Full_Name: Bernard L du Breuil Version: 2.8 OS: Solaris 8 Submission from: (NULL) (192.48.242.3)
This is the version that is coming packaged with Apache 2.0.35. My server would start but then not work when the user tried to connect. I went so far as to translate the error codes SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 which seems to mean that it had trouble setting the session id context because it was too long. I noticed from the other apache/mod_ssl error messages below that ServerName seemed to be the source of the problem. I experimented by shortening ServerName and sure enough the server started working but with other error messages about the certificate not matching ServerName. I must confess that there was this bug report 300 from 1999 that clued me in. http://www.modssl.org/support/bugdb/index.cgi/open?id=330;expression=context;user=guest It looked kind of like the problem was being fixed in version 2.4 but it doesn't seem to be fixed in 2.8. Please tell me what the status is on this 'feature'? Do I need to shorten my server names to use mod_ssl? Can I/Should I build openssl with a bigger limit? Can I tell mod_ssl to ignore part of the servername when it sets the context since every Virtual Host I set up ends with usace.army.mil? Is there a patch to mod_ssl for this problem? Thanks! Bernie Apache ssl engine log: [17/Apr/2002 13:22:56 09045] [info] Init: Initializing OpenSSL library [17/Apr/2002 13:22:56 09045] [info] Init: Seeding PRNG with 512 bytes of entropy [17/Apr/2002 13:22:56 09045] [info] Init: (microlith.crrel.usace.army.mil:444) Loading certificate & private key of SSL-aware server [17/Apr/2002 13:22:56 09045] [info] Init: Generating temporary RSA private keys (512/1024 bits) [17/Apr/2002 13:22:58 09045] [info] Init: Generating temporary DH parameters (512/1024 bits) [17/Apr/2002 13:22:58 09045] [info] Init: Initializing (virtual) servers for SSL [17/Apr/2002 13:22:58 09045] [info] Init: (microlith.crrel.usace.army.mil:444) Configuring server for SSL protocol [17/Apr/2002 13:22:58 09045] [info] Server: Apache/2.0.35, Interface: mod_ssl/2.0.35, Library: OpenSSL/0.9.6c [17/Apr/2002 13:22:58 09047] [info] Init: Initializing OpenSSL library [17/Apr/2002 13:22:58 09047] [info] Init: Seeding PRNG with 512 bytes of entropy [17/Apr/2002 13:22:58 09047] [info] Init: (microlith.crrel.usace.army.mil:444) Loading certificate & private key of SSL-aware server [17/Apr/2002 13:22:58 09047] [info] Init: Generating temporary RSA private keys (512/1024 bits) [17/Apr/2002 13:23:00 09047] [info] Init: Generating temporary DH parameters (512/1024 bits) [17/Apr/2002 13:23:00 09047] [info] Init: Initializing (virtual) servers for SSL [17/Apr/2002 13:23:01 09047] [info] Init: (microlith.crrel.usace.army.mil:444) Configuring server for SSL protocol [17/Apr/2002 13:23:01 09047] [info] Server: Apache/2.0.35, Interface: mod_ssl/2.0.35, Library: OpenSSL/0.9.6c [17/Apr/2002 13:23:03 09075] [info] Connection to child 0 established (server microlith.crrel.usace.army.mil:444, client 144.3.100.96) [17/Apr/2002 13:23:03 09075] [info] Seeding PRNG with 512 bytes of entropy [17/Apr/2002 13:23:03 09075] [error] Unable to set session id context to `microlith.crrel.usace.army.mil:444' (OpenSSL library error follo ws) [17/Apr/2002 13:23:03 09075] [error] OpenSSL: error:140DA111:lib(20):func(218):reason(273) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]