Re: Re:

2005-09-29 Thread Bob McKay 

Dear Cliff,
Thanks for your help.
On 26/09/2005, at 21:22, Cliff Woolley wrote:

It really does sound like there's something else listening on port  
443:




Starting httpd: (98)Address already in use: make_sock: could not
bind to address my IP address:443
no listening sockets available, shutting down



That's usually what this message means.  You said:



Oh, and there isn't anything else listening to port 443:
/sbin/fuser -4 -n udp 443
gives a null result.



... except that it's tcp, not udp, that we care about here.


Apologies; tcp gives a null result also. I'm pretty sure nothing but  
httpd is

listening there.



As for your httpd.conf, it looks sort of close, although the
VirtualHost my ip address:443 block needs to have the SSL
certificate and key configuration directives as well as some other
stuff (see the example httpd.conf that comes with mod_ssl), and the
VirtualHost *:80 block should NOT contain SSLEngine on.


The SSLEngine on in VirtualHost *:80 was an error on my part, in  
tidying up the sample I accidentally

pasted a duplicate in the wrong place - it's _not_ in the httpd.conf

However the key information really is missing. So it looks like this  
may be a
problem in the fedora httpd configuration tool, because the key  
information definitely is
there in the virtual host configuration in the gui, it's just not  
getting saved for some reason.
Probably, I have a syntax error somewhere (but even so, the tool  
shouldn't fail it silently).
I think this takes it out of modssl, so my next step will be to check  
the fedora mailing lists,
and report it as a bug if it hasn't been already. Then I guess I'll  
have to take the plunge,

and edit the httpd.conf manually.


Hope this helps,
--Cliff
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]




***
Bob McKay
521-302, School of Computer Science  Engineering,
College of Engineering, Seoul National University, San 56-1,
Sinlim-dong, Gwanak-gu, Seoul 151-744, Korea

Tel:  +82 2 880 9392
email: [EMAIL PROTECTED]
web:   http://sc.snu.ac.kr




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Re:

2005-09-29 Thread Cliff Woolley 
  Starting httpd: (98)Address already in use: make_sock: could not
  bind to address my IP address:443
  no listening sockets available, shutting down
 However the key information really is missing. So it looks like this
 may be a problem in the fedora httpd configuration tool, because the key
 information definitely is
 there in the virtual host configuration in the gui, it's just not
 getting saved for some reason.

Okay... although I don't think we've yet found a good explanation for
why you're getting the message you're getting.  Perhaps duplicate
Listen statements?
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

engine format keys

2005-09-29 Thread Kent Yoder 
Hi,

  I've been looking into enabling apache+mod_ssl to use hardware keys
encrypted by a TPM.  I have openssl's s_server test working using an
openssl TPM engine [1] and trousers [2].  It looks like the key to
getting this working in apache is support for engine format keys in
mod_ssl.  Is there any interest in enabling engine format keys in
mod_ssl, or, is there another path to accomplish what I'm trying to
do?

Thanks,
Kent

[1] 
http://cvs.sourceforge.net/viewcvs.py/trousers/applications/openssl_tpm_engine/
[2] http://trousers.sf.net
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]