It is just Apache & PHP & mod_authzldap that are self-built (i.e. compiled).
The rest of the system is a vanilla RedHat 7.3.
-JP
On Tue, 17 Dec 2002, [EMAIL PROTECTED] wrote:
> I've just re-read the original posters message, and it is possible that when
> they say the system is "self-built" that they built an older version of
> openssl. However, given what I've already said that is unlikely.
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
>
> "I know it sounds cocky, but I honestly believe that one day there'll be a
> telephone in every Town in America" - Alexander Graham Bell
>
>
> > -----Original Message-----
> > From: Boyle Owen [mailto:[EMAIL PROTECTED]]
> > Sent: 17 December 2002 15:19
> > To: [EMAIL PROTECTED]
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > Your openSSL libs are a bit old - there have been many important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: [EMAIL PROTECTED]
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > ><Directory /var/www/html/ca>
> > > Options Indexes FollowSymLinks ExecCGI
> > > DirectoryIndex index.php index.cgi
> > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > > SSLRequireSSL
> > > SSLVerifyClient require
> > > SSLVerifyDepth 4
> > > SSLRequire ( \
> > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > > AuthzLDAPEngine on
> > > AuthzLDAPAuthoritative on
> > > AuthzLDAPServer localhost:389
> > > AuthzLDAPBindDN
> > "cn=manager,dc=mydomain,dc=com"
> > > AuthzLDAPBindPassword "terriblysecret"
> > > AuthzLDAPUseCertificate on
> > > AuthzLDAPSetAuthorization on
> > > AuthzLDAPUseSerial on
> > > AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > AuthzLDAPMapScope subtree
> > > AuthzLDAPLogLevel warn
> > > AuthzLDAPCacheConnection off
> > > AuthzLDAPCacheSize 0
> > > AuthName AuthzLDAP
> > > AuthType Basic
> > ></Directory>
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > > require user "CN=Jan-Piet [EMAIL PROTECTED]"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > > hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > > 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet
> > Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > > -JP
> > >
> > >_____________________________________________________________
> > _________
> > >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
