RE: cgi-bin broken lock
Is any content on the page non-secure? (i.e. all img tags have to be https too). Rgds, Owen Boyle -Original Message- From: Jan Cohen [mailto:[EMAIL PROTECTED]] Sent: Montag, 10. Februar 2003 03:50 To: [EMAIL PROTECTED] Subject: cgi-bin broken lock Hi all, I've got ssl up and running on a test page that calls a script in cgi-bin. Lock is there, everything works. When I parse the info from that page to a script in the cgi-bin, that script creates the https page and some of the ssl functionality seems to work (at least the page is being created). Unfortunately, the script creates a page with a broken lock and I can't figure out why. I don't have access to the httpd.conf, but my host tells me ssl is enabled for the root dn, and that the cgi-bin was added to the ssl section of the httpd.conf. Would anyone have some suggestions I might be able to check out? Thanks for your help, Jan Cohen __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Problems compiling mod_ssl with apache 2.0.44
-Original Message- From: Geoff Thorpe [mailto:[EMAIL PROTECTED]] Sent: 08 February 2003 18:08 To: [EMAIL PROTECTED] Subject: Re: Problems compiling mod_ssl with apache 2.0.44 * Sasa STUPAR ([EMAIL PROTECTED]) wrote: Ok, I have found the problem. If you want to have files in the same directories as original instalation of RH8 you have to use ./config --prefix=/usr. Sorry for that confusion. It is the distribution which is strange. Phew, I was starting to wonder what I was missing here :-) As I mentioned originally, using /usr/include as an installation prefix doesn't make sense because it will create the standard {include,bin,man} tree beneath that and install. Hence /usr or /usr/local make more sense. Also, especially on package management systems like RH, you're better not to simply install *over* existing files, particularly as a newer version of openssl may have removed headers that were in a previous version, so the old ones will end up mixed up with the new ones. And of course if a bug-fix release is made by RH to the older version, eg. 0.9.6x, that could seriously screw things up if you'd installed 0.9.7 over the top. It could also totally mangle your system's RPM database, and various other carnage is possible. The solution is to either grapple with RH's dependencies to try and build a replacement openssl RPM from source to upgrade to (which many will tell you is an only slightly less difficult problem than the alchemy of gold itself) or to install openssl elsewhere and make sure your system paths are organised appropriately. Eg. you could use /usr/local or /opt as a place to manually install packages such as a newer openssl, and make sure that the bin subdirectory is earlier in PATH than /usr/bin, ditto for the lib subdirectory in /etc/ld.so.conf, the man subdirectory in /etc/man.config, and so on ... Actually, it shouldn't make any difference to the installed RPM of openssl-0.9.6b, provided that /usr/bin/openssl isn't overwritten. The quickest way to check is with rpm -V openssl, which should return no response. All your other points above are valid though. It is probably best though to put newer stuff for Red Hat under /usr/local so you don't break anything installed. Now, upgrading openssl-0.9.6 on a Red Hat box (7.0-8.0 inclusive) will screw things up bigtime (see the specific section in the openssl FAQ). If there's sufficient demand I'll make up an openssl 0.9.7 RPM for RedHat users. So far no-one has asked... - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Am I the only person in the UK who finds it strange that our Prime Minister complains of Human Rights abuses around the world, yet wishes to opt out of the European Convention of Human Rights? - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Compiling mod_ssl as a DSO for Apache 1.3.12
Hi List Users I am trying to compile Apache with mod_ssl as a DSO, I'm using a relatively old version of Apache software as this particular version functions without errors on the system. The software versions are listed below Solaris 2.6 Apache 1.3.12 Modssl 2.6.6 I have read numerous articles on the internet concerning this procedure and have followed all the necessary steps, this has taken about a week and I still cannot get Apache to start without error when I use the apachectl startssl command. 1) I compile openssl 0.9.6b as follows a. make clean b. make test c. make build-shared This creates libssl.so, libssl.so.0 and libssl.so.0.9.6 2) I configure mod-ssl as follows a. ./configure \ --with-apache =/home/simon/apache_1.3.12 \ --with-ssl =/home/simon/Openssl_0.9.6b/openssl_0.9.6b \ --prefix =/home/simon/Apache12SO \ --enable-module=ssl 3) I compile Apache a. make b. make certificate c. make install I obtain the following errors A) Using the version of libssl.so created by compiling Apache, this is smaller than the libssl.so.0.9.6 created by modssl, and when loaded complains of unresolved symbols bash-2.02$ apachectl startssl Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1 : /home/simon/Apache12SO/bin/httpd: fatal: relocation error: file :/home/simon/Apache12SO/libexec/libssl.so: symbol ap_user_id: referenced symbol not :found .//apachectl startssl: httpd could not be started B) Removing /usr/local/ssl/libfrom LD_LIBRARY_PATH bash-2.02$ echo $LD_LIBRARY_PATH /home/simon/Apache12SO/libexec:/usr/X/lib:/usr/openwin/lib:/usr/dt/lib:/oracle/oracle816/lib:/opt/ALCHTS/j2sdk1_3_1_01/lib:/usr/java1.1/lib: /opt/htuser/ALCHTS/bin/openldap/lib:/opt/htuser/ALCHTS/bin/apache/libexec:/usr/ucblib:/oracle/oracle816/jre/1.1.8/lib bash-2.02$ apachectl startssl Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: libcrypto.so.0.9.6: open failed: No such file or directory .//apachectl startssl: httpd could not be started __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Compiling mod_ssl as a DSO
Hi List Users I am trying to configure Apache to run with ModSSL as a DSO. I am using relatively old versions of software as this particular version of Apache functions on the system. The software versions are as follows Apache 1.3.12 Openssl_0.9.6b Modssl_2.6.6 I have read numerous articles both from the list forum and from articles found from internet searches. I have tried many options to configure Apache to run with SSL as a DSO over a period of a week and to date have not been successful. I have listed the errors I obtain and the steps I follow to compile Apache. I would be most grateful for any advice which may lead to the resolution of this problem. 1) Compile OpenSSL 0.9.6b as a shared object as follows a. make clean b. make test c. make build-shared 2) ./configure \ --enable-module=so --with-apache=/home/sxxx/apache_1.3.12 \ --with-ssl=/home/simon/Openssl-0.9.6b/openssl-0.9.6b \ --prefix=/home/simon/Apache12SO \ --enable-module=ssl 3) cd /home/sxxx/apache_1.3.12 make make certificate make install 4) The entry in the httpd.conf file is as follows IfDefine SSL LoadModule ssl_module libexec/libssl.so /IfDefine * This is the first error I obtain hometop1% apachectl startssl Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or directory .//apachectl startssl: httpd could not be started This is resolved by setting the LD_LIBRARY_PATH variable to /usr/local/ssl/lib bash-2.02$ export LD_LIBRARY_PATH:/usr/local/ssl/lib:$LD_LIBRARY_PATH * This is the next error I obtain after having set the LD_LIBRARY_PATH variable to bash-2.02$ apachectl startssl Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1 : /home/simon/Apache12SO/bin/httpd: fatal: relocation error: file :/home/simon/Apache12SO/libexec/libssl.so: symbol ap_user_id: referenced symbol not :found .//apachectl startssl: httpd could not be started The next step I tried was * To directly copy libssl.so from Openssl to libexec using libssl.so from Openssl * To set the library path to point to /home/simon/Apache12SO/libexec only bash-2.02$ pwd /reserv/home/simon/Apache12SO/libexec bash-2.02$ ls -lisa total 2472 1188792 drwxr-xr-x 2 simonhtgroup 512 Feb 10 09:03 . 4206942 drwxrwxr-x 12 simonhtgroup 512 Feb 6 16:43 .. 118881 16 -rw-r--r-- 1 simonhtgroup 8153 Feb 7 10:57 httpd.exp 1188932 lrwxrwxrwx 1 simonhtgroup 11 Feb 10 09:03 libssl.so - libssl.so.0 112 lrwxrwxrwx 1 simonhtgroup 15 Feb 10 09:03 libssl.so.0 - libssl.so.0.9.6 118886 1920 -rwxrwxr-x 1 simonhtgroup 970983 Feb 7 12:45 libssl.so.0.9.6 118890 528 -rwxr-xr-x 1 simonhtgroup 256259 Feb 7 10:57 libssl.so.old This didn't work either and generated the following error, I notice that the file libssl.so.old generated when Apache was compiled is considerably smaller than the file libssl.so.0.9.6 copied from OpenSSL Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Can't locate API module structure `ssl_module' in file /home/simon/Apache12SO/libexec/libssl.so: ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: ssl_module: can't find symbol .//apachectl startssl: httpd could not be started regards Simon Donally __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Compiling mod_ssl as a DSO
Just to get things clear, openSSL is a library of functions which is used by (among other things) mod_ssl. So mod_ssl needs to know about openSSL but openSSL doesn't care which application is using it. Your installation paths are a bit idiosyncratic, which is OK as long as you have a clear idea about how everything is inter-related. I was a bit confused reading your posting so I'm suspecting apache is too. Generally, you should proceed as follows (if any of this strikes you as odd, then that might be the problem): - Install openSSL in /path/to/ssl - set SSL_BASE = /path/to/ssl - set LD_RUN_PATH = /usr/lib:/usr/local/lib:/path/to/ssl/lib (this avoids using LD_LIBRARY_PATH) - Unpack apache tar file in (e.g.) /tmp/apache - Unpack mod_ssl tar file in (e.g. /tmp/mod_ssl - in /tmp/mod_ssl, run ./configure --with-apache=/tmp/apache (this patches apache sources) - in /tmp/apache, run ./configure --prefix=/path/to/apache \ --enable-module=so \ --enable-shared=ssl \ --enable-module=ssl - make, make install This should leave libssl.so in /path/to/apache/libexec and /path/to/apache/bin/httpd should start without $LD_LIBRARY_PATH being set. Rgds, Owen Boyle PS - your versions are ancient... Are you sure the latest versions won't work? On the other hand, your versions are so old that -Original Message- From: Simon Donally [mailto:[EMAIL PROTECTED]] Sent: Montag, 10. Februar 2003 13:09 To: [EMAIL PROTECTED] Subject: Compiling mod_ssl as a DSO Hi List Users I am trying to configure Apache to run with ModSSL as a DSO. I am using relatively old versions of software as this particular version of Apache functions on the system. The software versions are as follows Apache 1.3.12 Openssl_0.9.6b Modssl_2.6.6 I have read numerous articles both from the list forum and from articles found from internet searches. I have tried many options to configure Apache to run with SSL as a DSO over a period of a week and to date have not been successful. I have listed the errors I obtain and the steps I follow to compile Apache. I would be most grateful for any advice which may lead to the resolution of this problem. 1) Compile OpenSSL 0.9.6b as a shared object as follows a. make clean b. make test c. make build-shared 2) ./configure \ --enable-module=so --with-apache=/home/sxxx/apache_1.3.12 \ --with-ssl=/home/simon/Openssl-0.9.6b/openssl-0.9.6b \ --prefix=/home/simon/Apache12SO \ --enable-module=ssl 3) cd /home/sxxx/apache_1.3.12 make make certificate make install 4) The entry in the httpd.conf file is as follows IfDefine SSL LoadModule ssl_module libexec/libssl.so /IfDefine * This is the first error I obtain hometop1% apachectl startssl Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or directory .//apachectl startssl: httpd could not be started This is resolved by setting the LD_LIBRARY_PATH variable to /usr/local/ssl/lib bash-2.02$ export LD_LIBRARY_PATH:/usr/local/ssl/lib:$LD_LIBRARY_PATH * This is the next error I obtain after having set the LD_LIBRARY_PATH variable to bash-2.02$ apachectl startssl Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf: Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1 : /home/simon/Apache12SO/bin/httpd: fatal: relocation error: file /home/simon/Apache12SO/libexec/libssl.so: symbol ap_user_id: referenced symbol not found .//apachectl startssl: httpd could not be started The next step I tried was * To directly copy libssl.so from Openssl to libexec using libssl.so from Openssl * To set the library path to point to /home/simon/Apache12SO/libexec only bash-2.02$ pwd /reserv/home/simon/Apache12SO/libexec bash-2.02$ ls -lisa total 2472 1188792 drwxr-xr-x 2 simonhtgroup 512 Feb 10 09:03 . 4206942 drwxrwxr-x 12 simonhtgroup 512 Feb 6 16:43 .. 118881 16 -rw-r--r-- 1 simonhtgroup 8153 Feb 7 10:57 httpd.exp 1188932 lrwxrwxrwx 1 simonhtgroup 11 Feb 10 09:03 libssl.so - libssl.so.0 112 lrwxrwxrwx 1 simonhtgroup 15 Feb 10 09:03 libssl.so.0 - libssl.so.0.9.6 118886 1920 -rwxrwxr-x 1 simonhtgroup 970983 Feb 7 12:45 libssl.so.0.9.6 118890 528 -rwxr-xr-x 1 simonhtgroup 256259 Feb 7 10:57 libssl.so.old This didn't work either and generated the following error, I notice that the file libssl.so.old generated when Apache was compiled is