I just installed the newest version of openssl and recompiled mm, mod_ssl, mod_perl, and apache. Now when I start apache I get an error from my httpd.conf file about the SSLSessionCache option. The error is:
SSLSessionCache: shared memory cache not useable on this platform Well, it was with openssl 0.9.6c. I didn't do anything different in my installation steps which were: install openssl configure mm with disable-shared make configure mod_ssl --with-apache=../apache_1.3.26 install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1) set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1 configure and install apache: ./configure --enable-module=proxy --enable-module=so --activate-module=src/modules/perl/libperl.a --enable-module=perl --enable-rule=SHARED_CORE --enable-module=ssl make make certificate make install Without the shared option in the config file, apache starts just fine, but it won't work with: SSLSessionCache shm:/usr/local/apache/logs/ssl/ssl_scache(512000) It worked before. What did I break? Dave Lowenstein Programmer/Analyst Instructional Technology Services San Diego State University (619)594-0270 http://www-rohan.sdsu.edu/dept/its On Wed, 31 Jul 2002, Matt Nelson wrote: > At 06:02 PM 7/31/2002 +0200, you wrote: > >See comments, > > Ditto, > > >Rgds, > > > >Owen Boyle > > > > >-----Original Message----- > > >From: Matt Nelson [mailto:[EMAIL PROTECTED]] > > >Sent: Mittwoch, 31. Juli 2002 17:01 > > >To: [EMAIL PROTECTED] > > >Subject: RE: Error message help > > > > > > > > >Well I may have figured this out, https is now running, cert > > >was in the wrong place, > > > >..or your SSLCertificateFile directive was pointing to the wrong place :-) > > Yup, but dang I was confused on where it went. Everything I've read said > put it somewhere different. Error logs are you friends. > > > > > ...but https returns the default web page for the apache > > >installation, instead of the real site, which does come up with just > > >http. I think I can figure that out, but if anyone has pointer > > >thanks, and thanks for suffering my dumb questions. > > > >Check out your DocumentRoot directive in the SSL virtual host - there > >should only be one. If there is more than one, apache will use the last > >one... It is this directive which tells apache where to fetch the content. > > Yeah I found that right after I wrote that. > > > > > > >-- > > >Matt > > > > > > > > >At 09:36 AM 7/31/2002 -0500, you wrote: > > >>At 03:56 PM 7/31/2002 +0200, you wrote: > > >>> >From: Matt Nelson [mailto:[EMAIL PROTECTED]] > > >>> > > > >>> >Now, the error I'm getting now that I can't seem to find any > > >>> >help on, in > > >>> >the error_log is: > > >>> > > > >>> >OpenSSL: error:0D06B078:asn1 encoding > > >routines:ASN1_get_object:header > > >>> too long > > >>> > > > >>> > > >>>Unusual.. Do you see anything in the browser? Also: > > >>> > > >>>- What versions of apache, mod_ssl, openssl? > > >> > > >> > > >>Apache 1.3.22 > > >>OpenSSL 0.9.6 > > >>mod_ssl 1.4 > > > >Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl > >2.8.10. That's teh latest mix, also pay attention to the security advisory > >that was posted to the list today. > > I'll do that. > > > > >> > > >>>- Static or DSO? > > > >When you compiled apache, did you statically compile in mod_ssl (i.e. > >--enable-module=ssl) so that the mod_ssl binary gets munged in with the > >apache binary to produce a big binary *or* did you compile mod_ssl as a > >shared object which would be loaded dynamically at runtime (DSO = Dynamic > >Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much > >difference when they're working, but since yours was not working, I > >thought I'd ask. > > I didn't compile, I used everything stock from the Caldera 3.11 server > install. A bad idea now I know, if I'd done it on my own or recompiled, I'd > know which it was, among other things. > > > >> > > >> > > >>I'll be honest and say I don't quite understand that > > >question. I'm way > > >>more new at this what I wished. I could probably answer that > > >question, if > > >>asked in different terms. > > >> > > >>>- What browser? > > >> > > >>IE, Mozilla, you name it. > > > >Just in case it was a funny browser - SSL is as much to do with the client > >as it is to do with the server so it is essential to verify any problems > >with several browsers. But you've already done that. > > Yeah... See I do try, I hate being a clueless newbie, or at least acting > like one. I always try to cover the bases myself, so I don't get RTFM > responses. I'm sure I'll have some other questions, though, and soon. > > Thanks much > > -- > Matt > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
