. It's
already prepared, but I've still not written documentation for it nor tested
in depth. But when you're interested I can send you the patch in the meantime.
Ralf S. Engelschall
[EMAIL PROTECTED
.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.3.2 (28-May-1999 to 08-Jun-1999)
*) Removed obsolete mca.sh script and updated cca.sh
-tagcert.c?
** You need the old Berkeley-DB 1.85 library for compiling this program.
** Fetch it from ftp://ftp.netsw.org/netsw/Database/Hashfile/Libs/
Ralf S. Engelschall
[EMAIL PROTECTED
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.3.3 (08-Jun-1999 to 09-Jun-1999)
*) Various type fixes for Session Cache code.
*) A few fixes to make the Win32 world
e
excellent book from L.Stein and D.MacEachern "Writing Apache Modules in Perl
and C". There all those gory details are explained very well.
Ralf S. Engelschall
he
running process (with gdb you usually can say "gdb file pid") and look
where it's hanging. I'm sure it doesn't do busy waiting in a loop. Perhaps it
waits endless for a timeout in some read, etc.? But as I said, without a
debugger you've no chance...
is of a more esoteric format, of course.
It was already added somewhere in versions 2.2.x
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
llent book from L.Stein and D.MacEachern "Writing Apache Modules in
Perl
and C". There all those gory details are explained very well.
Unfortunately the book isn't still isuued in Italy !
Err... www.amazon.com has the book and delivers world-wide, of course.
available, but it needs a
few more months, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
ly added to your Apache
source tree. the AP_MM is in ap_mm.h and this _IS_ included. Check for
ap_mm.h in src/include/, perhaps it's missing?
Ralf S. Engelschall
[EMAIL PROTECTED]
possible, but only when you follow my instructions in the INSTALL
document more carefully. Hmmm
In short:
You've to use --with-mm for mod_ssl's configure script or EAPI_MM for APACI.
Ralf S. Engelschall
[EMAIL
you please try
to track down, why it fails? I.e. especially at which function call inside
mm_create()...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
ideeas of what
the problem could be ???
I get the same error when I try to start HTTP as SSL, so I doesnt matter if
I try to change SSLSessionCache ?
Oh, I forgot to ask: What platform are you using?
Ralf S. Engelschall
Just FYI: those which had problems compiling MM (especially under AIX and
friends or related to the Awk problems) can now find the released MM 1.0.8 on
the net.
Ralf S. Engelschall
[EMAIL PROTECTED
akefile generation should fail. Hmmm.. is it possible to show me the exact
output of the APACI configure run when it fails? Because I want to fix it, but
I'm still confused and don't know what exactly I should fix
Ralf S. Engelschall
the
purchased certificates mainly offer is that their CA certificates are
pre-configured in most browsers. For test certificates this isn't the case.
But technically they are not better than self-constructed test certificates.
Ralf S. Engelschall
to remove the passphrase so that
if we remotely reboot the machine it will not sit and wait for the phrase before
finishing the boot process.
How would I go about doing this?
http://www.modssl.org/docs/2.3/ssl_faq.html#ToC20
Ralf S. Engelschall
is automatically done by the SSL handshake phase.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
hat port. I
really don't have a clue what I did wrong. I did set the CN to the same
hostname as i'm using when i test this.
"SSLLogLevel trace" should be your friend to find out more...
Ralf S. Engelschall
SSLCertificateKeyFile. Check these, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
SOURCE ARE
is not the correct location, of course. But you can use whatever fits your
platform. When you're still not sure what you should specify, then use
--prefix=/usr/local/apache, please.
Ralf S. Engelschall
[EMAIL
ll the SSL as a module? And why I can install it? Could I use
the old server-binary?
As said, you cannot use it because you need EAPI - the API extension for
Apache which is required for mod_ssl.
Ralf S. Engelschall
[EMAIL
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
,
isn't it?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
for this platform. Please try to trace down to what
SSL_DBM_FILE_SUFFIX_{DIR,PAG} is set any why. Thanks for your help.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
are bogus.
Do a ``touch ssl_expr_scan.c ssl_expr_parse.c ssl_expr_parse.h'' and try again.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ion
cache, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
shared memory implementation! But MM and
mod_ssl check this, so don't worry to much about this. A cache of 512 KB is
usually fine.
Ralf S. Engelschall
[EMAIL PROTECTED
/libssl.so: undefined symbol: ap_global_ctx
I get this message when a restart the apache server.
Seems like your Apache core part isn't compiled with EAPI.
A plain Apache doesn't work.
Ralf S. Engelschall
[EMAIL PROTECTED
. But when you have lots of HTTPS traffic you
can increase this, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
olution would be best (I think the "Satisfy" solution should be it), so
please try to investigate yourself a little bit. When someone already known a
good solution let it me know: I'll send add it to the HowTo chapter of
mod_ssl's user manual.
Ralf
On Wed, Jul 14, 1999, Ralf S. Engelschall wrote:
I'm new to mod_ssl, and I have a question regarding the use of SSLRequire.
I am using Apache 1.3.6, mod_ssl 2.3.5, and PHP 3.0.8 on Redhat Linux 6.0.
I have looked through the manual, FAQ, the Howto, and tried searching
through
which component.
I've removed this from the INSTALL.Win32 for now. Let's see what happens... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
/apache --activate-module=src/modules/php3/li
bphp3.a --enable-module=ssl
Seems like the EAPI patches were not successfully applied to your Apache
source tree. Please start again from scratch with fresh source trees.
Ralf S. Engelschall
.
Thanks for the hint, Rasmus.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
ctions?
If not, I'll try to take it over for 2.4.0.
Thanks for your contribution, David.
Ralf S. Engelschall
[EMAIL PROTECTED]
Just write a first cut of such a README.Cfg or whatever
document and let others contribute their ideas and experiences. We can include
this into the mod_ssl distribution.
Ralf S. Engelschall
[EMAIL
think.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
.
We cannot give you an answer unless you find out the location of the core
dump, of course. Look inside the mod_ssl FAQ for details on how to get a
backtrace in the debugger.
Ralf S. Engelschall
[EMAIL PROTECTED
vice versa.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
raceful restart".
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
it doesn't
require an underlying file, so it never occured. On your platform it seems to
use a temporary file, so you lost one fd per restart.
Ralf S. Engelschall
[EMAIL PROTECTED
in
such case as well ! Of course MM is faster but magnitude... Hardly...
Yeah, "magnitude" certainly was the wrong word, of course.
Ralf S. Engelschall
[EMAIL
and mod_cache...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
it seems this
function doesn't find anything for you. It would be fine when you can trace
down this function and find out why it doesn't why any CA certs for you.
Ralf S. Engelschall
[EMAIL PROTECTED
of-the-box"
Oh, good to know. Thanks for the note.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
ich _reverses_ the owner
again, of course. And when the above is true, the server usually have to
complain with "Cannot open SSLSessionCache DBM file `%s' for writing (store)"
or "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)" - which it
doesn't for you. Very confusin
coming from the OS IMHO. What exactly is your "error 3", i.e. what is written
down in the error log and on stderr?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
Apache which includes the EAPI stuff. Do yourself a favor and start
from scratch by following the INSTALL document in the mod_ssl distribution or
use a precompiled Apache+EAPI RPM binary.
Ralf S. Engelschall
[EMAIL
not found time to review it)
o David Harris's fix for graceful restart problem
(because I've still not found time to review it)
o The old "SSLListen" idea
(because it still doesn't work I want it to work)
Greetings,
Ralf S. E
to use SSL_read/SSL_write instead of read/write when you perform
any fprintf/fputs/etc calls. It's better to use OpenSSL BIO library for this.
Ralf S. Engelschall
[EMAIL PROTECTED
a
good idea to overcome the /dev/random variants which block: we could read in
non-blocking mode. H... that would be perhaps a reasonable thing. Any
opinions?
Ralf S. Engelschall
[EMAIL PROTECTED
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
when one references the CA cert via
SSLCACertificatePath or SSLCACertificateFile instead of
SSLCertificateChainFile).
Ralf S. Engelschall
[EMAIL PROTECTED
socket-related
errors.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
: *** [build] Error 2
Can anyone suggest how/what I need to do to fix it?
libRSAglue.a is not linked in, but it's needed AFAIK.
Is this an OpenSSL bug?
Ralf S. Engelschall
[EMAIL PROTECTED
it works !?
Could anyone help me???
Perhaps "perl" is not in PATH?
Ralf S. Engelschall
[EMAIL PROTECTED]
by an
explicit openssl x509 command or at least by using the -x509 option of openssl
req.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
f
mod_auth.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
and fds:
*) Fixed memory leaks on restarts related to shared memory session cache:
the MM object wasn't removed at all.
So even when you have only a few vhosts, but do lots
of restarts, the problem can occur with 2.3.6 versions.
Ralf S. Engelschall
. BTW, try to start the
server with option -X and look whether it really returns immediately.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
ve to admit that I currently
forgot what the reason was that have not done this already. I'll think about
this again
Ralf S. Engelschall
[EMAIL PROTECTED]
inside the CGI/1.1 specification for details.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
n which is also used in the fixup
handler. So you don't have to run the fixup handler manually.
Ralf S. Engelschall
[EMAIL PROTECTED]
nt
variables. See the mod_ssl documentation for details.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
that some DBM libraries get crazy when one iterates
over the contents and deleting elements in parallel. The new function now
uses a two pass approach where this should no longer happen (hopefully ;) When
2.3.7 is released, please upgrade.
Ralf S. Engelschall
SSL
based?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
s for your contribution, David.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
interesting what comes next ;) Sorry for the inconviniences.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.3.9 (25-Jul-1999 to 26-Jul-1999
mod_ssl's buffer instead
(again) from the SSL I/O layer.
Please test the appended patch and give feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: include
+ mod_ssl 2.3.6 and previous versions run all fine on my
machine (with same apache configuration).
Perhaps the directory /services/httpsd/run/ doesn't exist?
Ralf S. Engelschall
[EMAIL PROTECTED
here?
BTW, what does ISS do? Does it really renegotiate between the MIME headers and
the following POST body?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
* directives).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
the scripts in the mod_ssl pkg.contrib/
subdir or even better: www.openca.org
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
for the cached certs and keys ( 10KB). The
remaining 30KB seem to be allocated by OpenSSL's SSL context, I think.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
your forum is this mailing
list ([EMAIL PROTECTED]) and the website http://www.modssl.org/.
3. To reduce your package confusion, start from scratch by reading
mod_ssl's INSTALL document _carefully_ (assuming you choose mod_ssl).
Ralf S. E
On Tue, Jul 27, 1999, Arend van der Veen wrote:
[...]
2.removed nscerttype=ssICA
3.remove nscerttype=client
[...]
What are the reasons?
Ralf S. Engelschall
[EMAIL PROTECTED
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
st elegant but also most non-portable Mutex variant
where a SysV IPC Semaphore (under Unix) and a Windows Mutex (under
Win32) is used when possible. It is only available when the underlying
platform supports it.
Ralf S. E
with 2.3.6 as
others reported.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
r the POST problems
which occured under per-URL SSL parameter re-configuration (read below for
more details).
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
(for instance found via a debugger) we cannot do anything for you.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
for the feedback.
Not that I know it also works for you, I'm even more happy.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
it's a single string. So the
above seems to be equal to
SSLRequire ( %{SSL_CLIENT_S_DN_CN} in
{ "apv\n" } )
and this way fails. Sorry, but file() is very weak.
Ralf S. Engelschall
[EMAIL PROTECTED]
et. I'll investigate
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
tx != NULL)
+r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
rv = -1;
if (r != NULL) {
Ralf S. Engelschall
[EMAIL PROTECTED]
for 2.3.11.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
ot;%c", randbyte());
}
So your fix is already included for 2.3.11. Thanks for your feedback. I'll
also try to work on your two other suggested patches (the renego-patches and
the proxy-patches) for 2.4.0.
Ralf S. E
On Thu, Jul 29, 1999, [EMAIL PROTECTED] wrote:
[...]
HELL! What's going on???
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Seems like today a mail loop occured between the Jitterbug system and the
modssl-users mailing list (where the bug reports are forwarded to). I've
temporarily disabled the forwarding until I know more about the reason. Sorry
for the inconvinuences.
Ralf S
. The function is
mapped to
BOOL ReleaseMutex(HANDLE hMutex);
Ohh... one more Apache API corner which is inconsistent :-(
Ok, good to know. Thanks for point this out.
Ralf S. Engelschall
[EMAIL PROTECTED
On Thu, Jul 29, 1999, George Milz wrote:
Does anybody have the latest Apache build that has SSL and runs on NT
4.0 (service pack 5)?
www.opensa.de ?!
Ralf S. Engelschall
[EMAIL PROTECTED
ca -gencrl' command. See pkg.contrib/cca.sh
in the mod_ssl distribution for an example.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
in the users homedir.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
it cleans up the stuff. Now comitted for 2.3.11. Thanks, David.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Mon, Aug 02, 1999, Prapan Chantavutsettee wrote:
Could you please tell me where I can get the built-in SDRM library ???
In short: --enable-rule=SSL_SDBM
In long: read the INSTALL document!
Ralf S. Engelschall
401 - 500 of 1055 matches
Mail list logo