Re: segfaults??
On Tue, Dec 21, 1999, Roscinante wrote: Ok, anyone know what would cause these segfaults, or at least how to get some verbose logging from apache to see what might be causing it? If we would know what cause segfaults for you, we would have fixed them _before_ distributing the code ;) I have debug mode enabled, but this tells me nothing about whats causing the segfaults ;( Sure, it just gives you a hint at which step in the processing the segfaults occur but not more. Read the mod_ssl FAQ for details on how to find out more about the location of the segfault. Without these details no one can provide you any reasonable help, of course. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl with JServ did not start
On Tue, Dec 21, 1999, [EMAIL PROTECTED] wrote: [...] Server app-fallback.propertygate.de:443 (RSA) Enter pass phrase: Ok: Pass Phrase Dialog successful. ./apachectl startssl: httpd started But there is no httpd process. When I start the normal server everything works fine. Where is my mistake? I don't know, but have a look yourself into the error_log, please. There should be some hints about the problem... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrading to next version of Apache
"R. DuFresne" [EMAIL PROTECTED] 12/21/99 11:05PM When the next version of Apache is released, can you just upgrade the Apache or will mod_ssl and/or openssl need to be reinstalled to retain SSL ? You sould beable to just drop the new apache source into place, and recompile it with the proper params like you did before. This is easiest if you retain the source for mod_ssl and openssl under some apache specific src/ tree, if ya dig what I'm saying; you already built the other two, yer just going to rebuild apache with their inclusion. It's not that simple because the new Apache will not contain EAPI, and if you just drop it into place, you'll have an Apache with no EAPI and mod_ssl won't work anymore. Besides, the EAPI changes with every release of Apache because the line numbers (etc) in Apache change and therefore the EAPI patches must be updated to reflect that. You don't have to redo openssl (assuming you did a separate make/make install for openssl to install it as a system library), just mod_ssl. I'd tend to expect a new version of mod_ssl out when the new Apache comes out, assuming all goes as it usually does. Right, Ralf? --Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-2303 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrading to next version of Apache
folks, listen to Cliff, rather then me, for, he has the time in on this area over me. Cliff, thanks for the correction! Thanks, Ron DuFresne On Wed, 22 Dec 1999, Cliff Woolley wrote: "R. DuFresne" [EMAIL PROTECTED] 12/21/99 11:05PM When the next version of Apache is released, can you just upgrade the Apache or will mod_ssl and/or openssl need to be reinstalled to retain SSL ? You sould beable to just drop the new apache source into place, and recompile it with the proper params like you did before. This is easiest if you retain the source for mod_ssl and openssl under some apache specific src/ tree, if ya dig what I'm saying; you already built the other two, yer just going to rebuild apache with their inclusion. It's not that simple because the new Apache will not contain EAPI, and if you just drop it into place, you'll have an Apache with no EAPI and mod_ssl won't work anymore. Besides, the EAPI changes with every release of Apache because the line numbers (etc) in Apache change and therefore the EAPI patches must be updated to reflect that. You don't have to redo openssl (assuming you did a separate make/make install for openssl to install it as a system library), just mod_ssl. I'd tend to expect a new version of mod_ssl out when the new Apache comes out, assuming all goes as it usually does. Right, Ralf? --Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-2303 -- ~~ admin senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrading to next version of Apache
On Wed, Dec 22, 1999, Cliff Woolley wrote: "R. DuFresne" [EMAIL PROTECTED] 12/21/99 11:05PM When the next version of Apache is released, can you just upgrade the Apache or will mod_ssl and/or openssl need to be reinstalled to retain SSL ? You sould beable to just drop the new apache source into place, and recompile it with the proper params like you did before. This is easiest if you retain the source for mod_ssl and openssl under some apache specific src/ tree, if ya dig what I'm saying; you already built the other two, yer just going to rebuild apache with their inclusion. It's not that simple because the new Apache will not contain EAPI, and if you just drop it into place, you'll have an Apache with no EAPI and mod_ssl won't work anymore. Besides, the EAPI changes with every release of Apache because the line numbers (etc) in Apache change and therefore the EAPI patches must be updated to reflect that. You don't have to redo openssl (assuming you did a separate make/make install for openssl to install it as a system library), just mod_ssl. I'd tend to expect a new version of mod_ssl out when the new Apache comes out, assuming all goes as it usually does. Right, Ralf? Sure, as for the last 1.5 years, once a new Apache version is out, at the same time (sometimes even some time before ;) a corresponding mod_ssl version is available which applies cleanly to the current Apache state. So the fact that EAPI needs adjusting is not important for end users. I take care of this all the time. But as it looks, the chances are high that we get EAPI into Apache 1.3.11 (not 1.3.10, for this it was too late and so the resistance was already too high). Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl freezes ?
Emmanuel Anne [EMAIL PROTECTED] 12/22/99 04:35AM All this worked perfectly well for 3 weeks, and last week I had this problem : Suddenly the server stopped from processing https requests. The http requests were still answered, but when you tried https you got "Contacting, waiting for reply", and waiting for ever ! Sounds like maybe a broken vendor DBM library. Are you getting coredumps (check the error_log for "exit signal Segmentation Fault")? Are you using SSLSessionCache dbm:(...) ? If so, try temporarily using SSLSessionCache none and see what happens. (You might try decreasing the SSLSessionCacheTimeout for testing.) In any case, I'd recommend going to the shm: variant of the SessionCache. It's much faster. Or at least, if you're going to use the dbm version, use the built-in SDBM library by adding --enable-rule=SSL_SDBM when you configure Apache. Hope this helps, Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-2303 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: modssl + Apache 1.3.9 + win NT
follow the links on the bottom of this e-mail. well written documentation is in place - and it is short, sweet, and easy to read. cliff rayman genwax.com Jai Prakash Singh wrote: Hi, I am new to this mailing list. I am also new to SSL. Currently I am working on a project in which we are implementing the Java servlets on Apache web server on windows NT platform. Now, I have implement SSL on it. I am not able to configure and rather get clear idea on how to implement the same. If some prerequistie certificate is required to implement this or not ... Can any one show me the clear idea behind the SSL? Thanks in advance. Regard, Jai __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AuthType and SSL
I am really new to SSL. It is starting to make sense to me, but I would like to try and clarify a couple things I am not sure on. I have the default configuration working fine. The https is setup as a virtual host, right? And I can tell it which directory to use for this virtual host. My main concern now is how do I setup basic authentication in a virtual host. When I try and add the AuthType Basic to the virtual host, apache errors when starting. Do I have to create a Directory entry in my httpd.conf file for the same directory that I want to protect. I obviously know nothing about SSL or virtual hosts, I have a lot of reading to do. My other question is, will mod_ssl encrypt my passwords? If I setup a virtual host with the directory /usr/local/apache/wwwroot/it and do authentication at that level, can I then do further authentication at the /usr/local/apache/wwwroot/it/routers? I want to set up series of directories that give access to some people and not others. So will SSL encrypt every file and subdirectory under the first directory that is set. I just want to make sure I am not sending out unencrypted passwords. Thanks, Keith Vance West Coast Administrator/Network Analyst (206) 215-9844 [EMAIL PROTECTED] BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Keith Vance TEL;WORK:(206) 215-9844 ORG:;Information Technology TEL;PREF;FAX:(206) 215-9941 EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED] N:Vance;Keith TITLE:Network Analyst X-GWUSERID:Kvance END:VCARD
Re: AuthType and SSL
"Keith Vance" [EMAIL PROTECTED] 12/22/99 02:06PM The https is setup as a virtual host, right? And I can tell it which directory to use for this virtual host. Generally, yes. Do I have to create a Directory entry in my httpd.conf file for the same directory that I want to protect. I obviously know nothing about SSL or virtual hosts, I have a lot of reading to do. Yes. Or a .htaccess file in that directory. (AuthType and its pals can only be located within per-directory configuration sections, which is why you're getting the error on startup.) My other question is, will mod_ssl encrypt my passwords? Yes. SSL is a layer below HTTP or whatever other protocol you choose to run on top of it. So for HTTP(S) purposes, both the request and the response are encrypted, including the basic auth information, which is sent as a request header. If I setup a virtual host with the directory /usr/local/apache/wwwroot/it and do authentication at that level, can I then do further authentication at the /usr/local/apache/wwwroot/it/routers? Yep. Either make a new Directory block or, again, you can use a .htaccess file in that directory. --Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-2303 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: modssl + Apache 1.3.9 + win NT
Hi Cliff , What's the link? Is it "genwax.com" then sorry boss this is not right place make PJ's Anyway. Regards, Jai Cliff Rayman wrote: follow the links on the bottom of this e-mail. well written documentation is in place - and it is short, sweet, and easy to read. cliff rayman genwax.com Jai Prakash Singh wrote: Hi, I am new to this mailing list. I am also new to SSL. Currently I am working on a project in which we are implementing the Java servlets on Apache web server on windows NT platform. Now, I have implement SSL on it. I am not able to configure and rather get clear idea on how to implement the same. If some prerequistie certificate is required to implement this or not ... Can any one show me the clear idea behind the SSL? Thanks in advance. Regard, Jai __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apachectl startssl not starting UPDATE
I think I sent the wrong httpd.conf file with my previous message. Here is the file that I am using and my log files. If you look at the ssl_engine_log the last time it started, it seemed to work fine. Although it doesn't work, nor does it prompt me for the pass phrase. Although if you look in my error_log for apache there are some openssl errors about not being able to read the ssl.crt file. The file is there and I have run make certificate and make install in the apache source directory a couple of times. What does the make install do? Can I just manually copy the files where they need to go. I am happy with the way my server is running and don't want to screw up jserv or anything. Well thanks for all your help. Keith Vance West Coast Administrator/Network Analyst (206) 215-9844 [EMAIL PROTECTED] error_log httpd.conf ssl_engine_log BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Keith Vance TEL;WORK:(206) 215-9844 ORG:;Information Technology TEL;PREF;FAX:(206) 215-9941 EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED] N:Vance;Keith TITLE:Network Analyst X-GWUSERID:Kvance END:VCARD
SV: apachectl startssl prompting
I need a quick tip how to get apachectl to startssl *without* prompting for the passwd (since the machine will be unattended). Is there a simple way to do this? Please read the FAQ: http://www.modssl.org/docs/2.4/ssl_faq.html#ToC29 I use a simple Expect script (or rather Perl using Expect.pm) to do this. But maybe that's an unnecessary detour... /Johan Ekenberg __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]