CA Path and File
Hi all, Have anyone defined both SSLCACertificatePath and SSLCACertificateFile in config file? I enabled the 'ca-bundle.crt' via SSLCACertificateFile for well-known CA and others self-signed CAs in SSLCACertificatePath. And I found that the certs in directory SSLCACertificatePath are totally ignored. After then, I comment out SSLCACertificateFile and everything works like a charm. Could SSLCACertificatePath and SSLCACertificateFile use altogether? Or is it a bug in mod-sw-ssl, or SSLeay instead? Rgds, === Lai Yiu Fai | Tel.: (852) 2358-6202 Centre of Computing Services | Fax.: (852) 2358-2737 Telecommunications | E-mail: [EMAIL PROTECTED] | The Hong Kong University of | Clear Water Bay, Science Technology | Kowloon, Hong Kong. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CA Path and File
On Tue, Sep 22, 1998, Lai Yiu Fai wrote: Have anyone defined both SSLCACertificatePath and SSLCACertificateFile in config file? I enabled the 'ca-bundle.crt' via SSLCACertificateFile for well-known CA and others self-signed CAs in SSLCACertificatePath. And I found that the certs in directory SSLCACertificatePath are totally ignored. After then, I comment out SSLCACertificateFile and everything works like a charm. Could SSLCACertificatePath and SSLCACertificateFile use altogether? Or is it a bug in mod-sw-ssl, or SSLeay instead? H... just yesterday evening a friend sent me some SSLeay debugging stuff which shows that SSLeay _always_ checks the SSLCACertificatePath dir first and only then the SSLCACertificateFile stuff. So it's interesting that it's ignoring your dir when SSLCACertificateFile is present. Actually when this is a bug it doesn't look like it's inside mod_ssl. Because both things (the dir and the file) are configured at the same time with the SSLeay function (SSL_CTX_load_verify_locations, see around line 710 in mod_ssl.c) and mod_ssl itself doesn't do anything else with them. So, I've currently no clue why the path stuff is ignored _only_ when the file is present. It can be "ignored" yes, but then with and without SSLCACertificateFile: when your hash symlinks are incorrect (as it was the case for my friend yesterday). Has anybody else a hint? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: apache crashes with mod_ssl
On Mon, Sep 14, 1998, Roman Maeder wrote: [...] Thank you! For get all my drivel about problems with the config file. My (old) config file did not have AddModule mod_ssl.c and I didn't bother to diff my old one against the new default one. Is there no better way to handle the situation where a statically linked module is not mentioned in AddModule? No, only when you use APACI it automatically generated the necessary AddModule commands for you inside httpd.conf.default. What I do on my webservers is to grep out the AddModule commands from there and include it into my httpd.conf files. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]