RE: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
Hi, I think you just have to change the LogLevel value in your conf/httpd.conf. It seems to be set to error change this to alert or something else (there is some description in conf file). Fred -Original Message- From: Rhys Hopkins [mailto:rhys.hopkins;culver-tec.com] Sent: Thu 10/31/2002 1:09 PM To: '[EMAIL PROTECTED]' Cc: Subject:SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] Hi, I know this has been asked before, and I know I should RTFM, but can anyone point me at the right configuration directives as to how to avoid getting the following errors in my apache log file: -- 31 10:54:08 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Thu Oct 31 10:54:08 2002] [error] System: Broken pipe (errno: 32) -- and -- [Thu Oct 31 10:55:39 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Thu Oct 31 10:55:39 2002] [error] System: Connection reset by peer (errno: 104) -- These occur _extremely_ frequently, and I am pretty sure this is the Internet Explorer Bug where random images, css files etc. fail to load in IE under https, since we have this problem too. I am using Apache 1.3.26, mod_ssl 0.9.6g on Linux 2.2.16-SMP Any help would be greatly appreciated. Rhys. winmail.dat
SSL_engine_init for crypto accelerator, etc ... (OpenSSL ENGINE)
Title: SSL_engine_init for crypto accelerator, etc ... (OpenSSL ENGINE) Hi all, A few month ago i submit a patch for mod-ssl for apache 1.3.x to enable use of OpenSSL ENGINE random functionnality. I also see a patch in the cvs mailing list for this a few weeks ago. ;) (some subtil change) What about apache 2.0.x ? Should a submit a patch ? I was thinking that apache-2.0.x was an apache 1.3.x (with some change of course) but with mod-ssl module in it. Regards Fred
RE: No such module 'ssl'
Hi, I've never try this way to configure ssl with apache ! Usually i use something like this : ./configure --prefix=/path/to/pache_install \ --with-apache=/path/to/apache_src \ --with-ssl=/path/to/openssl_src ... and it works fine. I think you should try --with-ssl option. regards Fred -Original Message- From: Alex Kirk [mailto:[EMAIL PROTECTED]] Sent: Wed 09/04/2002 8:01 PM To: [EMAIL PROTECTED] Cc: Subject:No such module 'ssl' Since my question about MAGIC_COOKIE_EAPI was never answered, I'm coming back at the same general problem from a different angle. I'm still trying to compile Apache 1.3.26 with Mod_SSL 2.8.10. Following the instructions, I've successfully compiled OpenSSL 0.9.6g; however, I didn't fully put it onto my system, it's currently living in /home/packages/openssl-0.9.6g. Next, I configured mod_ssl with that location of OpenSSL; it had no problems. However, when I try to configure Apache with this line: SSL_BASE=/home/packages/openssl-0.9.6g/ ./configure --enable-module=ssl --prefix=/usr/local/apache/ --enable-module=so --activate-module=src/modules/perl/libperl.a --activate-module=src/modules/php4/libphp4.a I get an immediate error of configure:Error: No such module named 'ssl'. This would seem to be something pretty obvious/basic. What might I be doing wrong here? Alex Kirk __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] winmail.dat
RE: RAND function using OpenSSL 0.9.7 (A Solution)
Hi,
I've tested it with Apache-2.0.39 using openssl-0.9.7-beta2, on linux Mdk-8.0.
kernel 2.4.3-20mdk
gcc version 2.96
And initializing engine before library enable rand redirection.
That works fine for me.
file: modules/ssl/ssl_engine_init.c
Regards,
Fred
-Original Message-
From: Cliff Woolley [mailto:[EMAIL PROTECTED]]
Sent: Mon 07/15/2002 10:22 PM
To: [EMAIL PROTECTED]
Cc:
Subject:Re: RAND function using OpenSSL 0.9.7 (A Solution)
On Mon, 15 Jul 2002, Geoff Thorpe wrote:
I change a function call and it works fine now. I do not know if this is
the real way to solve my problem but this provide a solution.
In file pkg.modssl/ssl_engine_int.c:
move ssl_init_Engine(s, p); function call before
ssl_init_SSLLibrary(); function call instead of after.
In fact if you want to use ENGINE default functionnalities you muste set
ENGINE before everything.
That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must
be seeding the PRNG, and thus initialising the set-on-first-use pointer in
openssl to a default RAND_METHOD. Do you want to post a patch to the list?
Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.
--Cliff
Index: ssl_engine_init.c
===
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.102
diff -u -d -r1.102 ssl_engine_init.c
--- ssl_engine_init.c 8 Jul 2002 17:43:33 - 1.102
+++ ssl_engine_init.c 15 Jul 2002 20:22:13 -
@@ -266,6 +266,11 @@
}
+#ifdef SSL_EXPERIMENTAL_ENGINE
+/* SSL external crypto device (engine) support */
+ssl_init_Engine(base_server, p);
+#endif
+
ssl_init_SSLLibrary(base_server);
#if APR_HAS_THREADS
@@ -290,13 +295,6 @@
if (ssl_tmp_keys_init(base_server)) {
return !OK;
}
-
-/*
- * SSL external crypto device (engine) support
- */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-ssl_init_Engine(base_server, p);
-#endif
/*
* initialize the mutex handling
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
winmail.dat
[PATCH]
Title: [PATCH] Hi all, I Geoff suggest it i post a diff file for OpenSSL ENGINE RAND_METHOD setting. (diff -urN ...) this is for mod_ssl-2.8.10-1.3.26 tarballs. Geoff comment: ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use pointer in openssl to a default RAND_METHOD. Cause i'm not working with modssl CVS it's just a diff beetween two directories (mod_ssl-xxx-orig the original one and mod_ssl-xxx the corrected one). The has been successfully tested for older version of mod_ssl with older apache. The oldest i test is for apache-1.3.20. Nothing has been tryed or tested under apache-2.0.x. reghards Fred mod_ssl-2.8.10-1.3.26.diff Description: mod_ssl-2.8.10-1.3.26.diff
RAND function using OpenSSL 0.9.7
Title: RAND function using OpenSSL 0.9.7 Hi all, I try using OpenSSL0.9.7 with a crypto accelerator and it works fine for asymetric and symetric stuff, but it fails when trying to use ENGINE random (rand engine is not used, everything is done with classic software random). Has someone solve this problem? Regards Fred
RAND function using OpenSSL 0.9.7 (A Solution)
Title: RAND function using OpenSSL 0.9.7 (A Solution) Hi All, I change a function call and it works fine now. I do not know if this is the real way to solve my problem but this provide a solution. In file pkg.modssl/ssl_engine_int.c: move ssl_init_Engine(s, p); function call before ssl_init_SSLLibrary(); function call instead of after. In fact if you want to use ENGINE default functionnalities you muste set ENGINE before everything. Regards Fred
Some help
Title: Some help Hi All, I quite new to mod-ssl and apache 2.0.x, so i have a few question. With Apache 1.3.x, i was use to call openssl engine througth mod-ssl, with some compilation condition (--enable-rule=SSL_ExPERIMENTAL), and http.conf modification (SSLCryptoDevice ...). My problem comes with new Apache 2.0.x! Am i right if i try to compile mod-ssl with the same rule adding --enable-rule=SSL_ExPERIMENTAL when doing ./configure for apache? If i do not misundersand, we can have compilation directive for module (as mod-ssl) from apache configuration script? Should i be able to use an openssl engine using the same SSLCryptoDevice ...? Thanks in advance. Regards Fred
