Full_Name: Bernard L du Breuil
Version: 2.8
OS: Solaris 8
Submission from: (NULL) (192.48.242.3)


This is the version that is coming packaged with Apache 2.0.35.

My server would start but then not work when the user tried to connect.  I went
so far as to translate the error codes 

SSL_F_SSL_SET_SESSION_ID_CONTEXT               218
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG          273

which seems to mean that it had trouble setting the session id context because
it was too long.  I noticed from the other apache/mod_ssl error messages below
that ServerName seemed to be the source of the problem.  I experimented by
shortening ServerName and sure enough the server started working but with other
error messages about the certificate not matching ServerName.

I must confess that there was this bug report 300 from 1999 that clued me in. 

http://www.modssl.org/support/bugdb/index.cgi/open?id=330;expression=context;user=guest

It looked kind of like the problem was being fixed in version 2.4 but it doesn't
seem to be fixed in 2.8.

Please tell me what the status is on this 'feature'?  Do I need to shorten my
server names to use mod_ssl?  Can I/Should I build openssl with a bigger limit? 
Can I tell mod_ssl to ignore part of the servername when it sets the context
since every Virtual Host I set up ends with usace.army.mil?  Is there a patch to
mod_ssl for this problem?

Thanks!
Bernie

Apache ssl engine log:


[17/Apr/2002 13:22:56 09045] [info]  Init: Initializing OpenSSL library
[17/Apr/2002 13:22:56 09045] [info]  Init: Seeding PRNG with 512 bytes of
entropy
[17/Apr/2002 13:22:56 09045] [info]  Init: (microlith.crrel.usace.army.mil:444)
Loading certificate & private key of SSL-aware server
[17/Apr/2002 13:22:56 09045] [info]  Init: Generating temporary RSA private keys
(512/1024 bits)
[17/Apr/2002 13:22:58 09045] [info]  Init: Generating temporary DH parameters
(512/1024 bits)
[17/Apr/2002 13:22:58 09045] [info]  Init: Initializing (virtual) servers for
SSL
[17/Apr/2002 13:22:58 09045] [info]  Init: (microlith.crrel.usace.army.mil:444)
Configuring server for SSL protocol
[17/Apr/2002 13:22:58 09045] [info]  Server: Apache/2.0.35, Interface:
mod_ssl/2.0.35, Library: OpenSSL/0.9.6c
[17/Apr/2002 13:22:58 09047] [info]  Init: Initializing OpenSSL library
[17/Apr/2002 13:22:58 09047] [info]  Init: Seeding PRNG with 512 bytes of
entropy
[17/Apr/2002 13:22:58 09047] [info]  Init: (microlith.crrel.usace.army.mil:444)
Loading certificate & private key of SSL-aware server
[17/Apr/2002 13:22:58 09047] [info]  Init: Generating temporary RSA private keys
(512/1024 bits)
[17/Apr/2002 13:23:00 09047] [info]  Init: Generating temporary DH parameters
(512/1024 bits)
[17/Apr/2002 13:23:00 09047] [info]  Init: Initializing (virtual) servers for
SSL
[17/Apr/2002 13:23:01 09047] [info]  Init: (microlith.crrel.usace.army.mil:444)
Configuring server for SSL protocol
[17/Apr/2002 13:23:01 09047] [info]  Server: Apache/2.0.35, Interface:
mod_ssl/2.0.35, Library: OpenSSL/0.9.6c
[17/Apr/2002 13:23:03 09075] [info]  Connection to child 0 established (server
microlith.crrel.usace.army.mil:444, client 144.3.100.96)
[17/Apr/2002 13:23:03 09075] [info]  Seeding PRNG with 512 bytes of entropy
[17/Apr/2002 13:23:03 09075] [error] Unable to set session id context to
`microlith.crrel.usace.army.mil:444' (OpenSSL library error follo
ws)
[17/Apr/2002 13:23:03 09075] [error] OpenSSL:
error:140DA111:lib(20):func(218):reason(273)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to