Illegal attempt to re-initialise SSL for server
hi, i'm able to get this error message with the following configuration file fragment put in the global context: CUT HERE -- # ... SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key VirtualHost _default_:* /VirtualHost # ... CUT HERE -- without any VirtualHost diretive apache starts correctly with SSL on every port it listens to. as soon as i insert a VirtualHost directive, even if empty, apache doesn't start and i get the error message in subject. if i put the SSL directive into a VirtualHost everything works as usual. i can reproduce it with different configuration files. any advice? thanks cavok -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 pgp0.pgp Description: PGP signature
HTTPS environment variable is set after .htacces is parsed
hi again, with reference to debian bug report #103609 [1], a debian user states that HTTPS environment variable is still not set during the parsinig of .htacces. i'm quoting the relevant part from that report. - CUT HERE --- This ought to work in .htaccess: order deny,allow deny from all allow from 127.0.0.1 allow from env=HTTPS ... I can see the HTTPS environment variable in the output if I call a cgi script that dumps the environment, so it's there, it's just that somehow at the time that .htaccess is parsed it isn't available to 'allow from env=' statements yet. - CUT HERE --- i reproduced it with apache 1.3.27 and mod_ssl 2.8.12. so, if it is a bug, is still present in most recent versions. any comment? cheers cavok [1] http://bugs.debian.org/103609 -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 pgp0.pgp Description: PGP signature
Re: Illegal attempt to re-initialise SSL for server
On Sat, 1 Mar 2003, Domenico Andreoli wrote: CUT HERE -- # ... SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key VirtualHost _default_:* /VirtualHost # ... CUT HERE -- It ought to look like this: VirtualHost foo:443 SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... /VirtualHost Note that your use of the certificate and key across all virtual hosts, whether by putting it in the server-wide config or by putting it in VirtualHost _default_:*, won't generally work. Your clients will get errors when they try to browse to your site if the hostname doesn't match the one stored in the certificate, for example. You should have a different certificate/key pair for every hostname on which you wish to run SSL. And of course each of those virtual hosts needs to be on a unique IP:port pair--no name-based virtual hosting. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Illegal attempt to re-initialise SSL for server
On Sat, Mar 01, 2003 at 10:59:33AM -0500, Cliff Woolley wrote: It ought to look like this: VirtualHost foo:443 SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... /VirtualHost Note that your use of the certificate and key across all virtual hosts, whether by putting it in the server-wide config or by putting it in VirtualHost _default_:*, won't generally work. Your clients will get errors when they try to browse to your site if the hostname doesn't match the one stored in the certificate, for example. You should have a different certificate/key pair for every hostname on which you wish to run SSL. And of course each of those virtual hosts needs to be on a unique IP:port pair--no name-based virtual hosting. right right. this is not a issue because this configuration has not any sense. many thanks cavok ps: may i quote your message? i'd like to include your reply to who reported the original problem (debian bug report #169083). -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 pgp0.pgp Description: PGP signature
Re: HTTPS environment variable is set after .htacces is parsed
On Sat, Mar 01, 2003 at 11:02:22AM -0500, Cliff Woolley wrote: On Sat, 1 Mar 2003, Domenico Andreoli wrote: order deny,allow deny from all allow from 127.0.0.1 allow from env=HTTPS Why do you need that env var? Use this instead: dunno, bug submitter used it. shouldn't it work anyway? order deny,allow deny from all allow from 127.0.0.1 SSLRequireSSL i'll forward him your answer. thanks cavok -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 pgp0.pgp Description: PGP signature
Re: Illegal attempt to re-initialise SSL for server
On Sat, 1 Mar 2003, Domenico Andreoli wrote: ps: may i quote your message? i'd like to include your reply to who reported the original problem (debian bug report #169083). Sure! It's a public list after all. :) --Cliff - Cliff Woolley Apache HTTP Server Project Apache Software Foundation __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS environment variable is set after .htacces is parsed
On Sat, 1 Mar 2003, Domenico Andreoli wrote: dunno, bug submitter used it. shouldn't it work anyway? Environment variables are, as a rule, set late in the process because the use of them has a relatively large performance penalty. They're really only there for communicating with CGI scripts and the like. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]