the _latest_ glibc. And
your version seems to be not one of the latest ;) Fine. Thanks for the
feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ot sure what you mean by "top-level".
I meant the top-level Makefile in the Apache source tree.
2. It was probably finding an old installation of ssleay before
it found openssl is my guess.
Perhaps, yes.
Ralf S. Engelschall
've messed up the distribution on download or whatever else.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ake certificate ALGO=DSA" is your friend)
and reference this instead or (better) in addition to the RSA cert/key pair.
Then the DH ciphers magically start to work ;)
Ralf S. Engelschall
You would be surprised that I guess that 50% of all problem reports could be
avoided by the submitter if he first would have read the documentation more
carefully. I usually document really everything, but people seem to not expect
this... ;)
f learning) ;)
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
'?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
quot;EAPI", i.e.
Apache-SSL ships with its own patches for the Apache API (these patches just
have no stand-alone name and are considered an integral part of Apache-SSL,
but the idea is the same as for EAPI, of course).
distribution.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
ware of binary files. Just make sure keywords are not
expanded by later doing a "cvs admin -kb" on it. That's all and doesn't harm.
Ralf S. Engelschall
[EMAIL PROTECTED]
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: ssl_engine_io.c
===
RCS file: /e/modssl/cvs
On Mon, Oct 04, 1999, Cliff Woolley wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] 10/04/99 03:40AM
Yes, someone else also reported that the pass phrase dialog doesn't
work
correctly under Win32. But I cannot fix it myself, because I've both
no real
Win32 development e
"cvs add -kb" it again; (4). moving
the tag for this file.
What'd you think?
Err... you have to do whatever fits your local policies, of course. But just
a hint: If you remove it later you can even remove it locally before
importing, too.
On Tue, Oct 05, 1999, EKR wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] writes:
On Sun, Oct 03, 1999, Eric Rescorla wrote:
Yes, someone else also reported that the pass phrase dialog doesn't work
correctly under Win32. But I cannot fix it myself, because I've both no re
nt problem or related to some
other module (PHP, mod_perl, etc.).
Has anyone else experienzed this / found a fix or is
this time to fire up the debugger?
Fire up the debugger and find out the location of the segfault, please.
Ralf S. E
few hints.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
] on the
SSL-aware VirtualHost of the Apache/mod_ssl server. Read the mod_proxy
and/or mod_rewrite documentation for details.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
L document, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
, they are just informal messages about the
stage into which mod_ssl is. They are normal, yes. Real problems are never
reported with [info], they are either [error] or [warn]. Your problems are
definetely not related to these, of course.
Ralf S. Engelschall
as expected...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
start browsing on http://www.apache-ssl.org/
for documentation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
l
distribution for a few hints...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
?
Compare your httpd.conf with httpd.conf-dist as provided by mod_ssl. The
contained SSL configuration works fine. Take over this one.
Ralf S. Engelschall
[EMAIL PROTECTED
On Fri, Oct 08, 1999, Ralf S. Engelschall wrote:
[..]
That said, if you blindly type in the password, the server
starts no problem, so it's easy to make it workable,
if a little ugly.
If I manage to produce a shippable patch, I'll post it.
Hmmm... I'm not a Win32 guy and I've
here, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
will be considered; no product-specific
sales or marketing sessions, please. Course material will be made
available to the public after the Conference.
Ken Coar
ApacheCon 2000 Chair
=
Ralf S
mod_jserv or
whatever you're using...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
this week, please take the chance and fetch the
latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should
be very stable. Please give feedback whether it works fine or fails horrible
until Friday.
Thanks.
Ralf S. Engelschall
On Tue, Oct 19, 1999, Mike Klinkert wrote:
On Tue, 19 Oct 1999, Ralf S. Engelschall wrote:
So, while I'm busy with moving this week, please take the chance and fetch the
latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should
be very stable. Please give feedback
recent MM version.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
, for MM you've to recompile Apache.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
I guess 2.4.6 is ready to be kicked out the next days.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
please start over with these newer versions.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
for the logfile if it detects some
inconsistencies. So I think you should check your certs and browser cert
caches instead.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ental stuff to make it running.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
t http ?
Hints appreciated.
As the FAQ explains, such errors usually indicate that you're speaking HTTPS
to a port where HTTP is spoken only. Make sure "SSLEngine on" is present and
that your Listen directives match your VirtualHost sections.
it to be a
very stable version which successfully passed all my tests. The corresponding
CHANGES entries for this new version are appended.
As always, you can grab it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S
, I think.
Although I'm not an expert in M$ products...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
features. Whether these servers support SSL is a different questions...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
[...]
DLL? Win32? Ok, then it's clear that you might have problems.
I assumed you're testing under Unix. I never tried this on Win32.
Ralf S. Engelschall
[EMAIL PROTECTED
servers.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
cept() calls internally a lot of code inside OpenSSL, so
this is not easy to debug. You should start by compiling OpenSSL with "-g
-ggdb3" to really get a backtrace this time.
BTW, have you checked that OpenSSL already passes its "make test&qu
be useful for you to give us a few
more details _WHAT_ exactly is the problem. If it's a compile-time problem we
usually help you (or at least give you a few hints) if we at least see the
error messages.
Ralf S. Engelschall
/apache? Would this
be legal?
50% of the people say this is not legal and the other 50% say it's in the gray
area. So you've to decide yourself what to do ;) At least you cannot expect an
official OK for this approach from RSA DSI
Ralf S. Engelschall
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Ma
until I approve it
manually once per day. This handling is to prevent any spam mails on
modssl-users.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
such a larger
growth of mod_ssl for the last month. So I've to conclude that at least some
interesting evolution for mod_ssl currently takes place ;)
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
re details about the situation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
to upgrade
your installations to the latest and most stable version now.
Fetch it now from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
oblem plus minus the bugs
I've introduced with the patch itself. It's a patch against 2.4.7.
Please give me feedback.
Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.
On Wed, Nov 03, 1999, Ralf S. Engelschall wrote:
[...]
I forgot to say that if you give the patch a try make sure you test it
correctly. That is, you should test it by especially performing various server
restarts and by at the same time requesting pages with 40bit/export browsers.
Else
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
scratch and make sure the patches are correctly applied.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
that the module _HAS_ to crash. But if it
(uncleanly) depends on some internals of Apache, it will certainly crash.
Ralf S. Engelschall
[EMAIL PROTECTED]
add
-DEAPI to the apxs command line.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
On Sat, Nov 06, 1999, Tim Niemueller wrote:
Are there anywhere RPMs with at least Apache 1.3.9, mod_ssl 2.4.x and
mod_perl (and perhaps mod_php3*)?
http://www.modssl.org/contrib/ !?
Ralf S. Engelschall
[EMAIL
SSLCertificateChainFile to the intermediate CA file is correct. If
you get an error I guess the CA file is not in PEM format or something else is
messed up. Use "openssl x509 -noout -text -in file" to make sure OpenSSL can
read the CA file.
Ralf S. E
mod_ssl's and Apache's INSTALL
document, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
d the
pass phrase dialog will not occur. Read the FAQ for details and resulting
implications of this approach.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
r_scan.c ssl_expr_parse.c
ssl_expr_parse.h".
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
asn't used for
compiling Apache and mod_ssl! mod_ssl uses the SSLeay tag only for approx.
SSLeay/OpenSSL = 0.9.0. So, the version which is actually compiled in _is_
old ;)
Ralf S. Engelschall
[EMAIL
it. Then although
the cert's DN is still the same, the ingredients are not. Then this causes
exactly the above error. So check your browsers security dialog for
cached/remembered certs of your server.
Ralf S. Engelschall
your hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Suppo
ar the entry in your browser for the old
| certificate, everything usually will work fine. Netscape's SSL
| implementation is correct, so when you encounter I/O errors with Netscape
| Navigator it is most of the time caused by the configured certificates.
|
On Thu, Nov 11, 1999, dave madden wrote:
=From: "Ralf S. Engelschall" [EMAIL PROTECTED]
=...
=Yes, and details about this situation and problem are in the mod_ssl
=documentation since a long time - directly under the entry for
= SSLRandomSeed.
=But people often like it mor
alues as /dev/random, of course...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
and the segfault is caused by the bug I've
already fixed in mod_ssl 2.4.8. So my suggestion is: Upgrade to mod_ssl 2.4.8
and try again. I'm 90% sure your segfault will go away...
Ralf S. Engelschall
[EMAIL PROTECTED
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
ld-environment under
Windows, because Windows users are used to their graphical GUI-based Visual
C++ environment. I thought and still think this is a horrible inconsistency,
but I couldn't convince anyone to use a Unix-style environment also for the
Windows platform
ssl;
else
no ssl;
Yes, or even more defensive:
| #ifdef EAPI
| if (ap_ctx_get(r-connection-client-ctx, "ssl") != NULL)
| ssl;
| else
| #endif
| no ssl;
Ralf S. Engelschall
8,6 +498,7 @@
* Restore STDERR to Apache error logfile
*/
dup2(STDERR_FILENO_STORE, STDERR_FILENO);
+close(STDERR_FILENO_STORE);
#ifdef WIN32
fclose(con);
#endif
Thanks for the hint.
Ralf S. E
for the
HTTPS virtual host (either by repeating them or by making sure they are
configured _outside_ of all virtual host sections).
Happy B-day to Ralf! :)
Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED
hort:
BUFF = ctx = request_req
In code (without error checks):
ssl = ap_ctx_get(buff-ctx, "ssl");
req = (request_rec *)SSL_get_app_data2(ssl);
Ralf S. Engelschall
[EMAIL PROTECTED]
Please, do a "make distclean" and recrun
your configure.shaman script then again.
Ralf S. Engelschall
[EMAIL PROTECTED]
e comments ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modss
ide ssl_engine_io.c. Interesting.
BTW: My messages reach the list after a delay of MANY hours. It means
that I'm recognized as a user who is not subscribed to the list. But
I am subscribed. Can it be fixed?
No, your messages are not bounced to my admin accounts for approval.
So your delay has to
ssl_util_ssl.c. It's not complicated if one
knows how.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
situation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.
will recognize that --with-ssl
specifies the directory where OpenSSL can be found, not the directory where
mod_ssl stays.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ssl;
| else
| #endif
| no ssl;
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
configuring the modules.
I guess you're using an "SSLRandomSeed connect /dev/random 512" and your
/dev/random device is a blocking one. Read the FAQ for more details, please.
Ralf S. Engelschall
[EMAIL
ether
your DBM storing doesn't work I don't know. Seems like a sensible vendor DBM
library. But now that it works with SDBM you don't have to care about it.
Alternatively you can also try the shared memory session cache (via MM
library).
Ralf S. E
FTPSearch. This way I don't have to update the stuff all the time...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
+StdEnvVars' to your httpd.conf file (for more details
read below) to make sure your CGI/SSI scripts still get the SSL_XXX
variables.
Fetch it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
efault
configuration with your one. If does not, complain again.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
(ap_ctx_get(c-client-ctx, "ssl") != NULL)
+result = "on";
+else
+result = "off";
+}
}
/*
This should now make the above "RewriteCond %{HTTPS} !=on" allow to work a
a server.crt and a
server.key for each vhost? Are there other options?
If you don't want to use wildcard certs (= certs with *.domain as the
CN) you need a unique cert/key pair for each virtual host in practice.
Ralf S. Engelschall
or am I missing something?
Make sure you are really using the corresponding private key (which
Thawte doesn't know, so its useless to ask them about this).
Ralf S. Engelschall
[EMAIL PROTECTED
On Sat, Nov 27, 1999, Kees Vonk 7249 24549 wrote:
I am having some problems with getting apache with mod-ssl to
work properly. Can anyone tell me how I
subscribe
to this mailing list.
By reading http://www.modssl.org/support/, please.
Ralf S
with the prefix-based ProxyPass.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
still do not understand your actual problem. What do you mean by
"does not enter". What error messages occur for you. What is logged in
Apache's logfiles?
Ralf S. Engelschall
[EMAIL
Apache 1.3 API, "
"this module might crash under EAPI! "
"(please recompile it with -DEAPI)"
Ralf S. Engelschall
[EMAIL PROTECTED]
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
speaking HTTPS to a port where only HTTP is spoken. Check
your server configuration by comparing it to the distributed
conf/httpd.conf-dist file, please.
Ralf S. Engelschall
[EMAIL PROTECTED
such an old version: mod_ssl 2.3.0! Use Apache 1.3.9 plus
mod_ssl 2.4.9 and recompile them from scratch by following mod_ssl's INSTALL
document step-by-step (in case there is no RPM flying around for these
versions).
Ralf S. Engelschall
means you can just upgrade mod_ssl via --with-apxs easily. If there is no
libssl.so and "httpd -l" shows "mod_ssl.c" you have to recompile the Apache
and mod_ssl completely.
Ralf S. Engelschall
?
Are you sure you're compiling and linking with a correct gcc installation,
i.e. make sure your gcc is _exactly_ built for your Solaris version (run "gcc
-v" and watch the version strings in the path names). Additionally make sure
the correct linger is used.
601 - 700 of 1055 matches
Mail list logo
