Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
Hi, I've been running apache 1.3.26 with mod_perl 1.26 statically linked in for a while now with no problems. I've recently tried to add mod_ssl to the configuration and the apache build now fails at the final link like so: cc -DHPUX10 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208110 -DMOD_PERL -DUSE_PERL_SSI -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 `./apaci` -L/usr/local/ssl/lib \ -o httpd buildmark.o modules.o modules/ssl/libssl.a modules/perl/libperl.a modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a regex/libregex.a -ldbm -lssl -lcrypto -Wl,-E -Wl,-B,deferred /opt/perl5/lib/5.6.1/PA-RISC1.1/auto/DynaLoader/DynaLoader.a -L/opt/perl5/lib/5.6.1/PA-RISC1.1/CORE -lperl -lnsl_s -ldld -lm -lc -lndir -lcrypt -lsec -lm /usr/ccs/bin/ld: Unsatisfied symbols: __umoddi3 (code) __udivdi3 (code) *** Error exit code 1 Searching on the mod_perl list archive revealed one answer which was to use the GNU ld instead; unfortunately, this doesn't seem easy on HP-UX, as ld is not part of the standard GNU binutils package for HP-UX and compiling the generic binutils manually doesn't build any version of ld as far as I could tell. The missing symbols are present in the global symbols list produced by "nm -g /usr/local/lib/ssl/libcrypto.a", looking like this. Moving the "-lcrypto" token around in the link line or duplicating it in various places doesn't have any effect. U __udivdi3 U __umoddi3 The config file for apache looks like this: CC="cc" \ CFLAGS=" -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 " \ SSL_BASE="/usr/local/ssl" \ ./configure \ "--with-layout=Apache" \ "--enable-module=ssl" \ "--activate-module=src/modules/perl/libperl.a" \ "--disable-rule=EXPAT" \ "--prefix=/opt/httpd_perl" \ "$@" If I chop out the CC & CFLAGS settings, the build uses gcc and completes ok, but then dumps core with a stack violation as soon as a perl document is requested. I figure it's easier letting mod_perl build with cc the way it wants to and try and fix this link issue than address a mysterious core dump. I can easily build with either mod_perl or mod_ssl configured and both versions operate correctly once built. Answers to any of these questions would be greatly appreciated: * Why does the apache link fail? * How do you build GNU ld for HP-UX 10.20? * Why does mod_perl configure the apache build to use cc rather than gcc, and can you override this without provoking core dumps? Other version info: mod_ssl-2.8.10-1.3.26 openssl-0.9.6d All software mentioned was built with default config except as mentioned above. Thanks, Ian -- Ian Macdonald [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [HS] Re: Mod_Rewrite - errors what am I doing wrong?
François, Forgive me for being verbose and being off topic. I have Rewrite running on plain old apache, thought the problems may be tied in with mod_ssl, perhaps placement of RewriteEngine on in the httpd.conf. As for LoadModule directive, If you checkout my compile options you will see I specified apache to include rewrite. Am I off the track here? Thanks. François Désarménien wrote: >Thu, 18 Jul 2002 14:29:47 +1000 >Christopher Welsh <[EMAIL PROTECTED]> wrote: > > > >>G'Day, >> >>Anyone help with this? >> >>I added rewrite stuff to the virtual host but am getting an error below >> >> > >This list is about mod_ssl, so your mod_rewrite problem is completly out >of topic here. And posting tons of lines of configuration is also not a >good idea. > >Just to try to help you out : did you load the module with a LoadModule >directive in your httpd.conf ? > >F. > > -- Christopher Welsh Barwon Regional Water Authority, Geelong Victoria, 3216 Voice: 03 52 262385, Mobile: 0409 562968 * The information in this e-mail message and any files transmitted with it are confidential and/or privileged and are intended only for the use of the individual or entity to whom they are addressed. If you received this message in error please notify us immediately by telephone or return e-mail and delete all copies from your computer system, as your retention, distribution or copying of this message and files is strictly prohibited. It is the recipient's responsibility to check this message and files for viruses. *** __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https setup on Redhat Linux 7.3 usig apache webserver
Hello, I am new to the mailing list. I have several redhat 7.3 linux servers that are running Apache 1.3 webservers. Can anyone point me to a guide to setup the following: 1. Running a webserver using standard http 2. and, setting up a sub area using a virtual host to allow access only through https. I must be missing something. I have verified that port 443 is active and listening. However I loose it when trying to get the web page to work with SSL using https instead of http. Has anyone done this before. I successfully got squirrelmail running but we want to use SSL for security reasons. Mahalo Carl Dionne UHH Computer Science __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL w/ Virtual Hosts startup failure...
You could try adding these directives inside your virtual host block (or else make the scope global if you wish): SSLLog /var/log/httpd/{virtual-host-name}-ssl_log SSLogLevel debug These will provide some verbose debug spew in the ssl log file that might help. -Original Message- From: Sean M Alderman [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: SSL w/ Virtual Hosts startup failure... Hi, I just received certs today for a couple of Vhosts. I setup their SSL vhosts like - # Server Info ServerName www.server.com ServerAdmin [EMAIL PROTECTED] # SSL Stuff SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/appl/www/www.server.com/certs/server.crt SSLCertificateKeyFile /usr/appl/www/www.server.com/certs/server.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/appl/www/cws.grc.nasa.gov/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # Document Directory Information DocumentRoot /usr/appl/www/www.server.com/htdocs Options +Includes # Jakarta Mounts for the # Bobby Section 508 software JkMount /bobby ajp13 JkMount /bobby/*.jsp ajp13 # CGI Directories ScriptAlias /cgi-bin/ "/usr/appl/www/www.server.com/cgi-bin/" # Log Configuration ErrorLog /usr/appl/www/www.server.com/logs/error_log CustomLog "|/usr/appl/apache/bin/rotatelogs /usr/appl/www/www.server.com/logs/access_log 2419200" combined I configured ssl and certs for 3 vhosts and tested each one after I made the configuration for it. The server started after the first ssl config, and the second, but it's not starting on the last. The SSL Engine Log is here, access_log and error_log have are empty ==> ssl_engine_log <== [18/Jul/2002 17:09:30 11938] [info] Server: Apache/1.3.26, Interface: mod_ssl/2.8.9, Library: OpenSSL/0.9.6d [18/Jul/2002 17:09:30 11938] [info] Init: 1st startup round (still not detached) [18/Jul/2002 17:09:30 11938] [info] Init: Initializing OpenSSL library[18/Jul/2002 17:09:30 11938] [info] Init: Loading certificate & private key of SSL-aware server mailarch.grc.nasa.gov:443 [18/Jul/2002 17:09:30 11938] [info] Init: Loading certificate & private key of SSL-aware server cws.grc.nasa.gov:443 [18/Jul/2002 17:09:30 11938] [info] Init: Loading certificate & private key of SSL-aware server webapp.grc.nasa.gov:443 [18/Jul/2002 17:09:30 11938] [info] Init: Seeding PRNG with 136 bytes of entropy [18/Jul/2002 17:09:30 11938] [info] Init: Generating temporary RSA private keys (512/1024 bits) [18/Jul/2002 17:09:31 11938] [info] Init: Configuring temporary DH parameters (512/1024 bits) Is there some advanced logging I can do to determine the problem? Has this been handled before (and I didn't use the right search terms)? Thanks! -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system "Windows" is like naming an automobile "Wheels." __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL w/ Virtual Hosts startup failure...
Hi, I just received certs today for a couple of Vhosts. I setup their SSL vhosts like - # Server Info ServerName www.server.com ServerAdmin [EMAIL PROTECTED] # SSL Stuff SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/appl/www/www.server.com/certs/server.crt SSLCertificateKeyFile /usr/appl/www/www.server.com/certs/server.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/appl/www/cws.grc.nasa.gov/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # Document Directory Information DocumentRoot /usr/appl/www/www.server.com/htdocs Options +Includes # Jakarta Mounts for the # Bobby Section 508 software JkMount /bobby ajp13 JkMount /bobby/*.jsp ajp13 # CGI Directories ScriptAlias /cgi-bin/ "/usr/appl/www/www.server.com/cgi-bin/" # Log Configuration ErrorLog /usr/appl/www/www.server.com/logs/error_log CustomLog "|/usr/appl/apache/bin/rotatelogs /usr/appl/www/www.server.com/logs/access_log 2419200" combined I configured ssl and certs for 3 vhosts and tested each one after I made the configuration for it. The server started after the first ssl config, and the second, but it's not starting on the last. The SSL Engine Log is here, access_log and error_log have are empty ==> ssl_engine_log <== [18/Jul/2002 17:09:30 11938] [info] Server: Apache/1.3.26, Interface: mod_ssl/2.8.9, Library: OpenSSL/0.9.6d [18/Jul/2002 17:09:30 11938] [info] Init: 1st startup round (still not detached) [18/Jul/2002 17:09:30 11938] [info] Init: Initializing OpenSSL library[18/Jul/2002 17:09:30 11938] [info] Init: Loading certificate & private key of SSL-aware server mailarch.grc.nasa.gov:443 [18/Jul/2002 17:09:30 11938] [info] Init: Loading certificate & private key of SSL-aware server cws.grc.nasa.gov:443 [18/Jul/2002 17:09:30 11938] [info] Init: Loading certificate & private key of SSL-aware server webapp.grc.nasa.gov:443 [18/Jul/2002 17:09:30 11938] [info] Init: Seeding PRNG with 136 bytes of entropy [18/Jul/2002 17:09:30 11938] [info] Init: Generating temporary RSA private keys (512/1024 bits) [18/Jul/2002 17:09:31 11938] [info] Init: Configuring temporary DH parameters (512/1024 bits) Is there some advanced logging I can do to determine the problem? Has this been handled before (and I didn't use the right search terms)? Thanks! -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system "Windows" is like naming an automobile "Wheels." __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: log shows connection from server, but then can't connect from internet client
Digging deeper, I realized I had overlooked an error in the "openssl s_client" output: verify error:num=19:self signed certificate in certificate chain Will this help? openssl verify -CApath /usr/local/apache/conf/ca-bundle/ -CAfile /usr/local/apache/conf/ca-bundle/ca.txt I'm not sure if this is what I should be doing. - Original Message - From: "Joe Dames" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 18, 2002 10:28 AM Subject: log shows connection from server, but then can't connect from internet client > Hello fellow humans! > > > I am trying desperately to discover the new skill of installing an SSL > certificate on an Apache server which is (hopefully) SSL enabled. > > .I start the server: > /usr/local/apache/bin/apachectl startssl > It starts cleanly! (I think) > http://molions.com/joe/apache-ssl_error_log.txt > > .No my problems are uncovered. I can connect to port 443 on my virtual server > while using the openssh s_client tool at my servers shell. I cannot, however, > do a normal client connection from another machine's web browser (netscape, IE, > Opera, --all new versions). I have read high and low, and have learned a great > deal, but still am at a loss of what is wrong. I have compiled all of the > variables that I have found to have a direct effect upon the operation of ssl > and included them below for your expert opinions. > > .I believe I have accomplished some level of success as evidenced by this > ssl_engine_log snip > http://molions.com/joe/ssl_engine_log_snip.txt > I am concerned about the whole "Init: 1st startup round (still not detached)" > bit in the ssl_engine_log. I don't understand why it must go through 2 startup > rounds. Is this a problem? > > .When I run curl secure.mydomain.com:443 from the ssl server, it spits out all > of the html. But I am having no success having a client browser on another > machine connect to port 443 on this virtual server. > > .Here is what I get when I run the command: "openssl s_client -connect > secure.mydomain.com:443 -state" > http://molions.com/joe/openssl-s_client_-connect.txt > (I've changed the names to protect the innocent ;) > > .Here are my httpd.conf ssl tidbits > http://molions.com/joe/httpd.conf.tidbits.txt > > > .Here is some of my directory proof that the files are there and who can do what > with them > http://molions.com/joe/ssl_directory_structure.txt > > > > If I have configured something totally wrong (I'm sure), please tell me. I > realize I still have so much to learn. Any help at all will be immensely > appreciated. > > Joe Dames > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
log shows connection from server, but then can't connect from internet client
Hello fellow humans! I am trying desperately to discover the new skill of installing an SSL certificate on an Apache server which is (hopefully) SSL enabled. .I start the server: /usr/local/apache/bin/apachectl startssl It starts cleanly! (I think) http://molions.com/joe/apache-ssl_error_log.txt .No my problems are uncovered. I can connect to port 443 on my virtual server while using the openssh s_client tool at my servers shell. I cannot, however, do a normal client connection from another machine's web browser (netscape, IE, Opera, --all new versions). I have read high and low, and have learned a great deal, but still am at a loss of what is wrong. I have compiled all of the variables that I have found to have a direct effect upon the operation of ssl and included them below for your expert opinions. .I believe I have accomplished some level of success as evidenced by this ssl_engine_log snip http://molions.com/joe/ssl_engine_log_snip.txt I am concerned about the whole "Init: 1st startup round (still not detached)" bit in the ssl_engine_log. I don't understand why it must go through 2 startup rounds. Is this a problem? .When I run curl secure.mydomain.com:443 from the ssl server, it spits out all of the html. But I am having no success having a client browser on another machine connect to port 443 on this virtual server. .Here is what I get when I run the command: "openssl s_client -connect secure.mydomain.com:443 -state" http://molions.com/joe/openssl-s_client_-connect.txt (I've changed the names to protect the innocent ;) .Here are my httpd.conf ssl tidbits http://molions.com/joe/httpd.conf.tidbits.txt .Here is some of my directory proof that the files are there and who can do what with them http://molions.com/joe/ssl_directory_structure.txt If I have configured something totally wrong (I'm sure), please tell me. I realize I still have so much to learn. Any help at all will be immensely appreciated. Joe Dames __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Failure to load mod_ssl under NT/apache 2.0
Hunter and Brendan Thanks very much for your help. Hunter you are a genius!! I couldn't have asked for a more comprehensive breakdown of the solution. Anyhow problem solved and mod_ssl.so now loads - hooray! My test server is now configured so will now under go reliability testing before i put it up live. Many thanks for your time and effort. Alex On 17 Jul 02, at 23:25, hunter wrote: > Sorry about replying to my own message. > > In the event that it may be useful I have placed the entire build on > line -- that I made while creating my earlier instructions. > > I do not feel in anyway an authority, but I have managed to get the code > to build and start (load). Though I did not finish the configuration in > this case, nor did I make any certs. > > http://tor.ath.cx/~hunter/apache/apache.zip > > It is large ... pull it down if you wish to learn from it. Use it if > you like ... your choice. > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] Technical Manager Online Learning Support Unit Middlesex University Business School [EMAIL PROTECTED] 020 8411 5092 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I am having a heck of a time - Please help. -- SOLUTION FOUND !
Hi, I compiled this combination with gcc 2.95.2 (compiled by myself with help of sunfreeware gcc) on Solaris 8 without special changes. After examining some sunfreeware PKGs I decided to roll everything on my own. Cheers Georg UUNET - a WorldCom Company UUNET Deutschland GmbH Sebrathweg 20 44149 Dortmund Germany > I'm running solaris 8 and compiled apache/mod_ssl/mm/DSO with no problems *wi > thout* SHARED_CORE... I am using gcc 3.0.3. > > Rgds, > > Owen Boyle > > >-Original Message- > >From: Steve Romero [mailto:[EMAIL PROTECTED]] > >Sent: Mittwoch, 17. Juli 2002 23:45 > >To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' > >Subject: RE: I am having a heck of a time - Please help. -- SOLUTION > >FOUND ! > > > > > >David, > > > >yes I've encountered problems with gcc when building apache as > >well. I > >don't know what the problem is I always thought it was a > >version issue. I > >use a gcc-2.8.1 package from FSF, and that works. Perhaps I > >should try > >compiling a newer version of gcc, and not use the Sunfreeware package. > > > >thanks for the research info below. > > > >Regards, > >Steve Romero > > > >At 08:45 AM 7/17/2002 -0700, David Loesche wrote: > >>Building Apache with EAPI, DSO enabled, mod_ssl and mm is a > >very simple > >>task. I do not know why it took so long to figure out. You > >simply following > >>the instructions in the mod_ssl install documentation (or > >other helpful > >>documents you can find these all over the web), and your up > >and running with > >>Apache - EAPI, DSO, mod_ssl, etc. running. > >> > >>WRONG! Not on Solaris 8. It seems that if you build Apache > >on Solaris 2.6 > >>with gcc 2.95 all is well. Simply following the instructions > >in the mod_ssl > >>documentation and your done. But it's another story if you are using > >>Solaris 8 (I am not sure about 7 or 9 - I do have time to try > >it on these). > >>After many hours of frustration and numerous emails I finally > >decided to try > >>every combination one-by-one to identify which one was the culprit. > >> > >>Initial environment: > >> > >>Solaris 8 > >>Gcc 3.0.3 > >>Apache 1.3.26 > >>Mod_ssl-2.8.10-1.3.26 > >>mm-1.1.3 > >>openssl-0.9.6d > >> > >>The only way this combination works is with > >-enable-rule=SHARED_CORE. This > >>option "forces" Apache to export the share symbols so they > >are available at > >>run time. This takes a 5% performance hit and since the > >previous build did > >>not have it I assumed I was doing something wrong. So I tried every > >>possible build configuration over and over - No change (I had > >to use the > >>SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the > >>previous build version here of Apache). No matter what I did > >I could not > >>get it to build the same way as the previous version. More > >work to do... > >> > >>2nd shot: > >> > >>Solaris 8 > >>Gcc 2.95.3 > >>Apache 1.3.26 > >>Mod_ssl-2.8.10-1.3.26 > >>mm-1.1.3 > >>openssl-0.9.6d > >> > >>EVENTS AND SOLUTION: > >> > >>Same as above. More work to do... > >> > >>Last shot: > >> > >>Solaris 8 > >>Gcc 3.1 > >>Apache 1.3.26 > >>Mod_ssl-2.8.10-1.3.26 > >>mm-1.1.3 > >>openssl-0.9.6d > >> > >>Worked just like all the documentation said it should have > >and everyone I > >>contacted told me to do (which I had spend over a week > >reading and trying > >>all these suggestions). As it turns out, either the build from > >>sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the > >loader module, > >>the building of shared libraries, or gcc has an issue. So, > >if any of you > >>have to do this make sure you have gcc 3.1 or SUN's compiler > >(I believe > >>SUN's works but did not try it - I guess I'm just stubborn). > >> > >>Later, > >> > >> > >> > >>-Original Message- > >>From: David Loesche > >>Sent: Monday, July 15, 2002 12:07 PM > >>To: '[EMAIL PROTECTED]' > >>Subject: RE: I am having a heck of a time - Please help. > >> > >>I did read the referred document concerning the build phase. > >I am intrigued > >>by the LD_LIBRARY_PATH suggestion. What would you recommend > >I set it to? > >> > >>-Original Message- > >>From: Boyle Owen [mailto:[EMAIL PROTECTED]] > >>Sent: Monday, July 15, 2002 12:51 AM > >>To: [EMAIL PROTECTED] > >>Subject: RE: I am having a heck of a time - Please help. > >> > >>Could be to do with your version of openssl lib (check it is > >reasonably up > >>to date) or with your LD_LIBRARY_PATH environment variable.. > >> > >>Check out > >http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html > >> > >>for a good user's summary. > >> > >>Rgds, > >> > >>Owen Boyle > >> > >> >-Original Message- > >> >From: David Loesche [mailto:[EMAIL PROTECTED]] > >> >Sent: Freitag, 12. Juli 2002 20:12 > >> >To: '[EMAIL PROTECTED]' > >> >Subject: I am having a heck of a time - Please help. > >> > > >> > > >> >I have poured through all the documentation I can find on > >> >enabling mod_ssl > >> >with Apache 1.3.26 but keep
[HS] Re: Mod_Rewrite - errors what am I doing wrong?
Thu, 18 Jul 2002 14:29:47 +1000 Christopher Welsh <[EMAIL PROTECTED]> wrote: > G'Day, > > Anyone help with this? > > I added rewrite stuff to the virtual host but am getting an error below This list is about mod_ssl, so your mod_rewrite problem is completly out of topic here. And posting tons of lines of configuration is also not a good idea. Just to try to help you out : did you load the module with a LoadModule directive in your httpd.conf ? F. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: modssl with a shared ssl lib base
Howdy David, This is an oler linux system. I've been reading along with yer trials and tribulations, I'm not having to do this on a sun system though, my sparc10 here runs openbsd, but the web server is an older slackware 2.0.35/36 system. Everything built fine upto appache 1.3.30 with openssl-engine-0.9.6b . Thus, my question about current attepmts, which fail with apache 1.3.26 and openssl-engine-0.9.6d . What I end up with is a decent httpd with a truncated libssl.so, like 5 times smaller then previously, thus, my suspicion that the older apache's <1.3.x> fail if openssl is compiled shared <.so> rather then non-shared libraries. I've toyed about with this configureation script: #!/bin/bash #configure ssl cd mod_ssl-2.8.10-1.3.26/ ./configure --with-apache=../apache_1.3.26 --with-crt=/usr/local/apache/conf/ssl.crt/server.crt --with-key=/usr/local/apache/conf/ssl.key/server.key #./configure --with-apache=../apache_1.3.26 #--with-ssl=../openssl-engine-0.9.6d --with-mm=../mm-1.1.3 #--with-crt=/usr/local/apache/conf/ssl.crt/server.crt #--with-key=/usr/local/apache/conf/ssl.key/server.key #--disable-rule=SSL_COMPAT --enable-module=most # configure apache cd ../apache_1.3.26/ export SSL_BASE=../openssl-engine-0.9.6d export EAPI_MM=../mm-1.1.3 # export $SSL_BASE $EAPI_MM # ./configure --enable-module=ssl --enable-shared=ssl #--enable-rule=SSL_SDBM --disable-rule=SSL_COMPAT --enable-module=most # ./configure --enable-module=ssl --enable-shared=ssl #--disable-rule=SSL_COMPAT --enable-module=most ./configure --enable-module=ssl --enable-shared=ssl --enable-module=most # --enable-shared=max make # if all goes well, we need to do a make install echo " " echo " ...if all goes well, we need to do a make install..." echo " " exit 0 Now, I certainly would have loved to move to apache 2.0.current, but, it's not liking the older linux kernels at all. I messed with the apache source some, after I think Owen gave me some direction, but, alas, it does not run a decent full compile and the apache team won't go grab old kernels and test to try and deal with the issues. # gcc --version 2.7.2.3 So, I hate having to backup and then restore all the time testing this, but am about ready to just recompile openssl unshared and redo, I'm certainly betting it will fix the issues of a truncated libssl.so... my older working libssl.so look like this: -rwx-- 1 root root 1080038 Jul 15 13:45 /usr/local/apache/libexec/libssl.so* New attempts to build with the above script come up with a module like this that will not load: # ls -l src/modules/ssl//libssl.so -rwx-- 1 root root 224759 Jul 17 13:12 src/modules/ssl//libssl.so* Thanks, Ron DuFresne On Wed, 17 Jul 2002, David Loesche wrote: > What is the environment you are working on (OS, Compiler, etc)? Also, check > out the documentation located at www.modssl.org (install document). If you > are building on Solaris drop another line and I will forward you some > information (I just spent some time debugging an issue with gcc and Solaris > 8). > > -Original Message- > From: R. DuFresne [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 9:53 AM > To: [EMAIL PROTECTED] > Subject: modssl with a shared ssl lib base > > > Since apache 2.0.X will not function with older kernels, we have been > trying to upgrade to apache_1.3.26 and wheen out of reliance for present > upon the mod_blowchunks.so thing we have implimented till time permitted. > But, we had decided to build ssl-engine with shared capability, so as to > not have to jump through hoops if matters with apache 2.0.X changed and > such. But, we are failing to get a working httpd when going this route. > I'm wondering if the older apache fails, at least on older kernels, when > ssl has been compiled as an so? > > Thanks, > > > Ron DuFresne > -- > ~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > -- ~~ admin & senior security consultant: sysinfo.com
LoadModule mod_ssl.so fails with win 2000, apache 1.3.26, mod_ssl 2.8.10, openssl 0.9.6d
Hello, Apache fails to start with message: Syntax error on line 193 of c:/readybuilt_1.3.26_2.8.10/conf/httpd.conf: Cannot load c:/3party/apache/modules/mod_ssl.so into server: (182) This fails both with my own build, and also the build at: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Wi n32.zip I have checked that the mod_ssl.so file is present, and not read only. The same symptoms were reported by Danalien [mailto:[EMAIL PROTECTED]] on apache 1.3.24 + mod_ssl 2.8.8, also with Windows 2000. Any suggestions? Nigel Rushton __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help. -- SOLUTION FOUND !
I'm running solaris 8 and compiled apache/mod_ssl/mm/DSO with no problems *without* SHARED_CORE... I am using gcc 3.0.3. Rgds, Owen Boyle >-Original Message- >From: Steve Romero [mailto:[EMAIL PROTECTED]] >Sent: Mittwoch, 17. Juli 2002 23:45 >To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' >Subject: RE: I am having a heck of a time - Please help. -- SOLUTION >FOUND ! > > >David, > >yes I've encountered problems with gcc when building apache as >well. I >don't know what the problem is I always thought it was a >version issue. I >use a gcc-2.8.1 package from FSF, and that works. Perhaps I >should try >compiling a newer version of gcc, and not use the Sunfreeware package. > >thanks for the research info below. > >Regards, >Steve Romero > >At 08:45 AM 7/17/2002 -0700, David Loesche wrote: >>Building Apache with EAPI, DSO enabled, mod_ssl and mm is a >very simple >>task. I do not know why it took so long to figure out. You >simply following >>the instructions in the mod_ssl install documentation (or >other helpful >>documents you can find these all over the web), and your up >and running with >>Apache - EAPI, DSO, mod_ssl, etc. running. >> >>WRONG! Not on Solaris 8. It seems that if you build Apache >on Solaris 2.6 >>with gcc 2.95 all is well. Simply following the instructions >in the mod_ssl >>documentation and your done. But it's another story if you are using >>Solaris 8 (I am not sure about 7 or 9 - I do have time to try >it on these). >>After many hours of frustration and numerous emails I finally >decided to try >>every combination one-by-one to identify which one was the culprit. >> >>Initial environment: >> >>Solaris 8 >>Gcc 3.0.3 >>Apache 1.3.26 >>Mod_ssl-2.8.10-1.3.26 >>mm-1.1.3 >>openssl-0.9.6d >> >>The only way this combination works is with >-enable-rule=SHARED_CORE. This >>option "forces" Apache to export the share symbols so they >are available at >>run time. This takes a 5% performance hit and since the >previous build did >>not have it I assumed I was doing something wrong. So I tried every >>possible build configuration over and over - No change (I had >to use the >>SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the >>previous build version here of Apache). No matter what I did >I could not >>get it to build the same way as the previous version. More >work to do... >> >>2nd shot: >> >>Solaris 8 >>Gcc 2.95.3 >>Apache 1.3.26 >>Mod_ssl-2.8.10-1.3.26 >>mm-1.1.3 >>openssl-0.9.6d >> >>EVENTS AND SOLUTION: >> >>Same as above. More work to do... >> >>Last shot: >> >>Solaris 8 >>Gcc 3.1 >>Apache 1.3.26 >>Mod_ssl-2.8.10-1.3.26 >>mm-1.1.3 >>openssl-0.9.6d >> >>Worked just like all the documentation said it should have >and everyone I >>contacted told me to do (which I had spend over a week >reading and trying >>all these suggestions). As it turns out, either the build from >>sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the >loader module, >>the building of shared libraries, or gcc has an issue. So, >if any of you >>have to do this make sure you have gcc 3.1 or SUN's compiler >(I believe >>SUN's works but did not try it - I guess I'm just stubborn). >> >>Later, >> >> >> >>-Original Message- >>From: David Loesche >>Sent: Monday, July 15, 2002 12:07 PM >>To: '[EMAIL PROTECTED]' >>Subject: RE: I am having a heck of a time - Please help. >> >>I did read the referred document concerning the build phase. >I am intrigued >>by the LD_LIBRARY_PATH suggestion. What would you recommend >I set it to? >> >>-Original Message- >>From: Boyle Owen [mailto:[EMAIL PROTECTED]] >>Sent: Monday, July 15, 2002 12:51 AM >>To: [EMAIL PROTECTED] >>Subject: RE: I am having a heck of a time - Please help. >> >>Could be to do with your version of openssl lib (check it is >reasonably up >>to date) or with your LD_LIBRARY_PATH environment variable.. >> >>Check out >http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html >> >>for a good user's summary. >> >>Rgds, >> >>Owen Boyle >> >> >-Original Message- >> >From: David Loesche [mailto:[EMAIL PROTECTED]] >> >Sent: Freitag, 12. Juli 2002 20:12 >> >To: '[EMAIL PROTECTED]' >> >Subject: I am having a heck of a time - Please help. >> > >> > >> >I have poured through all the documentation I can find on >> >enabling mod_ssl >> >with Apache 1.3.26 but keep coming up short. If I static link >> >the mod_ssl >> >it works fine but when I try to enable DSO and use it as a >> >shared library I >> >keep getting ap_add_config_define : referenced symbol not >> >found. I have the >> >following config setup for the apache build: >> > >> >#!/bin/ksh >> >SSL_BASE=/usr/local/ssl \ >> >EAPI_MM=../mm-1.1.3 \ >> >EAPI_MM_CORE_PATH=logs/httpd.mm \ >> >LIBS=/usr/lib/libC.so.5 \ >> >CFLAGS=-fPIC \ >> >./configure--prefix=/opt/apache \ >> > --enable-rule=EAPI \ >> > --enable-module=ssl \ >> > --enable-shared=ssl \ >> > --disable-rule=SSL_COMP
[HS] Re: Mod_Rewrite - errors what am I doing wrong?
Thu, 18 Jul 2002 14:29:47 +1000 Christopher Welsh <[EMAIL PROTECTED]> wrote: > G'Day, > > Anyone help with this? > > I added rewrite stuff to the virtual host but am getting an error below This list is about mod_ssl, so your mod_rewrite problem is completly out of topic here. And posting tons of lines of configuration is also not a good idea. Just to try to help you out : did you load the module with a LoadModule directive in your httpd.conf ? F. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help. -- SOLUTION FOUND !
David, yes I've encountered problems with gcc when building apache as well. I don't know what the problem is I always thought it was a version issue. I use a gcc-2.8.1 package from FSF, and that works. Perhaps I should try compiling a newer version of gcc, and not use the Sunfreeware package. thanks for the research info below. Regards, Steve Romero At 08:45 AM 7/17/2002 -0700, David Loesche wrote: >Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple >task. I do not know why it took so long to figure out. You simply following >the instructions in the mod_ssl install documentation (or other helpful >documents you can find these all over the web), and your up and running with >Apache - EAPI, DSO, mod_ssl, etc. running. > >WRONG! Not on Solaris 8. It seems that if you build Apache on Solaris 2.6 >with gcc 2.95 all is well. Simply following the instructions in the mod_ssl >documentation and your done. But it's another story if you are using >Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these). >After many hours of frustration and numerous emails I finally decided to try >every combination one-by-one to identify which one was the culprit. > >Initial environment: > >Solaris 8 >Gcc 3.0.3 >Apache 1.3.26 >Mod_ssl-2.8.10-1.3.26 >mm-1.1.3 >openssl-0.9.6d > >The only way this combination works is with -enable-rule=SHARED_CORE. This >option "forces" Apache to export the share symbols so they are available at >run time. This takes a 5% performance hit and since the previous build did >not have it I assumed I was doing something wrong. So I tried every >possible build configuration over and over - No change (I had to use the >SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the >previous build version here of Apache). No matter what I did I could not >get it to build the same way as the previous version. More work to do... > >2nd shot: > >Solaris 8 >Gcc 2.95.3 >Apache 1.3.26 >Mod_ssl-2.8.10-1.3.26 >mm-1.1.3 >openssl-0.9.6d > >EVENTS AND SOLUTION: > >Same as above. More work to do... > >Last shot: > >Solaris 8 >Gcc 3.1 >Apache 1.3.26 >Mod_ssl-2.8.10-1.3.26 >mm-1.1.3 >openssl-0.9.6d > >Worked just like all the documentation said it should have and everyone I >contacted told me to do (which I had spend over a week reading and trying >all these suggestions). As it turns out, either the build from >sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the loader module, >the building of shared libraries, or gcc has an issue. So, if any of you >have to do this make sure you have gcc 3.1 or SUN's compiler (I believe >SUN's works but did not try it - I guess I'm just stubborn). > >Later, > > > >-Original Message- >From: David Loesche >Sent: Monday, July 15, 2002 12:07 PM >To: '[EMAIL PROTECTED]' >Subject: RE: I am having a heck of a time - Please help. > >I did read the referred document concerning the build phase. I am intrigued >by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? > >-Original Message- >From: Boyle Owen [mailto:[EMAIL PROTECTED]] >Sent: Monday, July 15, 2002 12:51 AM >To: [EMAIL PROTECTED] >Subject: RE: I am having a heck of a time - Please help. > >Could be to do with your version of openssl lib (check it is reasonably up >to date) or with your LD_LIBRARY_PATH environment variable.. > >Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html > >for a good user's summary. > >Rgds, > >Owen Boyle > > >-Original Message- > >From: David Loesche [mailto:[EMAIL PROTECTED]] > >Sent: Freitag, 12. Juli 2002 20:12 > >To: '[EMAIL PROTECTED]' > >Subject: I am having a heck of a time - Please help. > > > > > >I have poured through all the documentation I can find on > >enabling mod_ssl > >with Apache 1.3.26 but keep coming up short. If I static link > >the mod_ssl > >it works fine but when I try to enable DSO and use it as a > >shared library I > >keep getting ap_add_config_define : referenced symbol not > >found. I have the > >following config setup for the apache build: > > > >#!/bin/ksh > >SSL_BASE=/usr/local/ssl \ > >EAPI_MM=../mm-1.1.3 \ > >EAPI_MM_CORE_PATH=logs/httpd.mm \ > >LIBS=/usr/lib/libC.so.5 \ > >CFLAGS=-fPIC \ > >./configure--prefix=/opt/apache \ > > --enable-rule=EAPI \ > > --enable-module=ssl \ > > --enable-shared=ssl \ > > --disable-rule=SSL_COMPAT \ > > --enable-rule=SSL_SDBM \ > > --enable-suexec \ > > --suexec-caller=http > > > >I have followed the instructions in the modssl install guide to patch > >Apache. Please verify the following build for mod_ssl: > > > >./configure--with-apache=../apache_1.3.26 \ > > --with-ssl=/usr/local/ssl \ > > --with-mm=../mm-1.1.3 > > > >If you can help (point me to some documentation) I would be > >very grateful... > > > > > >David S. Loesche > >[EMAIL PROTECTED]Yipes