On Wed, Oct 23, 2002 at 11:15:19AM +0200, Ralf S. Engelschall wrote:
> Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
> maintainance version mod_ssl 2.8.12 is available for use with Apache
> 1.3.27.
Thanks!
...but the snakeoil certificates are still expired:
% openssl x509 -noout -text < mod_ssl-2.8.12-1.3.27/pkg.sslcfg/snakeoil-ca-rsa.crt
...
Validity
Not Before: Oct 21 18:21:46 1999 GMT
Not After : Oct 20 18:21:46 2001 GMT
% openssl x509 -noout -text < mod_ssl-2.8.12-1.3.27/pkg.sslcfg/snakeoil-rsa.crt
...
Validity
Not Before: Oct 21 18:21:51 1999 GMT
Not After : Oct 20 18:21:51 2001 GMT
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
