Re: Upgrading to next version of Apache
On Tue, 21 Dec 1999 [EMAIL PROTECTED] wrote: > When the next version of Apache is released, can you just upgrade > the Apache or will mod_ssl and/or openssl need to be reinstalled to > retain SSL ? > > /thinkahead-mode > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > You sould beable to just drop the new apache source into place, and recompile it with the proper params like you did before. This is easiest if you retain the source for mod_ssl and openssl under some apache specific src/ tree, if ya dig what I'm saying; you already built the other two, yer just going to rebuild apache with their inclusion. Thanks, Ron DuFresne -- ~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apachectl startssl prompting
>>> <[EMAIL PROTECTED]> 12/21/99 02:24PM >>> >I need a quick tip how to get apachectl to startssl *without* prompting for >the passwd (since the machine will be unattended). Is there a simple way to >do this? Please read the FAQ: http://www.modssl.org/docs/2.4/ssl_faq.html#ToC29 Thanks, Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-2303 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: start works, startssl doesn't
Hi, I just went through the same grief: Look in your ssl_error_log file (/var/log/apache_error_log), and see what it says. Check any other log files as well. Blair. >No matter what I try, I can't seem to get 'apachectl startssl' to work, >whereas 'apachectl start' works just fine. I have made sure every file I >refer to exists and same for directories. I have gone through many >messages in the mailing list, but couldn't find an answer. > >I have therefore copied the relevant parts of my apache.conf file below. >As a background, I'm using apache-1.3.9+php+mod_ssl-1.3.9+3.0.12+2.4.2 >and I don't plan to have a default htdocs directory, only virtual hosts >for which I have used 205.151.116.101 in the following example: > Computer Engineering Inc. http://www.compeng.net Phone: 780 499 5687 (9 - 5 MST) Fax: 780 435 0693 (24 Hours) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apachectl startssl prompting
On Tue, Dec 21, 1999, [EMAIL PROTECTED] wrote: > I need a quick tip how to get apachectl to startssl *without* prompting for > the passwd (since the machine will be unattended). Is there a simple way to > do this? Quick? RTFM! Longer? Read the FAQ, please. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apachectl startssl prompting
I need a quick tip how to get apachectl to startssl *without* prompting for the passwd (since the machine will be unattended). Is there a simple way to do this? Thanks in advance __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Upgrading to next version of Apache
When the next version of Apache is released, can you just upgrade the Apache or will mod_ssl and/or openssl need to be reinstalled to retain SSL ? /thinkahead-mode __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
problem with libssl.a
hi, i want to install apache-1.3.9 + mod_ssl-2.4.9-1.3.9 on a sun sparc with solaris 2.7. i'm using openssl-0.9.4. i can compile and install successfully openssl with the folowing commands: ./Configure solaris64-sparcv9-cc --prefix=/usr/local/tajapatxe/openssl make make install then i configure mod_ssl with: ./configure --with-apache=../apache_1.3.9 and then cd ../apache_1.3.9 SSL_BASE=/usr/local/ssl ./configure \ --prefix=/usr/local/tajapatxe/apatxe \ --enable-module=ssl at this time i get the following ld error: ... gcc -DSOLARIS2=270 -DMOD_SSL=204109 -DEAPI -DUSE_EXPAT -I./lib/expat-lite `./apaci` -L/usr/local/tajapatxe/fonts/openssl-0.9.4 -o httpd buildmark.o modules.o modules/ssl/libssl.a modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a lib/expat-lite/libexpat.a -lsocket -lnsl -lssl -lcrypto Undefined first referenced symbol in file d2i_SSL_SESSION modules/ssl/libssl.a(ssl_engine_scache.o) SSL_get_verify_mode modules/ssl/libssl.a(ssl_engine_kernel.o) SSL_library_init modules/ssl/libssl.a(ssl_engine_init.o) ... a lot more of pairs symbol-reference ... SSL_acceptmodules/ssl/libssl.a(ssl_engine_kernel.o) X509_NAME_oneline modules/ssl/libssl.a(ssl_engine_init.o) ERR_get_error modules/ssl/libssl.a(ssl_engine_log.o) ld: fatal: Symbol referencing errors. No output written to httpd collect2: ld returned 1 exit status make[2]: *** [target_static] Error 1 make[2]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9' make: *** [build] Error 2 i'm sorry but my knowledge about .a files is null, but look at this: $ ls -l src/modules/ssl/libssl.a -rw-r--r-- 1 adeim staff 275196 Dec 21 16:36 src/modules/ssl/libssl.a $ ls -l ../openssl-0.9.4/libssl.a -rw-r--r-- 1 adeim staff 496580 Dec 21 16:22 ../openssl-0.9.4/libssl.a i noticed that the file size differ, so i overwrote libssl.a in src/modules/ssl with ../openssl-0.9.4, and try to make again. at this time a get a similar error but now only one symbol remains unreferenced: ... compiling messages ... Undefined first referenced symbol in file ssl_module modules.o ld: fatal: Symbol referencing errors. No output written to httpd collect2: ld returned 1 exit status make[2]: *** [target_static] Error 1 make[2]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/local/tajapatxe/fonts/apache_1.3.9' make: *** [build] Error 2 $ any idea where i can find this symbol (or how it should be added to libssl.a). any help will be appreciated. thanks. -- david manye i robert departament d'enginyeria informatica i matematiques universitat rovira i virgili autovia de salou, s/n 43006 tarragona tel.: 977-559706 e-mail: [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl vs. Apache-SSL
On Tue, Dec 21, 1999, Thomas G. Peroulas wrote: > I must enable my Apache server with SSL capability. I am considering > Apache-SSL and mod_ssl. > I am running an Apache web server using Perl CGI (OpenSSL 0.9.4 and > Net::Crypt-SSLeay.pm) to pass https applications. Of course I can't pass > https until I enable SSL on Apache. > > Perhaps you can help me with the following: > > 1. Should I use mod_ssl or Apache-SSL and why? You should decide this on your own, please. I recommend you to compare them yourself first (do a quick installation of both) and then make a reasonable decision for _your_ situation (one cannot give a general answer, the decision will certainly dependent on your situation). Keep in mind: on security issues one always should at least have an own opinion first... > 2. May I use either of the two commercially in the United States? Whether commercially or not is not the question for the US. The question for the US is whether you have the RSA license. You need one in the US, at least for the next 10 months until RSA patent expires. Because of this you should also add the commercial SSL solutions for Apache to the evaluation point under 1) because they provide you with a more or less cheap RSA license. > 3. If I cannot use these commercially in the states, would anyone recommend > the IBM http server? As I said, commercially or not is not important here. > 4. Does anyone know offhand if the IBM http server is compatible with > mod_perl? If the IBM server allows you to recompile Apache from source, you can use mod_perl, too. Else it becomes tricky (either you need a pre-built version from IBM with mod_perl added or you need some pre-built mod_perl DSOs, etc.) Ask IBM what they provide. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: start works, startssl doesn't
On Mon, Dec 20, 1999, admin wrote: > No matter what I try, I can't seem to get 'apachectl startssl' to work, > whereas 'apachectl start' works just fine. I have made sure every file I > refer to exists and same for directories. I have gone through many > messages in the mailing list, but couldn't find an answer. Sorry, but exactly are the error messages you get? You at least should tell us about them in detail if you expect a reasonable help ;) Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl vs. Apache-SSL
Dear modssl users: I must enable my Apache server with SSL capability. I am considering Apache-SSL and mod_ssl. I am running an Apache web server using Perl CGI (OpenSSL 0.9.4 and Net::Crypt-SSLeay.pm) to pass https applications. Of course I can't pass https until I enable SSL on Apache. Perhaps you can help me with the following: 1. Should I use mod_ssl or Apache-SSL and why? 2. May I use either of the two commercially in the United States? 3. If I cannot use these commercially in the states, would anyone recommend the IBM http server? 4. Does anyone know offhand if the IBM http server is compatible with mod_perl? Thank you very much, Tom Peroulas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
start works, startssl doesn't
No matter what I try, I can't seem to get 'apachectl startssl' to work, whereas 'apachectl start' works just fine. I have made sure every file I refer to exists and same for directories. I have gone through many messages in the mailing list, but couldn't find an answer. I have therefore copied the relevant parts of my apache.conf file below. As a background, I'm using apache-1.3.9+php+mod_ssl-1.3.9+3.0.12+2.4.2 and I don't plan to have a default htdocs directory, only virtual hosts for which I have used 205.151.116.101 in the following example: Listen 205.151.116.101:80 LoadModule ssl_module libexec/apache/libssl.so AddModule mod_ssl.c #Listen 80 Listen 205.151.116.101:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot "/groups/pcr/www" ServerName pcr.ca ErrorLog /var/log/pcr.ca-error_log CustomLog /var/log/pcr.ca-access_log common AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/apache_ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/apache_ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /var/log/apache_ssl_engine_log SSLLogLevel info DocumentRoot "/groups/pcr/www" ServerName pcr.ca ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/apache_error_log TransferLog /var/log/apache_access_log SSLEngine on SSLCertificateFile /usr/local/etc/apache/server.crt SSLCertificateKeyFile /usr/local/etc/apache/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /var/log/apache_ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE occasional error with SSL
I use Apache/1.3.6 (Unix) PHP/3.0.11 mod_ssl/2.3.5 OpenSSL/0.9.3a Ocassionally IE users get their standard error message "page cannot be displayed". Now, I know this is due to some problems negotiating the SSL connection. And, it has been a problem with older versions of mod_ssl as well. My question is, has anybody else ever seen this problem? And, is there a fix for it? This seems to occur about 10% of the time with SSL connections only. And, a simple page reload (clicking back, then clicking the link again) will get you through the error. Netscape seems to work 100% of the time. It is my browser of choice, and I have NEVER seen it have the problem. If anybody has any ideas on what to check for, or a way to try and debug/find the problem. I am up for it. Thanks -Jason __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]