil-rsa.crt -rw-r--r-- 1 root root1522 Feb 27 16:53 Makefile -rw-r--r-- 1 root root1386 Feb 27 16:53 README.CRT lrwxrwxrwx 1 root root 10 Jul 1 17:16 c5f0b2a4.0 - server.crt -r 1 root root 242153 Feb 27 16:53 ca-bundle.crt -r 1 root root1318 Feb 27 16:54 ca.crt lrwxrwxrwx 1 root root 19 Jul 1 17:16 e52d41d0.0 - snakeoil-ca-rsa.crt -r 1 root root1874 Feb 28 12:05 server.crt -r 1 root root1874 Feb 28 09:15 server.crt.esign -r 1 root root1298 Feb 27 16:54 server.crt.orig -r 1 root root1472 Feb 27 16:54 snakeoil-ca-dsa.crt -r 1 root root1192 Feb 27 16:53 snakeoil-ca-rsa.crt -r 1 root root1452 Feb 27 16:54 snakeoil-dsa.crt -r 1 root root1176 Feb 27 16:54 snakeoil-rsa.crt Cliff Woolley wrote: On Mon, 15 Jul 2002, Christopher Welsh wrote: The certificate was issued by a certificate authority that netscape 6.2.3 does not recognize. Can anyone help? I need to resolve this quickly. I'm sure this was not happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the security alert came out. Perhaps I missed something when I performed a make install over the top of the old version. You seem to now be using an invalid (possibly self-signed?) server certificate. Did you run make certificate by chance? You shouldn't have. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Christopher Welsh Barwon Regional Water Authority, Geelong Victoria, 3216 Voice: 03 52 262385, Mobile: 0409 562968 * The information in this e-mail message and any files transmitted with it are confidential and/or privileged and are intended only for the use of the individual or entity to whom they are addressed. If you received this message in error please notify us immediately by telephone or return e-mail and delete all copies from your computer system, as your retention, distribution or copying of this message and files is strictly prohibited. It is the recipient's responsibility to check this message and files for viruses. *** __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: FreeBSD SSL_Connect drama
On Mon, Jul 15, 2002 at 10:05:33AM +0930, Glen Vallance wrote: This problem doesn't sound like it should be that uncommon, but I can't find any information on it. Once you saw the solution you will find, that the mailing list is full of problems like these. read from 0808D4C0 [080A4000] (7 bytes = 7 (0x7)) - 0d 0a 0d 0a 3c 21 44 !D SSL_connect:error in SSLv2/v3 read server hello A 36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/s rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_clnt.c:462: Something is wrong with the configuration? Yes. 0d 0a 0d 0a 3c 21 44 carriage return linefeed carriage return linefeed !D is the start of a plain HTTP answer. Your server doesn't have SSL active on port 443. Check your configuration. Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help.
Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: How to access control cgi-bin
From: liangbin li [mailto:[EMAIL PROTECTED]] I install apache httpd server with mod_ssl. I broswer a access controled html file and it calls a programm under cgi-bin directory. Is this what you want to happen? I want to know how I can set up access control with in the cgi-bin's programm? Real access control is done at the server level (HTTP protocol), i.e. a layer below the application like CGI. So you can't control HTTP authentication from CGI. You could use a CGI form to authenticate users and then serve them the CGI output (i.e. have the CGI process all data going to the user). This is a bit laborious and involves writing a mini-webserver in CGI... What's wrong with the built-in authentication scheme? Rgds, Owen Boyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Mod_SSL for Windows 2000/NT/XP
Hi all, I am a new member to this group. I have a question which was asked on 2002-06-07 by Ike Ikonne (for which I could not locate any answer in the list archives) so please forgive me for the repetition... My situation is like Ike's: I too need to install mod_ssl and Open_SSL (ie. require secure web transaction capabilities), with questions as follows: * How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to buy compiler software)? * Alternatively, is there a sitfrom which I can download precompiled versions of (or an installation Wizard for) the above? Please advise, Thanks and kind regards, Brendan Lloyd __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: FreeBSD SSL_Connect drama
Since I solved this problem for my site last night, I can give you a hint: My SSL virtual server definition contained the name of the domain in it, just like my other virtual servers. Because of some reasons I don't understand right now this seems to confuse apache. After I changed the SSL virtual server-definition to explicitly have the IP-address of the server instead of the domain/server-name it worked fine. Hope this helps, Andrew -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Glen Vallance Gesendet: Montag, 15. Juli 2002 02:36 An: [EMAIL PROTECTED] Betreff: FreeBSD SSL_Connect drama Hi, This problem doesn't sound like it should be that uncommon, but I can't find any information on it. Environment: FreeBSD 4.4, Apache 1.3.24, Mod SSL 2.8.8-1.3.24 [the right one?] Behaviour: You cannot connect to sol.gropep.com.au because of an unknown SSL error [-12281] Looking at the situation with openssl s_client I get: sol# openssl s_client -connect sol.gropep.com.au:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0808D4C0 [0809E000] (124 bytes = 124 (0x7C)) - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .zQ... . 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .f.. 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...e..d. 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`. 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ..@. 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 66 47 70 ab fGp. 0060 - 9a 01 13 69 a4 cb 78 16-98 f8 35 5e 7b 24 7a d0 ...i..x...5^{$z. 0070 - a7 fa 83 48 6a bf 36 32-a3 3e 3f 8d ...Hj.62.?. SSL_connect:SSLv2/v3 write client hello A read from 0808D4C0 [080A4000] (7 bytes = 7 (0x7)) - 0d 0a 0d 0a 3c 21 44 !D SSL_connect:error in SSLv2/v3 read server hello A 36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/s rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_clnt.c:462: Something is wrong with the configuration? Thanks, Glen _ Glen Vallance Evolved Web Solutions Pty Ltd [EMAIL PROTECTED] http://www.evolved.com.au/ Phone +61 8 8363 0616 Fax +61 8 8132 1497 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] Views expressed in this message are those of the individual sender, except where the sender specifically states otherwise. _ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RAND function using OpenSSL 0.9.7
Title: RAND function using OpenSSL 0.9.7 Hi all, I try using OpenSSL0.9.7 with a crypto accelerator and it works fine for asymetric and symetric stuff, but it fails when trying to use ENGINE random (rand engine is not used, everything is done with classic software random). Has someone solve this problem? Regards Fred
Re: RAND function using OpenSSL 0.9.7
On Mon, 15 Jul 2002, Frederic DONNAT wrote: I try using OpenSSL0.9.7 with a crypto accelerator and it works fine for asymetric and symetric stuff, but it fails when trying to use ENGINE random (rand engine is not used, everything is done with classic software random). Don't you have to compile mod_ssl with SSL_EXPERIMENTAL_ENGINE or something like that? Did you do that? Or are you even talking about mod_ssl here? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RAND function using OpenSSL 0.9.7 (A Solution)
Title: RAND function using OpenSSL 0.9.7 (A Solution) Hi All, I change a function call and it works fine now. I do not know if this is the real way to solve my problem but this provide a solution. In file pkg.modssl/ssl_engine_int.c: move ssl_init_Engine(s, p); function call before ssl_init_SSLLibrary(); function call instead of after. In fact if you want to use ENGINE default functionnalities you muste set ENGINE before everything. Regards Fred
Re: RAND function using OpenSSL 0.9.7 (A Solution)
Hi Fred, I was just starting to wonder what might be behind all this when you hit the nail on the head. On Mon, 15 Jul 2002, Frederic DONNAT wrote: I change a function call and it works fine now. I do not know if this is the real way to solve my problem but this provide a solution. In file pkg.modssl/ssl_engine_int.c: move ssl_init_Engine(s, p); function call before ssl_init_SSLLibrary(); function call instead of after. In fact if you want to use ENGINE default functionnalities you muste set ENGINE before everything. That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use pointer in openssl to a default RAND_METHOD. Do you want to post a patch to the list? I suggest diff -u, I suggest a subject starting with [PATCH], and I suggest you CC Ralf. Otherwise, things have a way of slipping through the net. (Resists temptation to harp on about the simple but important session caching bug, read potential security problem, that Ralf still hasn't incorporated despite me repeatedly harping on about it ...) Cheers, Geoff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RAND function using OpenSSL 0.9.7 (A Solution)
On Mon, 15 Jul 2002, Geoff Thorpe wrote: I change a function call and it works fine now. I do not know if this is the real way to solve my problem but this provide a solution. In file pkg.modssl/ssl_engine_int.c: move ssl_init_Engine(s, p); function call before ssl_init_SSLLibrary(); function call instead of after. In fact if you want to use ENGINE default functionnalities you muste set ENGINE before everything. That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use pointer in openssl to a default RAND_METHOD. Do you want to post a patch to the list? Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify for me that the following fixes Apache 2.0's mod_ssl, I'll commit it. --Cliff Index: ssl_engine_init.c === RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v retrieving revision 1.102 diff -u -d -r1.102 ssl_engine_init.c --- ssl_engine_init.c 8 Jul 2002 17:43:33 - 1.102 +++ ssl_engine_init.c 15 Jul 2002 20:22:13 - @@ -266,6 +266,11 @@ } +#ifdef SSL_EXPERIMENTAL_ENGINE +/* SSL external crypto device (engine) support */ +ssl_init_Engine(base_server, p); +#endif + ssl_init_SSLLibrary(base_server); #if APR_HAS_THREADS @@ -290,13 +295,6 @@ if (ssl_tmp_keys_init(base_server)) { return !OK; } - -/* - * SSL external crypto device (engine) support - */ -#ifdef SSL_EXPERIMENTAL_ENGINE -ssl_init_Engine(base_server, p); -#endif /* * initialize the mutex handling __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: compile of openssl-0.9.6d stops
Strange behavior: The error I recently reported on compiling under WIN2000 with MSVC++ diappeared on re-trying the same compile. First time through an error was reported and compilation stopped. But the same batch file ran and completed when tried a second time. This time with no errors. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
At 16:42 +1000 15/07/02, Brendan Lloyd wrote: I am a new member to this group. I have a question which was asked on 2002-06-07 by Ike Ikonne (for which I could not locate any answer in the list archives) so please forgive me for the repetition... My situation is like Ike's: I too need to install mod_ssl and Open_SSL (ie. require secure web transaction capabilities), with questions as follows: * How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to buy compiler software)? Yes you can, but you'll need to buy MS Visual C++ to compile Apache. Instructions are available at: http://httpd.apache.org/docs/windows.html http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 I guess you'll prefer to use the precompiled version avaiable below. * Alternatively, is there a sitfrom which I can download precompiled versions of (or an installation Wizard for) the above? I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip Hope this helps, GFK's -- Guillaume Filion Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/ (this will redirect) PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help.
I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
Guillaume wrote: Yes you can, but you'll need to buy MS Visual C++ to compile Apache. Instructions are available at: http://httpd.apache.org/docs/windows.html http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 I note that the modssl install instructions are out of date (as are the versions of required software referenced). For example, the CygWin version has been deprecated since about 1998! I guess you'll prefer to use the precompiled version avaiable below. Yes, absolutely! * Alternatively, is there a sitfrom which I can download precompiled versions of (or an installation Wizard for) the above? I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip Eureka! I LOVE u, Guillaume Thank you s much! Much relieved, Brendan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I am having a heck of a time - Please help.
well, the LD_LIBRARY_PATH should point to all the shared libs that you'll need. Probably /usr/lib:/lib:/usr/local/lib:/usr/local/ssl/lib is a good start -g On Mon, Jul 15, 2002 at 12:07:15PM -0700, David Loesche wrote: I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Glen S Mehn Contract Systems Administrator SquareTrade, Inc [EMAIL PROTECTED]Building Trust in Transactions (sm) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
On Tue, 16 Jul 2002, Brendan Lloyd wrote: And last but not least: can anyone clarify what the state of Apache 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that Apache 2.0 supports/includes these, but then when I went to download the Windows binary distribution it had the suffix no_ssl? Source distributions of Apache 2.0 include mod_ssl. Binary distributions are a different story, but only because of ambiguities surrounding the (IMHO silly) export restrictions of the US government. We know we're allowed to export *source* for strong encryption software... but whether we're able to legally distribute *binaries* of strong encryption software is unclear. So we don't. Of course, that's more of a burden on our Windows users than on our Unix users, since the former tend to rely on binaries and the latter tend to roll their own since they tend to have the compilation tools on hand. The solution, as has been pointed out, is that somebody outside the US contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them to www.modssl.org/contrib, which is physically located in Germany, as opposed to www.apache.org, which is physically located in the western US. Sigh. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]