himself under this platform. So it's reasonable
to not distribute official Win32 binaries.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
TO REBUILD ALL PARTS.
And in practice this means recompiling with -DEAPI.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
use only an own compiled Apache+mod_ssl+mod_perl+whatever
bundle and not intermix RH's SRPM stuff with third party stuff.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
all parties (RSA DSI and RH) we
should add this information to the mod_ssl FAQ. Because this is mostly FAQ#1
for US citizens...
Ralf S. Engelschall
[EMAIL PROTECTED]
on September 20, 2000. This is in two years, Preston. And
two years in real life is a long time on the web... In the meantime a
compromise seems to be reasonable.
Ralf S. Engelschall
[EMAIL PROTECTED
d the most important
questions for which we need an RSA DSI answer: 1. Is it ok to apply the bought
license to a different package and 2. which RSA-code has to be used (the one
from BSAFE, or from RSAref, or from SSLeay). Now I'm very corious about the
response.
ion
being run?
Perhaps you also want to disable mod_info...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing
to the dialog box. At least I don't know
what we could do different on server/mod_ssl side... :-(
Ralf S. Engelschall
[EMAIL PROTECTED]
k whether
it now works for you or not.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod
labla" output when configuring Apache?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
generic "gcc" platform doesn't work.
Run SSLeay's "Configure" script without arguments to see the list of
supported platforms. Then choose the one describing your system best.
Ralf S. Engelschall
[EMAIL
now finally found the original ITU-T X.509 specification on
the net. A hyperlink to it was added to the Related area under:
http://www.engelschall.com/sw/mod_ssl/related/ssl.html
For those of you who are masochistic... ;-)
Greetings,
Ralf S
writing to STDERR in
# Perl really writes immediately as one would expect
#
-perl -e '
+$perl -e '
@p = ("|","/","-","\\");
$i = 0;
while (STDIN) {
Try it out and give some feedback, please.
the canonical name (i.e. one you specified
by ServerName) you have to additionally use "UseCanonicalName on".
Then all things should work fine...
Ralf S. Engelschall
[EMAIL
to this
version.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.0.12 (23-Sep-1998 to 02-Oct-1998)
*) Cleaned up gcache stuff again
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
ou can use
a single DirectoryMatch instead of more Directory sections. This at least
reduces the redundancy in writing down the stuff a little bit.
Ralf S. Engelschall
[EMAIL
es with a fixed file extension, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interfac
ot_ needed.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
(or at least a SSLRequireSSL to
prevent access to those dirs through the SSL-disabled VirtualHost).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
mechanism in LDAP to overcome those things? Can
the LDAP filter funtions be used for this? Hmmm... my current LDAP knowledge
is too less here, sorry.
Ralf S. Engelschall
[EMAIL PROTECTED]
-inform DER -in iis-server.key -outform PEM -out server.key
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
. What's the opinion of others?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.co
\.com(:443)?$
RewriteRule ^/.* - [F]
The check for the not existing Host header is just to allow old browsers (who
don't send it) access, too. If you don't want this, leave the SetEnvIf for
^$ or the RewriteCond for "" out.
you don't need the compat code you can just build
mod_ssl without it by using --disable-rule=SSL_COMPAT, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
to convert such a IIS cert/key for Apache+mod_ssl.
Because I think it would be useful to share this experience with the others
upgraders...
Ralf S. Engelschall
[EMAIL PROTECTED
the not used writev() is really a
network performance problem. Usually Apache's performance penalties exists at
other corners, AFAIK.
Ralf S. Engelschall
[EMAIL PROTECTED
On Sat, Nov 28, 1998, Ralf S. Engelschall wrote:
On Sun, Nov 29, 1998, Anthony Rumble wrote:
[...]
When will EAPI have writev support..
I've now again searched for the details. When we want to create a SSL_writev()
by trying to emulate writev() we have no chance. On most systems writev
sense, because of the
re-fragmentation in the SSL record layer. So even when a SSL_writev() could
exists it would not write it's iovec is one step.
Ralf S. Engelschall
[EMAIL PROTECTED]
as expected also for you
with 2.1.1 in the next days) and try it out once without the LoadModule
command for libssl.so and once with the LoadModule command. Only this way you
can be sure that the problem is really caused by mod_ssl+SSLeay.
Ralf S. Engelschall
nger force NO_WRITEV) and the CA
list is send on client authentication. Additionally a lot of minor bugfixes
were done, of course.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
there will be not two
release branches (which I guess is what you asked about).
Ralf S. Engelschall
[EMAIL PROTECTED]
to suggest
apply.sh be changed in this way.
Yes, this patch (it's a stripped down patch 2.1) accepts "--directory
dirname", too. I'll change it for 2.1.2 to make your life easier.
Ralf S. Engelschall
more more what we want to know ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
working on it.
Expect it to be updated today.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
Here is the next pure bugfixing release. In addition to other minor fixes it
mainly solves the problem where under Linux boxes the DBM library wasn't
correctly found.
Ralf S. Engelschall
[EMAIL PROTECTED
On Thu, Dec 03, 1998, Ralf S. Engelschall wrote:
[...]
Changes with mod_ssl 2.1.2 (30-Nov-1998 to 03-Dec-1998)
[...]
The FreeBSD port is now again in sync with the current release version: I've
updated the www/apache13-modssl port to Apache 1.3.3 + mod_ssl 2.1.2 now.
Happy packaging
happy with 2.0.x (not failures occur) and don't need one of
the new features of 2.1, you can wait, of course. Apache 1.3.4 should be
released at least before Christmas ;-)
Ralf S. Engelschall
[EMAIL PROTECTED
--with-apxs instead of --with-apache and
anything else works magically ;-) Let it me know when I can use you as a
beta-tester for this stuff...
Ralf S. Engelschall
[EMAIL PROTECTED]
$ SSL_BASE=... ./configure ...
or
$ SSL_BASE=...
$ export SSL_BASE
$ ./configure ...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
somewhere or the ELF stuff confused the
library generation. Because the port works fine at least under my FreeBSD
2.2.6 box.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
unsigned int UINT4' works.
Perhaps your SGI box has a similar problem?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
... Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Offici
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
or runtime dirs.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
) which can be
used to easily upgrade the libssl.so.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.3 (03-Nov-1998 to 05-Dec-1998
have to do finally is to
restart your server.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
pts:$x86_elf_asm",
And then configure SSLeay with "perl Configure FreeBSD-elf" instead of "perl
Configure FreeBSD". Do a "make clean" first!
Then all went fine for me
Ralf S. Engelschall
On Mon, Dec 07, 1998, Todd Vierling wrote:
On Thu, 3 Dec 1998, Ralf S. Engelschall wrote:
: And one more question: What's the reason you have to name the DSO
: mod_ssl.so instead of libssl.so? Because of the conflict with the "real"
: libssl.so?
Now I can't remember whether
ice you to look inside the Apache logfiles.
Perhaps you get a connection but SSL is just not enabled (don't trust a
"cannot connect" message, it can mean a lot of things).
Ralf S. Engelschall
users will appreciate it, so it's fine that you work on this, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
". Because "make install"
doesn't override existing ssl.*/* files once they were created. And I guess
you messed up something the first time.
Ralf S. Engelschall
[EMAIL PROTECTED]
webserver is Year 2000 compliant, too. But whether SSLeay or the
| underlaying Operating System (either a Unix or Win32 platform) is Year 2000
| compliant is a different question which cannot be answered here.
Ralf S. Engelschall
e. In your case, the
Basic Auth is a facility on the HTTP layer. Under HTTPS below the HTTP layer
there is the SSL/TLS layer. And before the HTTP layer does any data
communication the SSL/TLS layer has already done the handshake and switched to
encryption.
Ralf
On Tue, Dec 15, 1998, Enrico Badella wrote:
Hello Ralf S. Engelschall, in a previous mail you wrote:
Does anyone know an existing webserver on the net where SSL client
authentication is requested on a per-URL basis? And does anyone know the URL
of such a server, so I can establish
On Wed, Dec 16, 1998, Ben Laurie wrote:
Ralf S. Engelschall wrote:
I just want to _try_ to connext in order to observe the SSL protocol
details the Netscape server uses when forcing the SSL renegotation.
Why?
Why? As I already said: to compare Netscape's behavior with mod_ssl's
?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw
On Wed, Dec 16, 1998, Brad Cox wrote:
At 5:39 AM -0500 12/16/1998, Ralf S. Engelschall wrote:
Why? As I already said: to compare Netscape's behavior with mod_ssl's behavior
in case of a renegotiation, of course. Because when you look carefully into
the SSL/TLS protocol specs you find
stuff.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
essential?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Offici
to the mod_ssl FAQ for 2.1.4.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay
ermany and
| distributed from Switzerland.
|
| p
| So, mod_ssl and SSLeay are not affected by the Wassenaar Agreement.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.
-1.3.3.tar.gz. And it unpacks correctly. I've tried it directly
on the webserver. Can it be that you download it to Windows and have local
problems there? Because your file seems to be correct, but perhaps your tar or
gzip is buggy.
Ralf S. Engelschall
On Mon, Dec 21, 1998, Martin Kraemer wrote:
On Mon, Dec 21, 1998 at 04:45:10PM +0100, Ralf S. Engelschall wrote:
On Mon, Dec 21, 1998, Enrico Badella wrote:
I have just downloaded (again) mod_ssl-2_1_3-1_3_3_tar.gz and it fails
to unpack correctly
Hmm Ralf... I just tried
t all your stuff into a PKCS#12 format file with the
pkcs12 program and import this into Communicator with the corresponding Import
button under the Security panel.
Ralf S. Engelschall
[EMAIL
interested.
The distribution for OpenSSL 0.9.1c you can also grab from there, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.4 (05
bers to do
something (especially releases ;-), etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to
and a
backtrace it's hard to find the location of the SIGSEGV.
I'll try it out myself on my Solaris 2.6 box the next days.
In the meantime perhaps you can get a core on your platform, Jan?
Ralf S. Engelschall
[EMAIL PROTECTED
contents.
Now, I'll have to look into the documentation again to find how to do that.
Look inside the FAQ, there is the command written down.
In short: $ ssleay rsa -in cakey.pem -out x mv x cakey.pem
Ralf S. Engelschall
on at least your platform. When you
can find out something, I'm still interested. Because although it's not really
mod_ssl related, it's important for OpenSSL. Perhaps we have some sort of a
bug there which causes these problems...
Ralf S. Engelschall
of
| --with-apxs).
But please read it carefully: The generated libssl.so doesn't work with a
plain Apache. Your Apache has to already contain the Extended API.
Ralf S. Engelschall
[EMAIL PROTECTED
Just a few bugfixes to keep you up-to-date and bug free, nothing dramatically.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.5 (23-Dec-1998
details on SGC. There I've written down all I know
about this stuff.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
a particular IP address? [more a standard apache rather
than mod_ssl issue].
AFAIK we've no mechanism which limits the connections on a per IP basis. But
you can write a patch which implements this within a few hundrets of lines of
code, I think.
Ralf S
to be secured, too.
Or at least under the same virtual SSL-aware server.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
sl library) and BINGO: All
works fine. No more core dumps on new SSL connections.
Seems like we should add a "pic" option to the Configure scripts which either
adds -fPIC (for GCC) or -KPIC (for SVR4), etc...
urrently no analysis available how good at least the default
behaviour of the RAND stuff is. It's currently based on calculating message
digests out of various data from stat(), time(), etc. calls which are
available while the SSL library operates.
. This should at least solve the
problem for you. But does anybody know how I can convince GNU Bison to not use
alloca?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
lem went away for me
then. Alternatively you can build mod_ssl without DSO? Or do you already
compiling mod_ssl statically? When this is the case I've still no clue why the
RSA part of SSLeay dumps core.
Ralf S. Engelschall
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.7 (06-Jan-1999 to 11-Jan-1999)
*) Fixed APXS support for configure script: The --with-apxs was broken
On Mon, Jan 11, 1999, Fritz Elfert wrote:
On Sat, 9 Jan 1999, Ralf S. Engelschall wrote:
As Jan Wedekind [EMAIL PROTECTED] and others already discovered for
mod_ssl, SSLeay and OpenSSL dumps core on some platforms when used under a
Dynamic Shared Object (DSO) situation. For instance
r having flexibility.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/
ought I can
provide the %{errcode}c and %{errstr}c variables for mod_log_config, so I've added the
ap_ctx_get for them. But then I've forgot to provide the variables over time.
It's now fixed for mod_ssl 2.1.8. Thanks for the hint.
Ralf S. Engelsc
exactly it segfaults?
Look inside the mod_ssl FAQ under debugging for details on how to create such
a backtrace.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
as I see the problem.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/
are also enabled in NS. For this
look on the Security-Navigator-Configure-SSLv3 panel. Third I recommend you
to use "SSLLogLevel trace" to see what's happending on the SSL handshake
phase.
Ralf S. Engelschall
e actually reaching your server.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLea
is already at this stage. Perhaps the server.key is not PEM
encoded, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
tion is offtopic for this list but I couldn't
find anything in the manual or FAQ.
I think, IE will not accept connections until you've loaded your CA cert into
IE for correct verification of the server cert.
Ralf S. Engelschall
directives and your IP addresses.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
. H
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Offici
n my queue...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
-
It's good?
Currently you can only use RSA Private Keys with mod_ssl, so you've no choice.
Although in the near future support for DSA/DH cert/keys will be supported...
Ralf S. Engelschall
[EMAIL PROTECTED
production
servers should be now finally upgraded to this stable 2.2 version.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.2.8 (29
between the APIs?
No, there is no (official?) cooperation (possible?).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
for TLSv2, I
think... :-(
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
ve no clue why. At
least the code is correct AFAIK. Please try to find out why this causes the
segfault on your platform. As a workaround you can try to force mod_ssl to use
SSL_USE_FLOCK when flock() is available. Just patch the mod_ssl.h header for
this.
201 - 300 of 1055 matches
Mail list logo