I just installed the newest version of openssl and recompiled mm, mod_ssl,
mod_perl, and apache. Now when I start apache I get an error from my
httpd.conf file about the SSLSessionCache option. The error is:
SSLSessionCache: shared memory cache not useable on this platform
Well, it was with openssl 0.9.6c. I didn't do anything different in my
installation steps which were:
install openssl
configure mm with disable-shared
make
configure mod_ssl --with-apache=../apache_1.3.26
install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)
set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1
configure and install apache:
./configure --enable-module=proxy --enable-module=so
--activate-module=src/modules/perl/libperl.a --enable-module=perl
--enable-rule=SHARED_CORE --enable-module=ssl
make
make certificate
make install
Without the shared option in the config file, apache starts just fine, but
it won't work with:
SSLSessionCacheshm:/usr/local/apache/logs/ssl/ssl_scache(512000)
It worked before.
What did I break?
Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its
On Wed, 31 Jul 2002, Matt Nelson wrote:
At 06:02 PM 7/31/2002 +0200, you wrote:
See comments,
Ditto,
Rgds,
Owen Boyle
-Original Message-
From: Matt Nelson [mailto:[EMAIL PROTECTED]]
Sent: Mittwoch, 31. Juli 2002 17:01
To: [EMAIL PROTECTED]
Subject: RE: Error message help
Well I may have figured this out, https is now running, cert
was in the wrong place,
..or your SSLCertificateFile directive was pointing to the wrong place :-)
Yup, but dang I was confused on where it went. Everything I've read said
put it somewhere different. Error logs are you friends.
...but https returns the default web page for the apache
installation, instead of the real site, which does come up with just
http. I think I can figure that out, but if anyone has pointer
thanks, and thanks for suffering my dumb questions.
Check out your DocumentRoot directive in the SSL virtual host - there
should only be one. If there is more than one, apache will use the last
one... It is this directive which tells apache where to fetch the content.
Yeah I found that right after I wrote that.
--
Matt
At 09:36 AM 7/31/2002 -0500, you wrote:
At 03:56 PM 7/31/2002 +0200, you wrote:
From: Matt Nelson [mailto:[EMAIL PROTECTED]]
Now, the error I'm getting now that I can't seem to find any
help on, in
the error_log is:
OpenSSL: error:0D06B078:asn1 encoding
routines:ASN1_get_object:header
too long
Unusual.. Do you see anything in the browser? Also:
- What versions of apache, mod_ssl, openssl?
Apache 1.3.22
OpenSSL 0.9.6
mod_ssl 1.4
Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl
2.8.10. That's teh latest mix, also pay attention to the security advisory
that was posted to the list today.
I'll do that.
- Static or DSO?
When you compiled apache, did you statically compile in mod_ssl (i.e.
--enable-module=ssl) so that the mod_ssl binary gets munged in with the
apache binary to produce a big binary *or* did you compile mod_ssl as a
shared object which would be loaded dynamically at runtime (DSO = Dynamic
Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much
difference when they're working, but since yours was not working, I
thought I'd ask.
I didn't compile, I used everything stock from the Caldera 3.11 server
install. A bad idea now I know, if I'd done it on my own or recompiled, I'd
know which it was, among other things.
I'll be honest and say I don't quite understand that
question. I'm way
more new at this what I wished. I could probably answer that
question, if
asked in different terms.
- What browser?
IE, Mozilla, you name it.
Just in case it was a funny browser - SSL is as much to do with the client
as it is to do with the server so it is essential to verify any problems
with several browsers. But you've already done that.
Yeah... See I do try, I hate being a clueless newbie, or at least acting
like one. I always try to cover the bases myself, so I don't get RTFM
responses. I'm sure I'll have some other questions, though, and soon.
Thanks much
--
Matt
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]