us know details when available, i.e. patches ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
T / HTTP/1.0\n\n" and see the HTML welcome
page of Apache?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Offici
In article you wrote:
Ralf S. Engelschall wrote:
Ok, I make you an offer: Create a temporary rse account on your box which has
around 15 MB free disk space available and I'll try to setup Apache on your
box and debug the code on your specific platform. I'm sure it's a local
platform
fine("SSL");
+#endif
+
#ifndef TPF
while ((c = getopt(argc, argv,
"D:C:c:Xd:f:vVlLR:Sth"
Although I personally don't want to commit it to the mod_ssl source
tree, because I think it's a too specialized thing.
o, for the first case you don't have to worry
about the boot procedure and for the second case you can use the
SSLPassPhraseDialog filter programs when you really want to make sure it
doesn't stop because of an interactive prompt.
Ralf
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
ou can use RSAref even with this Apache+mod_ssl+SSLeay+PHP combination,
of course. I just wanted to avoid bloating up the example with RSAref stuff.
Ralf S. Engelschall
[EMAIL
of Unix ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
configuration and 2. what
exactly is the problem, i.e. what exactly fails to work under which change?
Ralf S. Engelschall
[EMAIL PROTECTED]
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
this works for you.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
.csr/server.csr" which confused the script. It's a quick
hack, so don't expect it be clever. It's written to have all in the current
working directory. So use it this way or you've at least to enhance it a
little bit.
buggy on Solaris, why does the above assignment of an RSA method
fixes anything? Please give me more background information.
Ralf S. Engelschall
[EMAIL PROTECTED
ugh?
Under mod_ssl-Related-SSLeay there is a big fat hyperlink as I said. And it
points to http://www.drh-consultancy.demon.co.uk/pkcs12faq.html. Hmmm...
Ralf S. Engelschall
[EMAIL
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: mod_ssl.h
===
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules
*
| * 1^0 ^(Reply-to|Sender):.*sw-mod-ssl@.*
| sw-mod-ssl
Ohhh... cool! I've changed my entry according to your recipe now.
Thanks for the hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
again and give me feedback whether it now finally works or
not. Because I want to make sure mod_ssl 2.2.3 is really stable.
It works!!
Fine, then I can be committed for mod_ssl 2.2.3 which should be released
tomorrow. Thanks for the quick feedback.
Ralf S
scheduler and it's mostly
unpredictable context switches.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
If this is a list I'm not on it.
Yes, as the webpages and SUPPORT texts indicate, this
is a list. I'll send a carbon copy to you, too.
Ralf S. Engelschall
[EMAIL PROTECTED
unpleasant surprises :)
From 2.1.8 to 2.2.x it should be painless. With = 2.1.7 you need to recompile
Apache because of EAPI changes, I think. But try it out: It's a matter of 10
minutes to compile with APXS and test it ;-)
Ralf S. Engelschall
SL_SDBM=default" line. Check this, mod_ssl's configure script should have
added this line together with some other SSL_xxx stuff. I guess you messed up
the apache_1.3.4 source tree with the tests. Please try again with a freshly
extracted apache_1.3.4 source tree.
ult[0] == NUL)
+result = NULL;
return result;
}
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
timeout.
SSLSessionCache is enabled.
Hmmm that's crazy. I currently cannot image what happens for you, except
that storing the session keys into the DBM file might fail. There are no
error messages in the mod_ssl logfile?
Ralf S. Engelschall
u're using
an older version where no SSL_SDBM is at all ;-)
For mod_ssl 2.2.x the above part reads:
#SSL_BASE=/usr/local/ssl
#RSA_BASE=/usr/local/rsa
Rule SSL_COMPAT=yes
Rule SSL_SDBM=default
Rule SSL_EXPERIMENTAL=no
Ralf S. E
authentication. Alternatively
I think some AFS-based websites also used the mod_auth_external to
authenticate via AFS...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
You can't modify it after it's signed, of course. But you
theoretically could use it to sign other certs, yes.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
the FQDN in the
used URL to access the cite. But that's only _one_ possibility for this alert,
of course. It can be also that the certificate is incorrect in any way.
Ralf S. Engelschall
[EMAIL PROTECTED
not officially support (because I cannot test
it myself and binaries always cause too much problems).
At least when you compile from source you should be able to use mod_perl,
mod_php and whatever else with Apache+mod_ssl without problems.
Ralf S. Engelschall
. Because usually the
symbol palloc is no longer used inside Apache (it's ap_palloc since 1.3). But
PHP3 seems to use the compat stuff, so this conflict occurs..
Ralf S. Engelschall
[EMAIL PROTECTED
On Tue, Mar 02, 1999, Ralf S. Engelschall wrote:
On Tue, Mar 02, 1999, Sander Steffann wrote:
Same problem here on Linux. https is also down after a graceful restart.
Sander.
mod_ssl/2.2.3 failed to restart(kill -HUP).
After restarting, http is OK, but https is down.
OS
x86_gcc_opts:$x86_elf_asm",
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.co
HTTPS after a restart is fixed.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
O3 -m486
-Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
Thanks for the hint. Which library is better, in your opinion - SSLeay
or OpenSSL?
Just kidding, yeah? OpenSSL, of course ;-)
Ralf S. Engelschall
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw
details for me?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
"make certificate" command.
Then you're not using a Bourne-Shell like shell. Instead I guess you're using
a C-Shell like shell. Then either use
$ env SSL_BASE=../SSLeay-0.9.0b ./configure ... --enable-module=ssl
or
$ setenv SSL_BASE ../SSLeay-0.9.0b
$ ./configure ... --enable-module=ssl
ingredients of a certificate via
environment variables SSL_. What ingredients are you missing?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.2.4 (21-Feb-1999 to 04-Mar-1999)
*) Add important note to INSTALL/INSTALL.Win32 that all
is trivial... So, what´s the
reasons? Perhaps it´s actually interesting to support DER in mod_ssl
in general?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
we
When it will be released? Is a pre-snapshot version for testing
aviable? Maybe I should take a look, since I'll have some time...
It's proposed for March 15th, 1999.
Ralf S. Engelschall
[EMAIL
native cc.
(BTW: The 0.9.2 snapshot made a compiler error here, but I don't have
time to check it today)
Then at least send us the error message, please.
Ralf S. Engelschall
[EMAIL PROTECTED
er. So, what
exactly do you understand under "DER Base64"? Do you want plain DER or really
DER+Base64?
Ralf S. Engelschall
[EMAIL PROTECTED]
they are in PEM format while for the
browsers you usually need DER format or at least have to load via PKCS#12 or
as DER with correct MIME types. Look inside the mod_ssl for a few hints about
client certificates.
Ralf S. Engelschall
On Fri, Mar 05, 1999, [EMAIL PROTECTED] wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] writes:
[snip]
Ok, sounds like a reasonable suggestion. But do you want DER+Base64 or just
plain DER? Because DER is a binary format while DER+Base64 is the binary plus
Base64 transform
On Fri, Mar 05, 1999, Mario Fabiano wrote:
Ralf S. Engelschall wrote:
This week I was very busy with hacking on mod_ssl. The result is now
available: mod_ssl 2.2.4. Beside a lot of small changes at all edges for
preparing the final transition from SSLeay to OpenSSL this version fixes
On Fri, Mar 05, 1999, [EMAIL PROTECTED] wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] writes:
[snip]
Ok, ok, when I understand you correctly, you want that mod_ssl can read any
combination Let's see what I can do.
Much appreciated! Though I don't think every combination i
, but it does it in the
Fixup handler which comes _after_ the auth handler. As a workaround you can
try to do your jobs inside another Fixup handler. Hmmm.. I'm not sure whether
I should move the stuff in mod_ssl from Fixup to Auth.
Ralf S. Engelschall
/tools'
[root@ny1 openssl-0.9.1c]#
I hate Netscape: It showed you 'pwd' although the INSTALL file reads `pwd`. So
I guess you entered -L'pwd'... instead of -L`pwd`... which leads to the above
problem. Please replace the ticks with the backticks.
Ralf S
an be used. Look
inside Stephen Hensons's PKCS#12 FAQ and related pages for details (there is
somewhere a table describing the nsCertType values). A pointer to the PKCS#12
stuff is inside mod_ssl's Related webarea.
Ralf S. E
in/apachectl hasn't
the startssl patched in?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to S
the root DN should be enough for Netscape,
isn't it? Have you really tested to configure all subordinate CAs inside
SSLCACertificate{File,Path} and discovered that only the root CA's DN is sent?
Ralf S. Engelschall
[EMAIL
ache. So when the module loads fine, it usually works fine, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
the file
is present. It can be "ignored" yes, but then with and without
SSLCACertificateFile: when your hash symlinks are incorrect (as it was the
case for my friend yesterday). Has anybody else a hint?
Ralf S. E
need it.
Anything else should be not affected by the order of mod_ssl and mod_perl.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
PROTECTED]/sw/mod_ssl/
Thanks.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
he
already running ssl_gcache program serves ok, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
On Tue, Oct 06, 1998, Philip Gwyn wrote:
On 06-Oct-98 Ralf S. Engelschall wrote:
Today I've spent the whole afternoon to create a special service
for you which is a little bit unusual. But because I think it
serves the needs of the mod_ssl user community I've established
it - treat
of the installed access.conf file. There is an "AllowOverride
None" for the DocumentRoot. You usually have to make it less restrictive to
let your .htaccess files being parsed. But it has nothing to do with neither
mod_ssl nor mod_perl nor mod_php, of course.
have a different installation ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod
by the official
Debian masters. You can place it directly yourself into the new
http://www.engelschall.com/sw/mod_ssl/contrib/ area for distribution if you
want. RPMs are already available from there and a FreeBSD port exists, too.
Ralf S. Engelschall
/to/my.key
SSLCertificateFile/path/to/my.cert
SSLOptions+FakeBasicAuth
SSLVerifyDepth10
SSLVerifyClient none
SSLLog/path/to/ssl_cipher_log
/VirtualHost
Ralf S. Engelschall
t why is that Port... needed? Are you sure thats needed?
[...]
Port? Oh, I've overlooked it. You're right, port is usually not needed in such
a section. Thanks for pointing this out.
Ralf S. Engelschall
[EMAIL PROT
be considered to be not really
belong to the SSL/TLS layer it will be never added to TLS, I think.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
a long thread about this topic.
Look inside the sw-mod-ssl mailing list archives for details.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
e available for your regular CGI scripts. Second
you say that with ColdFusions CGI handler everything works, so why do you want
that the Allaire people do anything when it already works?
Ralf S. Engelschall
really can use
it for a reasonable pass-phrase-delivery thing I cannot decide. At only
know that I currently don't know one. But because the hook exists feel
free to develop one.
Ralf S. Engelschall
On Wed, Mar 10, 1999, Marc Slemko wrote:
On Wed, 10 Mar 1999, Ralf S. Engelschall wrote:
On Wed, Mar 10, 1999, Steffen Dettmer wrote:
... somewhere in a core dump from httpd ...
That's why most Unix platforms do not create core files for daemon processes
running under
se we intended a lot in the Apache API but had to do it
finally different for various reasons.. ;-).
Ralf S. Engelschall
[EMAIL PROTECTED]
or
server.crt? I did everything according to mod_ssl manual.
BTW, the mod_ssl FAQ has some information how you can verify both whether the
cert/key is ok on it's own and match each other.
Ralf S. Engelschall
[EMAIL
, THE URLS ARE GIVEN JUST FOUR LINES AWAY FROM THE LINE
YOU'RE EDITING! Hmmm... I'm really wondering why I always write down such a
lot of details when people don't read it...
So, please walk to the given URLs, fetch the tools, install it somewhere and
edit the variables to reflec
ey between client and server in this case?!) and
no null-digest.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
sl mailing list archives. AFAIK it has to do with some hashing or
lookup algorithms inside SSLeay/OpenSSL where the two DNs values override each
other.
Ralf S. Engelschall
[EMAIL
most peoples (like me :-) will real all this, will use info and
will NOT write to the list. Few peoples will not read and will write to the
list. The end result will look like noone ever try to read something :-))
Yeah, obviously you're right...
Ralf S. Engelsc
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official
phers, too?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
don't fully understand
the combination of automation and monitoring in your question. Feel free to
complain and ask again in more detail...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
... thanks for the hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLea
On Wed, Mar 17, 1999, Ralf S. Engelschall wrote:
On Wed, Mar 17, 1999, Mats Josefsson wrote:
Maybe this info can help in finding a solution to the POST and/or Apache
hang problem.
We are using a Java based client doing POSTs to a Apache/mod_ssl/Jserv
server. The client uses bothe
e cert/key files is just for convinience reasons. You can always
just say "make install" without a previous "make certificate", but then you've
to copy your real cert/keys over the server.crt/server.key files in the
installation tree manually
in the meantime.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
-- forwarded message --
OpenSSL and SSLeay Security Alert
-
It was recently
to 2.2.5. Because the chance is high that this was
implicitly solved by the changes since 2.1b8.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
hole SGC
stuff isn't complicated in general on the server-side, it's just a matter of
client forced renegotiations which the server has to accept at any stage to
support SGC.
Ralf S. Engelschall
h confused something. At least you can be sure that both Apache,
mod_ssl and OpenSSL all work fine under FreeBSD 3.1, because that's the
platform I use myself for development...
Ralf S. Engelschall
ombinations
possibleI'll investigate when I find time.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
/mod_ssl/ (read/write
access). an update version of Apache (Win32) with mod_ssl/mod_ssl/2.2.5
?
Perhaps one of the Win32 users can put a binary there. I cannot do it,
because my Win32 box is still totally messed up.
Ralf S. Engelschall
On Fri, Mar 19, 1999, [EMAIL PROTECTED] wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] writes:
*) The SSLCertificateFile and SSLCertificateKeyFile directives now can read
PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER
format certificate a
owser isn't broken.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.co
...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support
...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl
problems. So, it's now your turn. Connect from your favorite client platform
with your esoteric clients and hopefully let us find out something...
Ralf S. Engelschall
[EMAIL PROTECTED
On Thu, Mar 25, 1999, John Hamlik wrote:
Is this a standard config?? static or module??
All static and compiled with debugging symbols
for easier debugging in case of a code dump.
Ralf S. Engelschall
[EMAIL
in the apache.conf file.
That's all. Nothing special. Even the box is a PII/333 where
I've done a standard FreeBSD 3.1 installation a few weeks ago.
Ralf S. Engelschall
[EMAIL PROTECTED]
happens? An I/O error? Or is just because the server certificate is
a dummy one which uses the SnakeOil CA your MSIE3.02 doesn't know?
Ralf S. Engelschall
[EMAIL PROTECTED
rds: Still no
hangs or real I/O errors?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
", so the regex has to be ".*MSIE.*" and not
"^MSIE.*". Fixed on en4.engelschall.com. Please try again.
Ralf S. Engelschall
[EMAIL PROTECTED]
BrowserMatch "MSIE" ssl-unclean-shutdown
And it works fine.
Yeah, sorry. This was my fault. I've overlooked the fact that MSIE announces
itself as Mozilla. It's now already fixed for 2.2.7 where the SetEnvIf is
enabled per default.
...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl
es a great job! Thank you.
Fine, thanks. And I've to thank you all for discovering the MSIE bug and
helping me in finding a final work-around, of course.
Ralf S. Engelschall
[EMAIL
1 - 100 of 1055 matches
Mail list logo
