Hi there. I have recently been desperately wanting to switch from my old
stronghold installation to a recent and more flexible apache + mod_ssl +
php + more configuration. After about 50 compiles refining my complete
build process, I've hit the following snag.
Using the certificates n' stuff from the stronghold server, I get the
following in netscape (windows and linux):
"An I/O error occurred during security authorization.
Please try your connection again"
This same page seems to load just fine on Internet Explorer. I've
searched through the list archive and it seems that on older versions,
this problem has been identified. In fact, a workaround of making sure to
"GET" all form data into the server has been offered to others and seems
to work.
Unfortunately on my production server, it's not feasible for me to change
my cgi binaries and html to make sure they all use GET instead of POST.
Therefore, I was wondering if there is any active development on a fix for
this, and when if possible it'd see daylight.
My current options to apache WRT mod_ssl are:
--enable-module=ssl --enable-shared=ssl --disable-rule=SSL_COMPAT
--enable-rule=SSL_SDBM --enable-rule=SSL_VENDOR
This was one test. removing "--disable-rule=SSL_COMPAT" and adding
"--enable-rule=SSL_EXPERIMENTAL" didn't help any, it achieved the same
results.
This is Apache 1.3.6, mod_ssl-2.3.11, mod_auth_mysql-2.20, mod_dav-0.9.8,
php-3.0.12. The following are results from 1 connection to the server. The
times don't match because I individually watched each file as I made the
connection.
ssl-engine_log: 1 connection:
[10/Aug/1999 16:15:43] [info] Connection to child 5 established (server
www.blah.com:8443)
[10/Aug/1999 16:15:43] [info] Connection: Client IP: 204.235.100.69, Protocol: SSLv3,
Cipher: EXP-RC4-MD5 (40/128 bits)
[10/Aug/1999 16:15:44] [info] Initial (No.1) HTTPS request received for child 5
(server www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection to child 5 closed with standard shutdown
(server www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection to child 8 established (server
www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection to child 9 established (server
www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection to child 2 established (server
www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection to child 4 established (server
www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection: Client IP: 204.235.100.69, Protocol: SSLv3,
Cipher: EXP-RC4-MD5 (40/128 bits)
[10/Aug/1999 16:15:44] [info] Initial (No.1) HTTPS request received for child 9
(server www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection: Client IP: 204.235.100.69, Protocol: SSLv3,
Cipher: EXP-RC4-MD5 (40/128 bits)
[10/Aug/1999 16:15:44] [info] Initial (No.1) HTTPS request received for child 8
(server www.blah.com:8443)
[10/Aug/1999 16:15:44] [info] Connection to child 8 closed with standard shutdown
(server www.blah.com:8443)
[10/Aug/1999 16:15:45] [info] Connection: Client IP: 204.235.100.69, Protocol: SSLv3,
Cipher: EXP-RC4-MD5 (40/128 bits)
[10/Aug/1999 16:15:45] [info] Initial (No.1) HTTPS request received for child 2
(server www.blah.com:8443)
[10/Aug/1999 16:15:45] [info] Connection: Client IP: 204.235.100.69, Protocol: SSLv3,
Cipher: EXP-RC4-MD5 (40/128 bits)
[10/Aug/1999 16:15:45] [info] Initial (No.1) HTTPS request received for child 4
(server www.blah.com:8443)
[10/Aug/1999 16:15:45] [info] Connection to child 2 closed with standard shutdown
(server www.blah.com:8443)
[10/Aug/1999 16:15:45] [info] Connection to child 4 closed with standard shutdown
(server www.blah.com:8443)
[10/Aug/1999 16:16:00] [info] Connection to child 9 closed with standard shutdown
(server www.blah.com:8443)
www.blah.com-ssl_request_log: 1 connection
[10/Aug/1999:16:17:36 -0400] myhost.com SSLv3 EXP-RC4-MD5 "POST
/cgi-bin/castle.cart.cgi? HTTP/1.0" 6701
[10/Aug/1999:16:17:36 -0400] myhost.com SSLv3 EXP-RC4-MD5 "GET
/castleshop/cartgraphics/spacer.gif HTTP/1.0" 964
[10/Aug/1999:16:17:36 -0400] myhost.com SSLv3 EXP-RC4-MD5 "GET
/castleshop/graphics/stone.bk.gif HTTP/1.0" 7857
[10/Aug/1999:16:17:36 -0400] myhost.com SSLv3 EXP-RC4-MD5 "GET
/castleshop/graphics/castleshop.sm.gif HTTP/1.0" 8507
[10/Aug/1999:16:17:36 -0400] myhost.com SSLv3 EXP-RC4-MD5 "GET
/castleshop/cartgraphics/spacer.gif HTTP/1.0" 964
sslhttpd_log: 1 connection
myhost.com - - [10/Aug/1999:16:21:04 -0400] "POST /cgi-bin/castle.cart.cgi? HTTP/1.0"
200 6701 "https://www.blah.com:8443/castleshop/castlesposters.html?" "Mozilla/4.6 [en]
(X11; I; Linux 2.2.10 i686)"
myhost.com - - [10/Aug/1999:16:21:04 -0400] "GET
/castleshop/graphics/castleshop.sm.gif HTTP/1.0" 200 8507
"https://www.blah.com:8443/cgi-bin/castle.cart.cgi?" "Mozilla/4.6 [en] (X11; I; Linux
2.2.10 i686)"
myhost.com - - [10/Aug/1999:16:21:05 -0400] "GET /castleshop/cartgraphics/spacer.gif
HTTP/1.0" 200 967 "https://www.blah.com:8443/cgi-bin/castle.cart.cgi?" "Mozilla/4.6
[en] (X11; I; Linux 2.2.10 i686)"
myhost.com - - [10/Aug/1999:16:21:05 -0400] "GET /castleshop/graphics/stone.bk.gif
HTTP/1.0" 200 7857 "https://www.blah.com:8443/cgi-bin/castle.cart.cgi?" "Mozilla/4.6
[en] (X11; I; Linux 2.2.10 i686)"
myhost.com - - [10/Aug/1999:16:21:05 -0400] "GET /castleshop/cartgraphics/spacer.gif
HTTP/1.0" 200 964 "https://www.blah.com:8443/cgi-bin/castle.cart.cgi?" "Mozilla/4.6
[en] (X11; I; Linux 2.2.10 i686)"
Any help regarding this would be greatly appreciated. I'm looking at the
possibility of running all the standard http requests using my new
configuration and leaving stronghold to handle the https requests, but I'd
rather not. Thanx.
-peace
--
Kendrick Vargas
Systems Administrator
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
