Re: mod_ssl 2.0.x --> 2.1.0

Fri, 20 Nov 1998 11:52:05 -0500 

On Thu, Nov 19, 1998 at 01:03:37PM -0600, Jake Buchholz wrote:
> Also, there appears to be a problem finding the server's certificate
> file in the second startup round:
> 
> [19/Nov/1998 12:47:56] [info]  Init: 2nd startup round (already detached)
> [19/Nov/1998 12:47:56] [info]  Init: Initializing SSLeay library
> [19/Nov/1998 12:47:56] [info]  Init: Generating temporary (512 bit) RSA private key
> [19/Nov/1998 12:47:56] [info]  Init: Initializing (virtual) servers for SSL
> [19/Nov/1998 12:47:56] [info]  Init: Configuring server server.domain.com:0 for SSL 
>protocol
> [19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Creating new SSL context
> [19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Configuring permitted 
>SSL ciphers
> [19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Configuring client 
>verification locations
> [19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Reading server CA 
>certification file
> [19/Nov/1998 12:47:56] [debug] Init: (server.domain.com:443) Configuring server 
>certificate
> [19/Nov/1998 12:47:56] [error] Init: (server.domain.com:443) Ops, can't find server 
>certificate?!

Just had a thought...  If the server's certificate isn't properly signed
by a CA (either by a real CA or a CA certificate that we make), would this
possibly be the cause?  I took a look at Ralf's mkcert.sh script, and the
self-signed server cert that I've been using with mod_ssl 2.0.x wasn't
done that way.  I suppose I'll find out soon enough...

> open("/usr/local/apache/etc/ssl.crt/ca-bundle.crt", O_RDONLY) = 3
> open("/usr/local/apache/etc/ssl.crt/ca-bundle.crt", O_RDONLY) = 3
> open("/usr/local/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/local/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/local/apache/etc/ssl.crt/ca-bundle.crt", O_RDONLY) = 3

SSL_BASE is /usr/local/ssl, btw.  Maybe SSLeay was falling back to a
default?

-- 
Jake Buchholz                                 http://www.execpc.com/~jake
ExecPC Senior Systems Administrator                       [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to