Hi Pierre, I am a bit surprised because what you are describing (called Server Name Indication (SNI) btw) should work perfectly fine with mod_ssl, provided that: Use OpenSSL 0.9.8f or later Build OpenSSL with the TLS Extensions option enabled (option enable-tlsext; OpenSSL 0.9.8k and later has this enabled by default). Apache must have been built with that OpenSSL (./configure --with-ssl=/path/to/your/openssl). In that case, mod_ssl will automatically detect the availability of the TLS extensions and support SNI. Apache must use that OpenSSL at run-time, which might require setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL, maybe in bin/envvars. (You'll get unresolved symbol errors at Apache startup if Apache was built with SNI but isn't finding the right openssl libraries at run-time.) (see http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI)
An additional requirement is servers and clients can handle at least TLS 1.1 (SSL 3.0 will not suffice, and SSL 2.0 support should be deactivated anyway), which is the case with all modern web browsers and Apache with mod_ssl which fulfill above criteria. Is it possible that you are using CentOS 5 or a similarly old distro (even Debian Squeeze supports SNI)? Could it be that TLS support was disabled in the Apache configuration? Anyway, mod_gnutls should not be required to make SNI work with Apache. About Rigzen Oliver Latshang's error: >> SSL23_GET_SERVER_HELLO:unknown protocol (error code: 35) This usually means that the server is not speaking SSL/TLS on port 443 (usually because it responds with plain HTTP). Did you ask Apache to listen to port 443 without enabling mod_ssl? The most basic check here is to check with openssl s_client -connect mycloud.com:443. Add -servername mycloud.com to specify the vhost in an SNI setup. Cheers, Daniel Am 23.03.2013 um 20:25 schrieb Pierre Malard: > Hi, > > I have the solution... but it's not really a good one for us. > > Explanation: > On our sites we have a lot of virtual hosts (Apache2) and their is a problem > to have multiples SSL certificate to them. So, the solution we had choose is > to replace mod_ssl by mod_gnutls which can refer to differents certificates > on one Apache server. > > OC can't (don't know how?) use GnuTLS system. So, I declare mod_ssl specialy > for OC on our server. But, for the others apache virtual hosts, GnuTLS were > conserved. This was the mistake! > > So, I create a new Apache server specialy to OC with just our OC servers in > differents virtual hosts (4.5.7 for production one and 5.0 to test). As these > servers are on the same domain name, I can use a wilcard SSL certifictate > (*.MyDomain) and no GnuTLS reference. > > As is, OC5 accept WebDAV and I don't have any error. > > I don't know if it's really a bug but I have open an issue on OC GitHUB > service. > > Cheers > > Le 21 mars 2013 à 08:53, Rigzen Oliver Latshang > <[email protected]> a écrit : >> it looks like Sabre DAV the "PHP Webdav Server" is having issues >> connecting to your domain with ssl: >> >> [CURL] Error while making request: error:140770FC:SSL >> routines:SSL23_GET_SERVER_HELLO:unknown protocol (error code: 35) >> >> >> You may have to check that your webserver can access your domain with >> "php curl". Maybe your webserver can't resolve your domain locally. >> >> On 21.03.2013 08:37, Thomas Müller wrote: >>> please open a bug report on github: >>> http://github.com/owncloud/core >>> >>> Am Donnerstag, dem 21.03.2013 um 1:01 schrieb Pierre Malard: >>>> I have just update our owncloud server which run on Debian. So, now, we >>>> have and OC 5.0 server. >>>> >>>> After the hard way to modify "config/config.php" file and suppress >>>> "maintenance" line, everything seems to work but I have an error about my >>>> webdav configuration on admin tag: >>>> Setup Warning >>>> Your web server is not yet properly setup to allow files >>>> synchronization >>>> because the WebDAV interface seems to be broken. >>>> Please double check the installation guides. >>>> >>>> I'm follow the link "installationn guide". The only indication about >>>> Debian installation/update is: >>>> "Go to the linux package sources page and execute the steps as >>>> described >>>> there for your distribution." >>>> >>>> and the fabulous "steps" are: >>>> "echo 'deb >>>> http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_6.0/ >>>> /' >> /etc/apt/sources.list.d/owncloud.list >>>> apt-get update >>>> apt-get install owncloud" >>>> >>>> >>>> If I read the general informations about "manual installation", I read: >>>> "You don’t need any WebDAV support of your webserver (i.e. apache’s >>>> mod_webdav) to access your ownCloud data via WebDAV, ownCloud has a WebDAV >>>> server built in. In fact, you should make sure that any built-in WebDAV >>>> module of your webserver is disabled (at least for the ownCloud >>>> directory), as it can interfere with ownCloud’s built-in WebDAV support." >>>> It was the same thing with OC 4 and I never had this message... >>>> >>>> In my "data/owncloud.log", I have this: >>>> "{"app":"core","message":"isWebDAVWorking: NO - Reason: exception >>>> 'Sabre_DAV_Exception' with message '[CURL] Error while making request: >>>> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (error >>>> code: 35)' in >>>> \/var\/www\/owncloud\/3rdparty\/Sabre\/DAV\/Client.php:410\nStack >>>> trace:\n#0 \/var\/www\/owncloud\/3rdparty\/Sabre\/DAV\/Client.php(179): >>>> Sabre_DAV_Client->request('PROPFIND', '', '<?xml version=\"...', >>>> Array)\n#1 \/var\/www\/owncloud\/lib\/util.php(590): >>>> Sabre_DAV_Client->propFind('', Array)\n#2 >>>> \/var\/www\/owncloud\/settings\/admin.php(34): >>>> OC_Util::isWebDAVWorking()\n#3 \/var\/www\/owncloud\/lib\/route.php(113) : >>>> runtime-created function(1): require_once('\/var\/www\/ownclo...')\n#4 >>>> [internal function]: __lambda_func(Array)\n#5 >>>> \/var\/www\/owncloud\/lib\/router.php(127): call_user_func('?lambda_8', >>>> Array)\n#6 \/var\/www\/owncloud\/lib\/base.php(606): >>>> OC_Router->match('\/settings\/admin')\n#7 >>>> \/var\/www\/owncloud\/index.php(28): OC::handleRequest()\n#8 >>>> {main}","level":2,"time":1363823944}" > > ---- > Pierre Malard > > « Si l'on veut croire en l'humanité, > il faut voir et comprendre l'inhumanité » > > |\ _,,,---,,_ > /,`.-'`' -. ;-;;,_ > |,4- ) )-,_. ,\ ( `'-' > '---''(_/--' `-'\_) > > perl -e '$_=q#: 3|\ 5-,3-3,2-: 3/,`.'"'"'`'"'"' 5-. ;-;;,-: |,A- ) )-,_. > ,\ ( `'"'"'-'"'"': '"'"'-3'"'"'2(-/--'"'"' `-'"'"'\-): > 22PLM::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' > - --> Ce message n’engage que son auteur <-- > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud -- www.owncloud.com - Your Data, Your Cloud, Your Way! ownCloud GmbH, GF: Markus Rex, Holger Dyroff Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
PGP.sig
Description: Signierter Teil der Nachricht
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
