Re: Upgrading to next version of Apache

1999-12-21 Thread R. DuFresne 

On Tue, 21 Dec 1999 [EMAIL PROTECTED] wrote:

> When the next version of Apache is released, can you just upgrade 
> the Apache or will mod_ssl and/or openssl need to be reinstalled to 
> retain SSL  ?  
> 
> /thinkahead-mode  
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 

You sould beable to just drop the new apache source into place, and
recompile it with the proper params like you did before.  This is easiest
if you retain the source for mod_ssl and openssl under some apache
specific src/ tree, if ya dig what I'm saying;  you already built
the other two, yer just going to rebuild apache with their inclusion.


Thanks,


Ron DuFresne
-- 
~~
admin & senior consultant:  darkstar.sysinfo.com
  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apachectl startssl prompting

1999-12-21 Thread Cliff Woolley 

>>> <[EMAIL PROTECTED]> 12/21/99 02:24PM >>>
>I need a quick tip how to get apachectl to startssl *without*
prompting for
>the passwd (since the machine will be unattended). Is there a simple
way to
>do this?

Please read the FAQ: http://www.modssl.org/docs/2.4/ssl_faq.html#ToC29


Thanks,
Cliff

Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/

Work: (540) 463-8089
Pager: (540) 462-2303
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: start works, startssl doesn't

1999-12-21 Thread Blair Lowe 

Hi,

I just went through the same grief:

Look in your ssl_error_log file (/var/log/apache_error_log), and see 
what it says.

Check any other log files as well.

Blair.


>No matter what I try, I can't seem to get 'apachectl startssl' to work,
>whereas 'apachectl start' works just fine. I have made sure every file I
>refer to exists and same for directories. I have gone through many
>messages in the mailing list, but couldn't find an answer.
>
>I have therefore copied the relevant parts of my apache.conf file below.
>As a background, I'm using apache-1.3.9+php+mod_ssl-1.3.9+3.0.12+2.4.2
>and I don't plan to have a default htdocs directory, only virtual hosts
>for which I have used 205.151.116.101 in the following example:
>
Computer Engineering Inc.
http://www.compeng.net
Phone: 780 499 5687 (9 - 5 MST)
Fax:   780 435 0693 (24 Hours)
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apachectl startssl prompting

1999-12-21 Thread Ralf S. Engelschall 

On Tue, Dec 21, 1999, [EMAIL PROTECTED] wrote:

> I need a quick tip how to get apachectl to startssl *without* prompting for
> the passwd (since the machine will be unattended). Is there a simple way to
> do this?

Quick?  RTFM!
Longer? Read the FAQ, please.
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

apachectl startssl prompting

1999-12-21 Thread fbn 



I need a quick tip how to get apachectl to startssl *without* prompting for
the passwd (since the machine will be unattended). Is there a simple way to
do this?

Thanks in advance



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Upgrading to next version of Apache

1999-12-21 Thread wwebb 

When the next version of Apache is released, can you just upgrade 
the Apache or will mod_ssl and/or openssl need to be reinstalled to 
retain SSL  ?  

/thinkahead-mode  

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

problem with libssl.a

1999-12-21 Thread david manye 


hi,

i want to install apache-1.3.9 + mod_ssl-2.4.9-1.3.9 on a sun sparc with
solaris 2.7. i'm using openssl-0.9.4.

i can compile and install successfully openssl with the folowing commands:

  ./Configure solaris64-sparcv9-cc --prefix=/usr/local/tajapatxe/openssl
  make
  make install

then i configure mod_ssl with:

  ./configure --with-apache=../apache_1.3.9

and then

  cd ../apache_1.3.9
  SSL_BASE=/usr/local/ssl ./configure \
  --prefix=/usr/local/tajapatxe/apatxe \ 
  --enable-module=ssl 

at this time i get the following ld error:

 ...

  gcc  -DSOLARIS2=270 -DMOD_SSL=204109 -DEAPI -DUSE_EXPAT 
-I./lib/expat-lite `./apaci` -L/usr/local/tajapatxe/fonts/openssl-0.9.4 -o
httpd buildmark.o modules.o modules/ssl/libssl.a

modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a
lib/expat-lite/libexpat.a  -lsocket -lnsl  -lssl -lcrypto
Undefined   first referenced
 symbol in file
d2i_SSL_SESSION   modules/ssl/libssl.a(ssl_engine_scache.o)
SSL_get_verify_mode   modules/ssl/libssl.a(ssl_engine_kernel.o)
SSL_library_init  modules/ssl/libssl.a(ssl_engine_init.o)

  ... a lot more of pairs symbol-reference ...

SSL_acceptmodules/ssl/libssl.a(ssl_engine_kernel.o)
X509_NAME_oneline modules/ssl/libssl.a(ssl_engine_init.o)
ERR_get_error modules/ssl/libssl.a(ssl_engine_log.o)
ld: fatal: Symbol referencing errors. No output written to httpd
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9'
make: *** [build] Error 2

i'm sorry but my knowledge about .a files is null, but look at this:

$ ls -l src/modules/ssl/libssl.a
-rw-r--r--   1 adeim  staff  275196 Dec 21 16:36  src/modules/ssl/libssl.a
$ ls -l ../openssl-0.9.4/libssl.a 
-rw-r--r--   1 adeim  staff  496580 Dec 21 16:22 ../openssl-0.9.4/libssl.a

i noticed that the file size differ, so i overwrote libssl.a in
src/modules/ssl with ../openssl-0.9.4, and try to make again. at this time
a get a similar error but now only one symbol remains unreferenced:

... compiling messages ...

Undefined   first referenced
 symbol in file
ssl_module  modules.o
ld: fatal: Symbol referencing errors. No output written to httpd
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9'
make: *** [build] Error 2
$ 

any idea where i can find this symbol (or how it should be added to
libssl.a).

any help will be appreciated. thanks.

--

 david manye i robert
 departament d'enginyeria informatica i matematiques
 universitat rovira i virgili
 autovia de salou, s/n
 43006 tarragona

 tel.: 977-559706
 e-mail: [EMAIL PROTECTED]




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: mod_ssl vs. Apache-SSL

1999-12-21 Thread Ralf S. Engelschall 

On Tue, Dec 21, 1999, Thomas G. Peroulas wrote:

> I must enable my Apache server with SSL capability.  I am considering
> Apache-SSL and mod_ssl.
> I am running an Apache web server using Perl CGI (OpenSSL 0.9.4 and
> Net::Crypt-SSLeay.pm) to pass https applications.  Of course I can't pass
> https until I enable SSL on Apache.
> 
> Perhaps you can help me with the following:
> 
> 1.  Should I use mod_ssl or Apache-SSL and why?

You should decide this on your own, please. I recommend you to compare them
yourself first (do a quick installation of both) and then make a reasonable
decision for _your_ situation (one cannot give a general answer, the decision
will certainly dependent on your situation). Keep in mind: on security issues
one always should at least have an own opinion first... 

> 2.  May I use either of the two commercially in the United States?

Whether commercially or not is not the question for the US.  The question for
the US is whether you have the RSA license.  You need one in the US, at least
for the next 10 months until RSA patent expires. Because of this you should
also add the commercial SSL solutions for Apache to the evaluation point
under 1) because they provide you with a more or less cheap RSA license.

> 3.  If I cannot use these commercially in the states, would anyone recommend
> the IBM http server?

As I said, commercially or not is not important here. 

> 4.  Does anyone know offhand if the IBM http server is compatible with
> mod_perl?

If the IBM server allows you to recompile Apache from source, you can use
mod_perl, too. Else it becomes tricky (either you need a pre-built version
from IBM with mod_perl added or you need some pre-built mod_perl DSOs, etc.)
Ask IBM what they provide.
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: start works, startssl doesn't

1999-12-21 Thread Ralf S. Engelschall 

On Mon, Dec 20, 1999, admin wrote:

> No matter what I try, I can't seem to get 'apachectl startssl' to work,
> whereas 'apachectl start' works just fine. I have made sure every file I
> refer to exists and same for directories. I have gone through many
> messages in the mailing list, but couldn't find an answer.

Sorry, but exactly are the error messages you get?  You at least should tell
us about them in detail if you expect a reasonable help ;)

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

mod_ssl vs. Apache-SSL

1999-12-21 Thread Thomas G. Peroulas 

Dear modssl users:

I must enable my Apache server with SSL capability.  I am considering
Apache-SSL and mod_ssl.
I am running an Apache web server using Perl CGI (OpenSSL 0.9.4 and
Net::Crypt-SSLeay.pm) to pass https applications.  Of course I can't pass
https until I enable SSL on Apache.

Perhaps you can help me with the following:

1.  Should I use mod_ssl or Apache-SSL and why?
2.  May I use either of the two commercially in the United States?
3.  If I cannot use these commercially in the states, would anyone recommend
the IBM http server?
4.  Does anyone know offhand if the IBM http server is compatible with
mod_perl?

Thank you very much,

Tom Peroulas
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

start works, startssl doesn't

1999-12-21 Thread admin 

No matter what I try, I can't seem to get 'apachectl startssl' to work,
whereas 'apachectl start' works just fine. I have made sure every file I
refer to exists and same for directories. I have gone through many
messages in the mailing list, but couldn't find an answer.

I have therefore copied the relevant parts of my apache.conf file below.
As a background, I'm using apache-1.3.9+php+mod_ssl-1.3.9+3.0.12+2.4.2
and I don't plan to have a default htdocs directory, only virtual hosts
for which I have used 205.151.116.101 in the following example:

Listen 205.151.116.101:80


LoadModule ssl_module libexec/apache/libssl.so



AddModule mod_ssl.c



#Listen 80
Listen 205.151.116.101:443



ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/groups/pcr/www"
ServerName pcr.ca
ErrorLog /var/log/pcr.ca-error_log
CustomLog /var/log/pcr.ca-access_log common



AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl




SSLPassPhraseDialog  builtin
SSLSessionCache dbm:/var/run/apache_ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/apache_ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog  /var/log/apache_ssl_engine_log
SSLLogLevel info







DocumentRoot "/groups/pcr/www"
ServerName pcr.ca
ServerAdmin [EMAIL PROTECTED]
ErrorLog /var/log/apache_error_log
TransferLog /var/log/apache_access_log

SSLEngine on
SSLCertificateFile /usr/local/etc/apache/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/server.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog /var/log/apache_ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

IE occasional error with SSL

1999-12-21 Thread Jason Terry 

I use
Apache/1.3.6 (Unix)
PHP/3.0.11
mod_ssl/2.3.5
OpenSSL/0.9.3a

Ocassionally IE users get their standard error message "page cannot be
displayed".
Now, I know this is due to some problems negotiating the SSL connection.
And, it has been a problem with older versions of mod_ssl as well.  My
question is, has anybody else ever seen this problem? And, is there a fix
for it?  This seems to occur about 10% of the time with SSL connections
only. And, a simple page reload (clicking back, then clicking the link
again) will get you through the error.

Netscape seems to work 100% of the time. It is my browser of choice, and I
have NEVER seen it have the problem.

If anybody has any ideas on what to check for, or a way to try and
debug/find the problem.  I am up for it.

Thanks
-Jason
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]