Réf. : RE: Problem with ssl
Hi Fred, That's exactly what I meant by patched (as we may consider that mod_ssl is not more than a patch applied to Apache source to modify it. I just keep getting that error. Please, help if you can. Thanx Frederic DONNAT frederic.donnat@z Pour : [EMAIL PROTECTED] encod.com cc : Objet : RE: Problem with ssl 23/07/2002 18:45 Hi Abdel What do you mean by patched? The classic way is : [root]# cd mod_ssl-2.8.10-1.3.26 [root]# ./configure --prefix=/path_where_to_install_apache \ --with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src [root]# cd /path_to_apache_src [root]# make [root]# make install That's for a dynamic build. Type the following command line before for a static one: export LDFLAGS=-ldl Be sure to have the rigth openssl installed. Hope it will help Fred -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tue 07/23/2002 5:06 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Problem with ssl *Hi all I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache 1.3.26 mod_ssl-2.8.10-1.3.26 I just keep getting an error on line 76 of the mod_ssl.c while compiling apache (patched with mod_ssl) which is : -- * identify the module to SCCS `what' and RCS `ident' commands */ static char const sccsid[] = @(#) mod_ssl/ MOD_SSL_VERSION ; static char const rcsid[] = $Id: mod_ssl/ MOD_SSL_VERSION $; -- Just followed many procedures and the error remain the same. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http to https forward
On Wed, Jul 24, 2002 at 05:45:15PM -0500, David Iungerich wrote: Thanks Daniel. What all is needed as adjustments to my conf file? As I understood it, there was an issue with Apach taking an http POST reqest and encrypting it with a given cert, then sending it along via https. If you could tell me exactly what I need version-wise and what to add/change in a standard conf file, I'd greatly appreciate it. I am not sure I understand what you mean with encrypting it with a given cert. I am guessing it means that your client must present a specific client certificate to the remote server. This SSL functionality was present in mod_ssl versions for 1.3 if you compiled with SSL_EXPERIMENTAL flag, but was not working very well. Apache 2.0 includes robust support for that functionality (thanks to Doug MacEachern of mod_perl fame) and I recommend you use that. The directive you want is SSLProxyMachineCertificateFile, for specifying the client certificate(s) to present to the remote server. It is not documented currently on the Apache project, but take a look at : http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfigure.php#1138492 Hope it helps Daniel -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez Sent: Wednesday, July 24, 2002 4:30 PM To: [EMAIL PROTECTED] Subject: Re: http to https forward yes, that is correct. I meant http to https. So, there is no way to do this with existing mods? I have to use something else? Java or Python program? Anyone already have anything? You can already do it with Apache 2, and I am pretty sure you can do it with Apache 1.3 too. The directives are just not documented, I am working on a patch for the docs. But you are able to do SSLProxyEngine on ProxyPass / https://some.host.com And you can also use other SSLProxy* directives like SSLProxyVerify, etc. Daniel -- Teach Yourself Apache 2 -- http://apacheworld.org/ty24/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http to https forward
Quoting David Iungerich [EMAIL PROTECTED]: I need to implement Apache as an https to http forwarder. I belive I need to use ProxyPass or Redirect, but am having difficulty figuring out the correct configuration. Just to clarify, I think you mean http to https forwarder, as in your subject; Apache forwards https to http without any problems. But for http to https, your problem isn't configuration; Apache+mod_ssl doesn't have the code for initiation of HTTPS connections. I've looked! Everybody told me it wouldn't work, I didn't believe them, I couldn't make it work, I read the code, it's not there! The only product I know of that might be able to do this is IBM EdgeServer, and possibly Netscape. Have to say I don't like EdgeServer and I have no experience of Netscape. Is there no-one around who'd like to code this? There are quite a few people who want to use Apache to initiate HTTPS connections. I don't have the time / coding skills. Um, no, you can already do it SSLProxyEngine on ProxyPass / https://some.other.host Daniel -- Teach Yourself Apache 2 -- http://apacheworld.org/ty24/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: http to https forward
Quoting David Iungerich [EMAIL PROTECTED]: yes, that is correct. I meant http to https. So, there is no way to do this with existing mods? I have to use something else? Java or Python program? Anyone already have anything? I couldn't find anything to do this besides the two proprietary programs I mentioned before. My impression is this is a big hole in the open-source toolkit, and proprietary software is going to fill it if someone more capable than me doesn't fix things... I see this sort of thing being a requirement for more and more big companies who have established functional ecommerce infrastructures but need to start worrying about security for all sorts of reasons including regulatory requirements (especially secure comms between internal networks and DMZ). I'm not saying there's any law requiring specifically this but big financial companies are legally bound to protect data and they like to cover their bottoms. I searched Freshmeat and Sourceforge. I found things that you can wrap http servers in to make them look like https servers to the outside world but that is the opposite of what you (and I) want to achieve. -- Web: http://sydb.dyndns.org ICQ: 152392113 (New to ICQ? http://www.mirabilis.com) IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]