On Mon, Mar 29, 1999, Hans Lohmander wrote:
"Ralf S. Engelschall" wrote:
Netscape 4.5 Mac, PPC international . Failed
[EMAIL PROTECTED]
``I tested the below and got "bad data from the server"
http was fine but https was not.''
--- deleted
config I think it's best and safe to
use ".*MSIE.*"...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
``SetEnvIf
User-Agent ".*MSIE.*" nokeepalive'' and disabled the ssl-unclean-shutdown
SetEnvIf. Try it out when you want and give us feedback.
Ralf S. Engelschall
[EMAIL
together with a
high-performance shared memory based session cache (is already implemented and
works fine, but needs some more cleanups and testing).
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
patibility reasons. But the results are the same, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
, then Apache cannot serve it. It doesn't cache pages - neither under
HTTP nor HTTPS. So when you still get the data that's either a browser or
proxy configuration issue.
Ralf S. Engelschall
[EMAIL PROTECTED
On Mon, Mar 29, 1999, [EMAIL PROTECTED] wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] writes:
Another update is available before new features will be introduced (in 2.2.8):
mod_ssl 2.2.7 for Apache 1.3.6. This version mainly contains support for the
MSIE client
he core dumps
occurs not inside mod_ssl. It occurs after OpenSSL's BIO_free() inside your
libc...
Ralf S. Engelschall
[EMAIL PROTECTED]
-hash" command manually until I add support for this to
the ssl.crt/Makefile).
Feedback is welcome!
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index:
either SSL is totally disabled or at least your
Listen and VirtualHost sections to not match. I guess even that your Listen
directives are not activated. The best you can do is to start with the
provided httpd.conf-dist file and first make sure it works with this one.
. Check
the server configuration and there for Options +ExecCGI, Limit, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
have some problems. I also have no problem with just mod_ssl apaci-style.
In what order do I do stuff?
This ought to be a FAQ and be answered somewhere.
Yes, that's why it's best to directly add it to the INSTALL file, IMO.
Ralf S. Engelschall
irtualHost. Because
this way your main server config isn't inherited by the VirtualHost, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
files.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
A new stable mod_ssl is available: 2.0.11 for Apache 1.3.2.
As always the CHANGES entry is appended below for quick overview.
Ralf S. Engelschall
[EMAIL PROTECTED
it to the FreeBSD CVS repository. So be patient,
please. When freefall.freebsd.org is repaired you can get the pleasure of your
SSL-aware Apache 1.3.2.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
On Wed, Sep 23, 1998, Ralf S. Engelschall wrote:
[...]
...I currently cannot commit it to the FreeBSD CVS repository. So be patient,
please. When freefall.freebsd.org is repaired you can get the pleasure of your
SSL-aware Apache 1.3.2.
It's now comitted.
Feel free to sync with the FreeBSD
use it,
too. So I think its a local problem for you. Perhaps a platform problem of
rsync. What platform are you using?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
for mod_ssl 2.0.12.
Thanks for the feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
On Thu, Sep 24, 1998, Magnus Bodin wrote:
At 10:58 1998-09-24 +0200, Ralf S. Engelschall wrote:
In article you wrote:
[...]
--activate-module=src/modules/perl
In my case it was
--activate-module=src/modules/perl/libperl.a
and compilation was succesful
problem than mod_ssl
because mod_perl complained "Sorry, need 1.3.0+ for USE_APACI"... Anyway,
it seems to work fine now.
I didn't seen these problems with mod_perl 1.15_01, so I assume
Doug fixed them between 1.15 and 1.15_01...
Ralf S. E
for it to no avail.
I'm a semi-newbie at this, so any help would be greatly appreciated!
Thanks! 8-)
Are you really sure you performed this step:
$ mv rsaref.a librsaref.a
??
Ralf S. Engelschall
[EMAIL PROTECTED
stay under exactly
`pwd`/../rsaref-2.0/local/
Go to the SSLeay directory and try
$ ls -l `pwd`/../rsaref-2.0/local/librsaref.a
When it complains the path is different, when it
works I've currently no clue what's going wrong for you...
Ralf S. Engelschall
are also attending ApacheCon and wanted to meet me, now actually can meet me.
Details follow later when I know more.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
for instance tunnel RSync this way.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
yourself is to look at the provided
httpd.conf-dist file and start from there or at least adjust your existing
config with this file in mind.
Ralf S. Engelschall
[EMAIL PROTECTED
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw
. Sorry, this was
my fault.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay
Another version from the stable branch is available. It provides you with
support for Apache 1.3.3, X.509 v3 certificates under "make certificate" and
again cleanups and bugfixes for the session cache.
Greetings,
Ralf S. E
files)
to the mod_ssl Contrib area. FreeBSD users who want to use this port to easily
install Apache 1.3.3 + mod_ssl 2.0.13 can fetch it from there.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw
RLF vs. LF. But this is
documented in the INSTALL.W32 file, isn't it? But be careful: Only the 2.1b
versions are ported to Win32. The stable 2.0 branch is _NOT_ ported to the
Win32 environment.
Ralf S. Engelschall
[EMAIL
need a little
bit more time to overcome the large amount of messages inside my mail folders
and mailing list folders... ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ying thing is it works fine on my Linux Slackware 3.5
machine at home!
Are you really sure? I think you have SSLCertificateKeyFile at home...
Ralf S. Engelschall
is not actually
important) mod_ssl wouldn't exist...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
out (from the error message of gcc!) which include files includes
it. And then try to find out why it includes it. And when it really has to
include it, check your installation and the reason why it doesn't exists.
Ralf S. Engelschall
more, it just requests the certificate and waits
until it arrives. Have you at least tried different Communicator versions?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
communication, just the
establishment of the connection. But why MSIE switches to non-secure mode you
have to find out by inspecting your HTML pages and the contained hyperlinks...
Ralf S. Engelschall
[EMAIL PROTECTED
;-) will be happen the next weeks. More details are coming when I'm
allowed to say more...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
I'm using the
Snake Oil
Certificate on the server and a Thawte Freemail Certificate on the
client. My
Client is Netscape Communicator 4.5. Any Ideas, anyone?
[...]
Have you tried "SSLVerifyDepth 2" or higher?
Ralf S. Engelschall
In article you wrote:
Speaking of which,
here is a little patch I've been wanting to send for a few days:
[...]
Now comitted for mod_ssl 2.1b7.
Thanks for your feedback.
Ralf S. Engelschall
[EMAIL PROTECTED
On Thu, Oct 22, 1998, Tony Earnshaw wrote:
"Ralf S. Engelschall" wrote:
Fine.
Ralph, perhaps it's time to tell your mailer that you're back from
Apachecon?
Ops, right. I'm still fighting the huge amount of traffic which my mail
folders assembled the last week that I tota
it:
Look on http://www.engelschall.com/sw/mod_ssl/contrib/ for file ssleay090b.zip
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ldcard CNs.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com
it's different objects, but try it nevertheless". I
recommend you to first try the easiest way: Use --disable-rule=IRIXN32. Then
I would try to add -n32 for SSLeay and only at last I would try a linker
option.
should at least add a hint to it that it's _really_ just a
quick illustration and that the user should read the INSTALL file when he
wants to setup the stuff correctly.
Ralf S. Engelschall
ache detaches itself
implicitly. So there is no need for "httpd ", neither with nor without
mod_ssl ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
On Sat, Oct 24, 1998, Ralf S. Engelschall wrote:
Just for your information and to share my great happyness ;-) :
Dynamic Shared Object (DSO) support for mod_ssl is now possible!
Yeah, I know, it was declared as impossible even by me in the past but now
it's actually implemented
On Sat, Oct 24, 1998, Simon Kenyon wrote:
On 24-Oct-98 Ralf S. Engelschall wrote:
Oh sorry, I at least should say what the main key to DSO support for mod_ssl
was: Instead of patching in SSL-things into the Apache core now a totally
generic API extension is patched in (the apache.patch
Apache and my Linux
box for this, so any pointers appreciated.
For Apache read http://www.apache.org/docs/vhosts/.
For setting up the IP aliases on the network interfaces,
perhaps read the appended text from the BeroFTPD distribution.
Ralf S. Engelschall
'll change my
scripts. Thanks for the reminder.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
..
Please complete this stuff once, so I can add it to the FAQ for the future to
avoid again and again finding answers to the same questions. Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED
On Thu, Oct 29, 1998, Jake Buchholz wrote:
On Thu, Oct 29, 1998 at 06:57:09PM +0100, Ralf S. Engelschall wrote:
We already discussed this stuff recently (look inside the sw-mod-ssl archives
for the details please). So it would be nice when one of the US citizens on
this list who know
mean exactly
this? Then it should unpack into the current working directory because this is
maximum portable, IMHO.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1b7 (09-Oct-1998 to 30-Oct-1998)
*) Fixed DBM access stuff: An invalid argument was given by the
NDBM emulation layer of DB
, because it prevents the system from being
dropped down (kind of DoS) by a local attacker
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
On Fri, Oct 30, 1998, Ben Laurie wrote:
Ralf S. Engelschall wrote:
And now I ask me why _isn't_ this better? I don't understand it, Ben. IMHO
this non-assertion way _is_ better, because it prevents the system from being
dropped down (kind of DoS) by a local attacker
I'm happy
On Sat, Oct 31, 1998, Ben Laurie wrote:
Ralf S. Engelschall wrote:
H??? Do you mean it cannot occur in practice? Or do I misunderstand you
here. As I said: We not even need an attacker: When an I/O read error occurs
for gcache it already falls down. So the DoS attacker is just
have to eliminate all assertions, of course. Some of them
can be ok. But the I/O related ones should be replaced by different error
checking code...
Ralf S. Engelschall
[EMAIL PROTECTED
).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
we could check the pathlen of X.509 V3 certs. Opinions and ideas how we
should allow this to be configured (directives, arguments, etc.)?
Votes for the "=" to "" change and to document the depth calculation this
way?
it should be to be
acceptable for the users. Then it's better at least to disable it all the time
and declare it as an experimental feature. I personally think the default
functionality should be already as secure and robust that users don't have
problems with it, shouldn't it?
On Sun, Nov 01, 1998, Michael Kunze wrote:
Ralf S. Engelschall wrote:
As a result I never succeeded in making an SSL connection using client
certificate with MSIE.
Just to inform you that your request is not ignored: I've no clue what's going
wrong with MSIE and I currently cannot
.
At least in the hope there are already more than we two guys who run
Apache+mod_ssl ;-)
Opinions?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
' works
again as expected.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.0.14 (09-Oct-1998 to 01-Nov-1998)
*) Backport from 2.1 branch
would register...
Would be intressting...
So, go for it. Now you _can_ register under:
http://www0.engelschall.com/sw/mod_ssl/example/refs.phtml
Ralf S. Engelschall
[EMAIL PROTECTED
On Mon, Nov 02, 1998, Ralf S. Engelschall wrote:
[...]
So, go for it. Now you _can_ register under:
http://www0.engelschall.com/sw/mod_ssl/example/refs.phtml
Ops, sorry. Cut pasted to fast the URL of my development box.
The correct URL is the following (of course):
http
search for the correct solution together
more easily.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
e a test cert and use the pre-configured httpd.conf file
APACI installs under `make install'. Then move this stuff into your real
server environment.
Ralf S. Engelschall
[EMAIL PROTECTED]
I was able to incorporate from an article with permissions by
the author ;-) and a few bug fixes. And then I expect the next version to be
2.1.0. Timerange? One to two weeks, I think. That depends mainly on _your_
feedback...
Greetings,
Ralf S. E
of compilation being important.
Ops, did you missed the step-by-step list at the end of the INSTALL file,
John? Or is this list still not exactly what you want? Do we have to enhance
it in some way? I append you the steps below...
Ralf S. Engelschall
"" change and to document the depth calculation this
way?
Still no votes from the hacker community?
Seems like no one uses SSLVerifyDepth... ;-)
Please say "this is a bad change, because..." now or
I'll change it this way for 2.1b9/2.1.0.
an incorrect VirtualHost line.
So when 8443 doesn't work but 443 does (assuming you have matching Listen
directives both times) please let us trace this down. It should work with 8443
for you, too.
Ralf S. Engelschall
[EMAIL
should add a similar check for the HTTP port, too. Is
there a magic cookie in the first bytes of the SSL protocol which we can check
for on the HTTP port through some low-level hook?
Ralf S. Engelschall
[EMAIL PROTECTED
2.1.0 is coming...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay
programs to generate your own certs? SSLeay
comes with all those stuff, although it's not always easiy to use. The
simplest way to generate your free/own certificate for Apache is to use
mod_ssl's `make certificate' procedure.
Ralf S. Engelschall
rectly run "configure.bat"
from the shell, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
. We just have to know what SSLeay functions we have
to call on server restart time.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
as the error (do cut paste from your shell, please)?
Especially at which step does the error occur...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
One more maintainance release for the stable 2.0 branch
is available for your pleasure...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes
ne idea is to change the string
comparisons to an ID lookup, etc.
Perhaps you have more optimizing ideas?
Ralf S. Engelschall
[EMAIL PROTECTED]
On Fri, Nov 06, 1998, Trung Tran-Duc wrote:
On Fri, 06 Nov 1998 15:59:30 GMT,
Ralf S. Engelschall [EMAIL PROTECTED] wrote:
[...]
Also apache crashes on NT
when I try to restart it (apache.exe -k restart). It's inside ssleay.
I'm going to debug it...
[...]
It's run in the master
On Mon, Nov 09, 1998, Trung Tran-Duc wrote:
On Mon, 09 Nov 1998 10:03:23 GMT,
Ralf S. Engelschall [EMAIL PROTECTED] wrote:
[...]
This way we init SSLeay on every init under DSO/DLL situation but not under
Unix/non-DSO. And the pass phrase handling is done only on the first init
On Mon, Nov 09, 1998, Trung Tran-Duc wrote:
On Mon, 09 Nov 1998 10:03:23 GMT,
Ralf S. Engelschall [EMAIL PROTECTED] wrote:
[...]
This way we init SSLeay on every init under DSO/DLL situation but not under
Unix/non-DSO. And the pass phrase handling is done only
use (or under certain circumstances at least only
use one) name-based virtual hosts in conjunction with SSL. You have to use
IP-based virtual hosts. Please read the FAQ entry under
http://www.engelschall.com/sw/mod_ssl/docs/#FAQ-vhosts for more details.
Ralf S
I have quickly scanned through the FAQ for the PKCS12 CA-fix, and seen
the term there - is it the same option?
Yes, and the CA-fix you've seen is the same as mod_ssl uses under `make
certificate' (where -nobscrit is used, too).
will contain the complete user manual and sources.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
but I break those rules intentionally as a
webdesigner (and not as a HTML purist) here ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Sun, Nov 15, 1998, Mats Dufberg wrote:
On Sun, 15 Nov 1998, Ralf S. Engelschall wrote:
Yeah, it uses a width of 600 pixel. That's not to bother you. There are two
reasons for it: First this way I'm able to layout the various nested tables
more easily (where I sometimes had to specify
me it it
little bit (by running "time script", etc). But there will be no really
meaningful numbers, of course...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
for the 2.1 branch or be quiet later ;-)
The birth of the final mod_ssl 2.1.0 version is planned for Tuesday, November
17th, 1998. Because on this day we then can celebrate two birthdays: a 2.1*1
birthday and a 2.6*10 birthday... :-)
Greetings,
Ralf S. Engelschall
. Thanks for your immediate feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: configure.bat
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Wed, Nov 18, 1998, Philip Gwyn wrote:
On 17-Nov-98 Ralf S. Engelschall wrote:
Happy birthday! The 2.1.0 tarball is rolled and released. Either
it now horribly fails or succeeds, but at least it's now out. The
official Announcement is appended below. Thanks to all who
assertions for programming errors. Because why has asserting the
returned number of bytes from read() anything to do with a programming error?
It's just an I/O error.
OTOH gcache (where the assertions originally were used) is already
gone in mod_ssl 2.1...
Ralf S. E
When it then doesn't run it's easier to
find the problem. When it runs it's easy to switch over to your RPM-based
stuff with more features.
Ralf S. Engelschall
[EMAIL PROTECTED]
related problem which currently popped up
for someone else seems not to be really related to a bug of mod_ssl under
RH5.2 in general. Instead it's more a mod_perl - Extended API or other
conflict.
Ralf S. Engelschall
[EMAIL
On Wed, Nov 18, 1998, William X. Walsh wrote:
On 18-Nov-98 Ralf S. Engelschall wrote:
On Wed, Nov 18, 1998, Manuel J. Galan wrote:
I've uploaded apache-1.3.3/mod_ssl-2.1.0 to
contrib site.
Builds and installs flawlessly in an Apollo (RH5.2) system.
If you have other addon
101 - 200 of 1055 matches
Mail list logo