Apache 1.3.29 and 2.0.48 with SSL binaries for Windows
I have just finished building the new Apache binaries for Windows. Apache 1.3.29 with mod_ssl and openssl Apache 2.0.48 with mod_ssl (built-in), openssl and zlib Only the newest files can be found here... http://hunter.campbus.com/ MD5's, and all previous builds can be found here... http://tor.ath.cx/~hunter/apache/ In addition to OpenSSL (made with MASM) I also added zlib to build mod_deflate.so in Apache 2.0.47-48 for those who are interested in using it - it is not configured, just like the mod_ssl.so. Note: some configuration is required. I build to c:\apache so if you use the same directory your configuration effort will be less, unless of course you are upgrading. Be careful though, Apache 1.3.xx conf is different from Apache 2.0.xx, and very early versions of Apache2 had differences with the latest versions. To install Apache (2.0.xx), follow these simple steps. (Apache 1.3.xx is similar but different) 1. create a directory (c:\apache) or if you are upgrading, save your httpd.conf or it could be overwritten. 2. unzip the binaries into this directory - make certain you created the sub-dirs. 3. go to the conf directory and edit httpd.conf or replace the httpd.conf with the one you saved. 4. go to the 'bin' directory in a console. Type the following commands: - if you are already installed, type 'apache -k uninstall' - then type 'apache -k install' - then type 'apache -k start' Check the error logs if it fails to start, but some configuration errors will be displayed in your console. Apache also logs to the event log. If you detect flaws in the build please email me so that I can fix them as soon as possible. I don't use these binaries so I need you to tell me if there is something wrong with them. I build a branded version in my workplace and use Apache2 on Debian/GNU Linux at home. Configuration questions should be directed to the list after reading the documentation and searching the list archives - let everyone benefit from the answers you get. Chris Lewis __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: 0.9.7a problems
On Wed, 2003-03-26 at 05:32, Edwin Cleton wrote: If you were a woman I'd kiss you! this works like before, no more crashes or errors like these: [Tue Mar 25 15:37:01 2003] [error] mod_ssl: SSL handshake failed (server 10.1.1.28:443, client 10.1.1.28) (OpenSSL library error follows) [Tue Mar 25 15:37:01 2003] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac There is definately something wrong in openssl 0.9.7a, or, mod_ssl 2.8.14 is trying to call 0.9.6 functions which are different/don't exist in 0.9.7 Tnx! Sincerely, Edwin Cleton On 26 Mar 2003 04:25 , hunter [EMAIL PROTECTED] sent: On Wed, 2003-03-26 at 03:31, Edwin Cleton wrote: Hunter, Could you possibly compile a version with openssl 0.9.6i ? (apache 1.3.27, mod_ssl 2.8.14 and openssl 0.9.6i, win32, and the openssl dll files) I am having mayor problems with 0.9.7a under windows including problems with stunnel dos and windows version. Sincerely, Edwin Cleton [EMAIL PROTECTED] - Technical Support Engineer Edwin, Done... http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.14-Openssl_0.9.6i-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6i-Win32.zip Let me know how you make out with these... Chris Edwin, I am happy that this has helped. I have cc'd the mod_ssl list so that perhaps someone can look into it. I am not involved with the developers of the code. I only build the Windows binaries for people. Chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Versions of openssl and modssl to be used.
On Mon, 2003-03-24 at 22:50, kulkarni veena wrote: Hi, I would like to know the correct versions of OpenSSL and ModSSL to be used with Apache 1.3.22 on SunOS operating system. Thanks in advance. Veena __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Veena, This does not directly address your question... sorry. But... Using versions less than the most current involves a risk, since most of the new versions contain security patches, not just enhancements. The following are the latest version numbers. Apache 1.3.27 Mod_SSL 2.8.14 Openssl 0.9.7a I would strongly advise that you not use Apache 1.3.22, but since I have no experience with SunOS I do not know what issues may exist for the latest Apache and your OS. Perhaps someone with more experienced will comment as well. Chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: DoS attack on mod_ssl 2.8.12 ??
On Thu, 2002-12-19 at 11:03, Sergey Strakhov wrote: Hello, We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl 2.8.12 + openssl 0.9.6g running on Windows 2000. It is a sort of DoS attack that makes our web site totally inaccessible. One of those attacks was captured with Ethereal. The dump is attached. As you can see, the attack is accomplished through both HTTP (80) and HTTPS (443) ports. First, the connection is opened to the HTTP port and a malformed HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port (probably with an intention to produce a crash described in http://www.cert.org/advisories/CA-2002-27.html or just to determine the host's Server version). The server responds with HTTP/1.1 400 Bad request and closes the connection. After that the attacker starts opening connections to the HTTPS port. One of them is used to send SSLv2 Client Hello request. From this point the web server starts rejecting all incoming connections and the web site stops responding on both HTTP and HTTPS ports. The error log usually contains records like: [..time..] [error] [client ..] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [..time..] [error] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting Is this problem related to mod_ssl anyhow? Do you expect any fix for this problem soon? Regards P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10. Your code is very much out of date ... it is exploitable and DOSable I saw many people in the summer describe similar reports as yours, prompting me to build Apache binaries for many of those that were suffering. You cannot continue to run with openssl 0.9.6g -- openssl 0.9.6h is the current version. My advice is do not waste your time trying to understand it. You can get reliable up-to-date binaries from me ;) Other people are downloading the binaries as well. http://hunter.campbus.com/ Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6h-Win32.zip http://hunter.campbus.com/Openssl-0.9.6h-Win32.zip http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6h-Win32.zip You can also get them from my server ... md5's are avaialble from my server as well. http://tor.ath.cx/~hunter/ Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6h-Win32.zip http://tor.ath.cx/~hunter/Openssl-0.9.6h-Win32.zip http://tor.ath.cx/~hunter/Apache_2.0.43-OpenSSL_0.9.6h-Win32.zip You are welcome to contac me directly h u n t e r @ t o r . a t h . c x If you need instructions on how to rebuild the code, I have to look for them - they are messy (for Apache2) and can be found in the archives - search for 'apache hunter masm' -- apache 1.3.27 is easy to build let me know if you need help. hunter __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: dian_stmik@yahoo.com
rc4_enc.c cl /Fotmp32dll\rc5_enc.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 / Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /F dout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rc5\rc5_enc.c rc5_enc.c cl /Fotmp32dll\bf_enc.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /O b2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fd out32dll /GD -D_WINDLL -D_DLL -c .\crypto\bf\bf_enc.c bf_enc.c cl /Fotmp32dll\c_enc.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob 2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdo ut32dll /GD -D_WINDLL -D_DLL -c .\crypto\cast\c_enc.c c_enc.c cl /Fotmp32dll\bn_asm.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /O b2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fd out32dll /GD -D_WINDLL -D_DLL -c .\crypto\bn\bn_asm.c bn_asm.c link /nologo /subsystem:console /machine:I386 /opt:ref /dll /out:out32dl l\libeay32.dll /def:ms/LIBEAY32.def @D:\Temp\nma01212. Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp md5_dgst.obj : error LNK2001: unresolved external symbol _md5_block_asm_host_ord er sha1dgst.obj : error LNK2001: unresolved external symbol _sha1_block_asm_data_or der sha1dgst.obj : error LNK2001: unresolved external symbol _sha1_block_asm_host_or der rmd_dgst.obj : error LNK2001: unresolved external symbol _ripemd160_block_asm_ho st_order out32dll\libeay32.dll : fatal error LNK1120: 4 unresolved externals NMAKE : fatal error U1077: 'link' : return code '0x460' Stop. 2002.12.09 8.21.53.77 [D:\work\openssl] I may have provided enough clues for you to continue on your own -- if not then you will have to ask questions with more detail. -hunter __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Win32 Binary Builds
On Tue, 2002-11-26 at 15:15, Paul Christmann wrote: I'm just installing my first Apache server on a W2K box, and I'd like to include SSL support. From browsing this newsgroup and reading the apache docs, it appears that the following statements are true (please correct me if I'm wrong): 1. mod_ssl source is now bundled in Apache 2.X true 2. No binary version of Apache 2.X is available with mod_ssl support. true (sort of ... but) I am providing binaries (preferred) http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip or (limited bandwidth) http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip 3. Compiling Apache source requires MSVC 5 false - I do not want to split hairs but it is built with MSVC 6 Also, I think Apache can be built with Cygwin and Mingw32 but I have not done either yet. I have Mingw32 compiling simple Win32 applications on my Debian Linux box and will be trying eventually to build the Apache binaries from Linux (cross-compile). Currently I use MSVC 6, MASM, Cygwin(Bison,Flex,Awk), and Perl to build Apache. Where I am employed I distribute as many as 20,000 Apaches - my Win32 binaries - they are compiled with SSL but not configured to use it. I've found several links (thanks primarily to hunter for links and instructions) to downloading SSL executables built for Windows, and am starting to play with them. But I am left with two questions: 1. Why isn't there an Apache 2.X binary distribution with SSL? As best I can tell, there is an issue with export laws. But why doesn't that same issue apply to non-windows builds? There is some uncertainty I suppose about the export laws, like you say. I do not know why this does not apply to non-windows. 2. I don't have (nor do I want to purchase) a MS license. Without that, is there any way I can compile Apache 2.X? (I have and use cygwin's gcc and make if that matters) When I updated my Cygwin I think there was the opportunity to get the source and build Apache. I did not do it that way since I have all of the other tools. I think you should give both Mingw32 and Cygwin another look. Thanks, Paul Christmann hunter __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.27 win32.zip
lau bella wrote: Hi, Instead of downloading tar.gz format, where can I download Apache 1.3.27 with mod_ssl 2.8.12 in win32 zip format ? *Do You Yahoo!?* Get your free @yahoo.com.hk address at Yahoo! Mail http://mail.english.yahoo.com.hk/. If you are only after binaries, you can get them from me (hunter)... (preferred) http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip or (limited bandwidth) http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip If you want the source repackaged in a zip, I could do that as well, but Apache 1.3.27 and mod_ssl 2.8.12 are not bundled together normally and neither are they bundled with the OpenSSL. If you are after the source and you can be a little more specific, I will see what I can do for you. These binaries do not have an installer ... you must configure and test the code - I have done nothing beyond making the binaries and placing them in the correct subdirectories with icons and such (this is done by the makefile). The HTTP and SSL are not configure nor are certificates generated. hunter __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl for apache2 2.0.43
Paetsch, Christian (BearingPoint extern) wrote: Hello, I'm looking for the modul mod_ssl for the new apache 2.0.43 server running on a window32 platform. I can only find information about the mod_ssl for apache 1.3. Can I still use the latest version of mod_ssl? Thanks in advance. Regard, Christian Paetsch | BearingPoint | Berlin, Germany Phone +49 30 88004 59 20 | Mobile +49 172 38 73 175 | Fax +49 30 88004 9755 592 www.bearingpoint.com -- The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Christian, - mod_ssl is built into Apache2 - it is included in the source. You still need to build OpenSSL and place the build directly into the Apache source, but mod_ssl is there already. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.0.40 and OpenSSL
Medina Malpica Victor wrote: Recently I needed a development environment based on Apache 2, php4 and ssl for windows, it was and intranet application for a bank (that was the reason for the ssl) I built a installer with the apache 2 and ssl, and also included the MySQL data base. It has performed just fine under medium load, haven't try it under heavy load. I put it in my university ftp, if you want you can download it and try it, I believe they are quite stable. You can send me email if you want some sort of support or comments on how to improve it. I also have a sourceforge project but haven't upload the latest release. (sourceforge.net/projects/ikirux) The latest binary are here: ftp://route.unitec.edu.ve/VictorMedina/IkiruxProject/ FileNamer: IKIRUX_WSP_Pro1Beta4_ENG.zip Victor Medina PS: I would really apreaciate some feedback on this, bugs, etc Legal Notice These software packages are provided free of charge. It uses strong cryptography that is regulated by export/import/use restrictions in some parts of the world. PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Victor, I have sent a note to your university account describing a problem that you should address - regarding your installer. Contact me if you need help understanding the issue - it is unrealated to apache or mod_ssl. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Windows binaries for Apache
Apache users... Recent updates to the source has made it necessary to rebuild the Apache binaries that I previously made available. If you want to upgrade to the latest code please help yourselves. Note: I have only built the code and not tested any of it. Next week I will begin testing the Apache2 code for my own use, but I don't use the Apache1 code. http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6g-Win32.zip http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip If you have any problems contact me on the list, as [EMAIL PROTECTED] or at my personal account: [EMAIL PROTECTED] Chris. Legal Notice These software packages are provided free of charge. It uses strong cryptography that is regulated by export/import/use restrictions in some parts of the world. PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[Fwd: Sol: Re: Apache.exe generates errors and is closed by Windows.]
Ramakrishna, The following note was sent to me personally. I cannot confirm it by my own experience, but it is worth considering. The suggestion is that you can still have this problem with the newer code. This offers a potential solution. Other comments are welcome. Thanks Edwin. -Chris. Original message from Edwin Cleton Hunter, This is caused with versions where SSLv2 is still active. apache 1.3.26, mod_ssl 2.8.10 and openssl 0.9.6g, win32. SSLv2 MUST be disabled because the problem is not 100% solved between 0.9.6d and the current 0.9.6g with the win32 platform. Fwd to List: apache-modssl if you consider this to be of public interest. Sincerely, Edwin Cleton __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Fw: Apache 2.0.42 / Win2000 / OpenSSL ?
Harald Wopenka wrote: Hi there, is there already a possibility to use https with Apache 2? Does anybody know a HowTo where I can see step by step how I can setup SSL on Apache 2 on my Windows 2000 Server? Thanks in advance, Harry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Harold, If you do not want to build your own then use these binaries that I just recently built. http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip If you want to build your own follow the instructions from an earlier reply to another user... NOTE: A new release of Apache2 has occurred since I di these notes. You will have to do quite a bit of configuring to get this working. When you get to that part, read/and ask questions... OLD EMAIL I apologize for the sloppiness... hunter wrote: arcean wrote: (snip) I will have to download new source and try again to know what the situation is and I am sorry but I have to run off to work. Later, ok? Chris. I have not located an msi installer for Apache 2.0.39 These are the steps that I followed build it from source. 1. Download httpd-2.0.39-win32-src.zip 2. Unzip into directory httpd-2.0.39 3. Create directory ?:\httpd-2.0.39\srclib\openssl 4. Extract openssl-0.9.6d.tar.gz 5. Copy the contents of \openssl-0.9.6d to \httpd-2.0.39\srclib\openssl 6. Go to :\httpd-2.0.39\srclib\openssl follow instructions in INSTALL.W32 Bellow is the results mixed within the instructionss... Visual C++ -- First should run Configure: perl Configure VC-WIN32 2002.07.17 21.47.37.13 [I:\httpd-2.0.39\srclib\openssl]perl configure VC-WIN32 Configuring for VC-WIN32 IsWindows=1 CC=cl CFLAG =-DTHREADS -DDSO_WIN32 EX_LIBS = BN_ASM=bn_asm.o DES_ENC =des_enc.o fcrypt_b.o BF_ENC=bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM = RMD160_OBJ_ASM= PROCESSOR = RANLIB=/usr/bin/ranlib PERL =/usr/bin/perl THIRTY_TWO_BIT mode BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined Configured for VC-WIN32. 2002.07.17 21.48.04.99 [I:\httpd-2.0.39\srclib\openssl] Next you need to build the Makefiles and optionally the assembly language files: - If you are using MASM then run: ms\do_masm 2002.07.17 21.48.04.99 [I:\httpd-2.0.39\srclib\openssl]ms\do_masm Generating x86 for MASM assember Bignum DES crypt(3) Blowfish CAST5 RC4 MD5 SHA1 RIPEMD160 RC5\32 2002.07.17 21.49.00.49 [I:\httpd-2.0.39\srclib\openssl]perl util\mkfiles.pl 1MINFO 2002.07.17 21.49.00.85 [I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-MSDOS no-sock ms\msdos.mak 2002.07.17 21.49.00.85 [I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-W31-32 ms\w31.mak 2002.07.17 21.49.00.85 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-W31-32 1ms\w31dll.mak unknown option - 2002.07.17 21.49.01.34 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl VC-WIN32 1ms\nt.mak unknown option - 2002.07.17 21.49.01.79 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-WIN32 1ms\ntdll.mak unknown option - 2002.07.17 21.49.02.23 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 libeay 1ms\libeay16.def 2002.07.17 21.49.05.07 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 libeay 1ms\libeay32.def 2002.07.17 21.49.07.95 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 ssleay 1ms\ssleay16.def 2002.07.17 21.49.10.64 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 ssleay 1ms\ssleay32.def 2002.07.17 21.49.13.33 [I:\httpd-2.0.39\srclib\openssl] - If you are using NASM then run: ms\do_nasm - If you don't want to use the assembly language files at all then run: ms\do_ms If you get errors about things not having numbers assigned then check the troubleshooting section: you probably won't be able to compile it as it stands. Then from the VC++ environment at a prompt do: nmake -f ms\ntdll.mak 2002.07.17 21.49.13.33 [I:\httpd-2.0.39\srclib\openssl]nmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. ' in macroak(239) : fatal error U1001: syntax error : illegal character ' Stop. 2002.07.17 21.50.09.96 [I:\httpd-2.0.39\srclib\openssl]nmake -f ms\ntdll.mak in macroak(239) : fatal error U1001: syntax error : illegal character - this is the error you get when you use the new cygwin perl... ...make certain older perl is ahead in path and start over... 2002.07.17 21.57.07.91 [I:\httpd-2.0.39\srclib\openssl]perl configure VC-WIN32 Configuring for VC-WIN32 IsWindows=1 CC=cl CFLAG =-DTHREADS -DDSO_WIN32 EX_LIBS = BN_ASM=bn_asm.o DES_ENC
Re: OpenSSL 0.9.6e and Apache 2.0.39.
Xiao, Wei wrote: I was trying to install apache with SSL. I can build and install OpenSSL 0.9.6e. When I run configure of Apache, I got following error messages, checking for SSL/TLS toolkit base... /usr/ssl/install/openssl/ checking for SSL/TLS toolkit version... checking for SSL/TLS toolkit includes... configure: error: OpenSSL headers not found If you can help, that will be great. Thank you very much. Wei Wei Xiao Safelite Glass Corp IS - Web Development [EMAIL PROTECTED] 614.798.2361 What operating system? You should not be using anything less than OpenSSL 0.9.6g ... there are exploitable flaws in the previous versions. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Jim Lee wrote: Hi, I have tested the Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in a test environment and it works fine. You could go ahead and upload it to the http://www.modssl.org/contrib/ftp/contrib/ location. Thanks and Regards, Bye, -Jim. From: hunter Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Date: Wed, 25 Sep 2002 01:03:47 -0400 Jim Lee wrote: Hi, I wish to have this file that hunter has contributed (Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) to be available to everyone without any problems. Jim and friends, I have also tried to contact someone at OpenSSL, with no reply. My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. The files are not that large, so if you can endure the slow download, you are all welcome to help yourselves. Jim, the build is ok then? You have it up and running? Chris. _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Jim, Thank you for testing the code and letting us know that it is ok! I have been unsuccessfull in getting the attention of anyone at mod_ssl, but Ken Campney has made a server available to host Windows binaries. These are the urls... http://hunter.campbus.com/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip The files are still available from my server but I would rather that people take the files from the urls above, so that I don't use up my upload quota. I will continue to try uploading to... http://www.modssl.org/contrib/ftp/contrib/ but it appears to be broken. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: This combination is *NOT* officially supported
Ramakrishna Kuppa wrote:
Chris,
Which code is this - is it the Apache OR mod_ssl OR OpenSSL?
And, if I understood you right, irrespective of the versions of the
above software, on Win32 systems, the message is written to the log
file. Do you see this log entry in any of the many installations you have?
-Original Message-
From: hunter [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 9:07 PM
To: [EMAIL PROTECTED]
Subject: This combination is *NOT* officially supported
Ramakrishna Kuppa wrote:
Chris,
I am getting the following message in my SSL log:
[30/Sep/2002 17:57:49 02000] [info] Server: Apache/1.3.26,
Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
[30/Sep/2002 17:57:49 02000] [warn] You are using mod_ssl
under Win32.
This combination is *NOT* officially supported. Use it at
your own risk!
Anything to be noted/concerned of?
Ramakrishna,
/*
* Identification
*/
if (mc-nInitCount == 1) {
ssl_log(s, SSL_LOG_INFO, Server: %s, Interface: %s,
Library: %s,
SERVER_BASEVERSION,
ssl_var_lookup(p, NULL, NULL, NULL,
SSL_VERSION_INTERFACE),
ssl_var_lookup(p, NULL, NULL, NULL,
SSL_VERSION_LIBRARY));
#ifdef WIN32
ssl_log(s, SSL_LOG_WARN, You are using mod_ssl
under Win32.
This combination is *NOT* officially supported.
Use it at your own risk!);
#endif
}
...it is simply a comment - disclaimer - whatever - it is
there in any
case if you are running Windows version.
Chris.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Ramakrishna,
This code segment is from mod_ssl...
f:\mod_ssl-2.8.10-1.3.26\pkg.sslmod\ssl_engine_init.c
...begins at line 175
Your statement is correct... this message will appear in your log if you
are using mod_ssl on Windows with Apache 1.3.xx and mod_ssl 2.8.10
I have enabled SSL on only one of my Windows boxes. It has never logged
this message but the version is Apache 2.0.40 - OpenSSL 0.9.6g.
...mod_ssl is integrated into Apache 2.
All of my other Windows boxes have the SSL code included but SSL has not
turned on - may never need to be.
IMHO - It means nothing, unless you are paying for support ... this is
open source afterall. Take it as a cheap shot at Windows. There are
some days when I share the thought, but I curse my Linux equally.
Chris.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
[EMAIL PROTECTED] wrote: HI chris , I have a Debian version of Linux . I will try to re-install apache itself and copy the httpd.conf , I currenlty have . Right now our debian server is used by a testing organization to test our applications residing on this server. thought there should be some way to add mod_ssl without disturbing their work . thanks ibrahim Ibrahim, Windows or Unix? On Windows I may be able to explain it, but not Unix. Read my reply to Andreas re version of OpennSSL. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] mail2web - Check your email from the web at http://mail2web.com/ . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ibrahim, I have Debian as well. I generally let apt-get (dpkg) handle everything. I tweak the Apache slightly. I would say that apt will handle your situation as well. I installed apache and then later installed apache-ssl. I seems to work fine but it also looks like there are 2 servers. In fact if you install only apache-ssl you do not have http, it seems. I only use my server for playing around on. I can experiment if that is of any help to you. I also have two more Debian machines that I can experiment with ... one is already running apache the other is not - but could be. My experience would indicate that your previous configuration will be preserved - sometimes even when you rather it did not. apt-get update apt-get upgrade These are the sources that I use. I am checking now to see what revs I am actually running (I am reasonably certain that apt-get updated the ssl in the past 2 weeks. I am running sshd as well and it needed the update as well. deb http://mirror.direct.ca/linux/debian/ testing main contrib deb-src http://mirror.direct.ca/linux/debian/ testing main contrib deb http://non-us.debian.org/debian-non-US woody/non-US main deb-src http://non-us.debian.org/debian-non-US woody/non-US main deb http://security.debian.org/ stable/updates main deb http://security.debian.org/ woody/updates main contrib non-free The resulting versions are ... Apache/1.3.26 (Unix) Debian GNU/Linux Apache/1.3.26 Ben-SSL/1.48 (Unix) Debian GNU/Linux I do not know enough about it, but the Ben-SSL may not be mod_ssl, it is listed as apache_ssl. Included in apache-ssl (Woody testing)... libc6 2.2.5-14.3 libdb2 2:2.7.7.0-8 libexpat1 1.95.2-6 libssl0.9.6 0.9.6g-2 this is important mime-support 3.19-1 apache-common 1.3.26-1.1 perl 5.6.1-7 libgdbmg1 1.7.3-27.1 perl-doc 5.6.1-7 logrotate 3.6.5-1 dpkg 1.10.4 openssl 0.9.6g-2 this is important apache-doc 1.3.26-1.1 I built the Apache, mod_ssl, OpenSSL (Win32) for Apache 1.3.26 but I do not use it - others asked for it. On windows I am using Apache 2.0.42 - it has (can have) the SSL built-in but I am not using it. If someone else would like to comment (not about using Windows) it would be appreciated. My suggestion... Add sources to security and testing if necessary and run: apt-get update apt-get upgrade Originally Woody had Apache 1.3.24 - my current rev were updated by apt-get update/upgrade. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache.exe generates errors and is closed by Windows.
Ramakrishna Kuppa wrote: I am getting the above error on my Windows platform. The environment details are as follows: OS: Windows 2000 Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10 The OS pops up a box with the above message and until the user acknowledges, the system doesn't respond to any user requests. In a way, the system hangs. Any ideas on how this can be resolved? Alternatively, can the server be made to service user requests? Thanks Ramakrishna Ramakrishna, Could you please explain what is 'the above error'. Guess: Are you referring to an abnormal end.. a dialog that says a program is exiting unexpectedly? Warning: You should not be using OpenSSL 0.9.6d - I thought you were using one of the new builds I made? Advice: This error might happen if you did not have all of the parts or it is misconfigured. You may find a clue in the error.log. Have you ever had this working or are you failing on an initial install. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache.exe generates errors and is closed by Windows.
Ramakrishna Kuppa wrote: Chris, I upgraded our system to use OpenSSL 0.9.6g from your latest build. However, the error I was referring to occurred in the previous build that had version 0.9.6d of OpenSSL. The error is a Dr.Watson error. The usual popup box comes with the above message and until the user acknowledges, the system doesn't service any requests. There aren't any useful messages that get logged either. The complete message is as follows: Apache.exe generates errors and will be closed by Windows. You will need to restart the program. An error log is being created. -Original Message- From: hunter [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:59 PM To: [EMAIL PROTECTED] Subject: Re: Apache.exe generates errors and is closed by Windows. Ramakrishna Kuppa wrote: I am getting the above error on my Windows platform. The environment details are as follows: OS: Windows 2000 Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10 The OS pops up a box with the above message and until the user acknowledges, the system doesn't respond to any user requests. In a way, the system hangs. Any ideas on how this can be resolved? Alternatively, can the server be made to service user requests? Thanks Ramakrishna Ramakrishna, Could you please explain what is 'the above error'. Guess: Are you referring to an abnormal end.. a dialog that says a program is exiting unexpectedly? Warning: You should not be using OpenSSL 0.9.6d - I thought you were using one of the new builds I made? Advice: This error might happen if you did not have all of the parts or it is misconfigured. You may find a clue in the error.log. Have you ever had this working or are you failing on an initial install. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ramakrishna, It would be helpful to see the apache error log ... usually called 'error.log' in the ..\Apache\logs directory. Also, the Dr Watson log can also be useful but less so when I do not have the same build - with the same build I can walk it into the failure with the debugger. The Dr Watson log can be found in the %SystemRoot% .. mine is I:\WINDOWS (XP PRO) yours could be C:\WINNT - the file is called 'drwtsn32.log' This could have been caused by a buffer overrun ... like in a failed exploit ... previous versions of OpenSSL were vulnerable. I will look at the log if you send it. Maybe there will be clues. The new code is ok? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache.exe generates errors and is closed by Windows.
Martin Dickau wrote: I think what you are asking here is... is there a way to continue after a Dr Watson message has happened and there is no user to press ok. There may be, but I have never found it. Run drwtsn32.exe and uncheck Visual Notification (or change the setting in the registry directly). Martin Martin Dickau, ByAllAccounts [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Martin, I have been inside Dr. Watson dozens of time and have never noticed the setting. I will try it out. I tried it quickly, but I still got a dialog popup on XP PRO - not a Dr. Watson message though. Thanks Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache.exe generates errors and is closed by Windows.
Ramakrishna Kuppa wrote: Chris, I am getting the following message in my SSL log: [30/Sep/2002 17:57:49 02000] [info] Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, Library: OpenSSL/0.9.6g [30/Sep/2002 17:57:49 02000] [warn] You are using mod_ssl under Win32. This combination is *NOT* officially supported. Use it at your own risk! Anything to be noted/concerned of? Ramakrishna, I don't know. While I have been building Apache for several years, I have only recently started playing with SSL. I never used it at all with Apache 1.3.26. It is now integrated into Apache 2.0.xx and that is what I am using. I have never seen a message like this with Apache2. This message reminds me of the disclaimer that says that Apache for Windows should not be considered production quality. I have never personally had any problems with the Windows Apache until version 2.0.xx and Windows XP - auto-index was broken with a large number of files the last time I checked. Anyway, I don't think the message is cause for worry. Maybe someone more closely involved with mod_ssl will comment. I will have a look at the mod_ssl code and see if I can find the source of the message - I am curious. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
This combination is *NOT* officially supported
Ramakrishna Kuppa wrote:
Chris,
I am getting the following message in my SSL log:
[30/Sep/2002 17:57:49 02000] [info] Server: Apache/1.3.26, Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
[30/Sep/2002 17:57:49 02000] [warn] You are using mod_ssl under Win32.
This combination is *NOT* officially supported. Use it at your own risk!
Anything to be noted/concerned of?
Ramakrishna,
/*
* Identification
*/
if (mc-nInitCount == 1) {
ssl_log(s, SSL_LOG_INFO, Server: %s, Interface: %s, Library: %s,
SERVER_BASEVERSION,
ssl_var_lookup(p, NULL, NULL, NULL,
SSL_VERSION_INTERFACE),
ssl_var_lookup(p, NULL, NULL, NULL,
SSL_VERSION_LIBRARY));
#ifdef WIN32
ssl_log(s, SSL_LOG_WARN, You are using mod_ssl under Win32.
This combination is *NOT* officially supported.
Use it at your own risk!);
#endif
}
...it is simply a comment - disclaimer - whatever - it is there in any
case if you are running Windows version.
Chris.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
Andreas Schnell wrote: Hey, I try to install mod_ssl. The problem is that the install manual just describes how to install it together with apache and openssl. Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't want to remove it just to install mod_ssl. Is there any way to install mod_ssl, even if apache and openssl is already installed ? I hope so. Any help is greatly appreciated. Thnx Andreas Andreas, Windows or Unix? On Windows I may be able to explain it, but not Unix. You should not continue to use OpenSSL 0.9.6c, there are serious exploitable flaws in versions less than 0.9.6g. In any case I think it matters more that mod_ssl be built with a specific version of OpenSSL. Adding the mod to Apache should be possible without reinstalling. However, by saving your httpd.conf and replacing it later, a refresh of the whole code base is not be a big deal in my mind. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
[EMAIL PROTECTED] wrote: Hey , I too have the same requirement. I want to install(add module) only mod_ssl to existing apache and openssl . Many sites explain how to install apache with mod_ssl from their sources. but no where I found how to add the mod_ssl module alone. I appreciate if any one can help us in doing this. thanks ibrahim Original Message: - From: Andreas Schnell [EMAIL PROTECTED] Date: Sat, 28 Sep 2002 17:31:35 +0200 To: [EMAIL PROTECTED] Subject: mod_ssl and apache 1.3.26 Hey, I try to install mod_ssl. The problem is that the install manual just describes how to install it together with apache and openssl. Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't want to remove it just to install mod_ssl. Is there any way to install mod_ssl, even if apache and openssl is already installed ? I hope so. Any help is greatly appreciated. Thnx Andreas mail2web - Check your email from the web at http://mail2web.com/ . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ibrahim, Windows or Unix? On Windows I may be able to explain it, but not Unix. Read my reply to Andreas re version of OpennSSL. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Availability of mod_ssl for Apache 2.0.42 Win32
Jeff Hagan wrote: Does anyone know when a release of mod_ssl supporting Apache 2.0.42 for Win32 will be available? Thank you, -- jeff h. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Jeff, mod_ssl is integrated/included (built in) with Apache 2.0.x It is no longer a separate package. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Windows binaries for Apache
Apache users... In response to requests for Windows binaries, I built Apache 1.3.26 with mod_ssl 2.8.10 and OpenSSL 0.9.6g. However, I was unable to upload the files to the mod_ssl contrib site and offered to temporarily host the files on my server. I am limited in how long I can do this since my ISP will charge me dollars/GB after 10GB of downloads per month. I will not be removing the binaries from my server unless I am in danger of exceeding the limit. Ken Campney generously offered to host these files, so that they can continue to be available. The new links are listed below. http://hunter.campbus.com/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip Please use the links above instead of my server... http://tor.ath.cx/~hunter/apache I will continue to provide you with new binaries if the sources change and there is continued interest in Apache 1.3.xx Please download from the hunter.campbus.com location if possible. If you have any problems contact me on the list, as [EMAIL PROTECTED] or at my personal account: [EMAIL PROTECTED] Chris. Legal Notice These packagages use strong cryptography that is regulated by export/import/use restrictions in some other parts of the world and are provided free of charge. PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. WE NOR THE AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken Campney wrote: Chris, I've downloaded your files just to make sure I have them. Do you think .tgz files will be needed or are the access for those a little better than the Win32 files? When everything is set, I'll give you the link/links to the files. As a secondary thought, I suppose I could just set you up with an ftp account to upload files as needed. Ken - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 26, 2002 1:48 AM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken Campney wrote: ERRR. Do I have the right file name?? lol What ever the file name/names in need of a depot is, I'm assuming it was Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken - Original Message - From: Ken Campney [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:42 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken, I copied the filename conventions from the previous versions ... looked at them to see what they contain, so as to remain consistent. A large number of people still want to use the Apache 1.3.26, with fixed OpenSSL - I am using Apache 2.0.40 (soon to move to 2.0.42). I can make any version, but this is the most popular right now. OpenSA has a nice distribution, but I have not checked to see what rev's they are at. Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL libs, etc. Openssl-0.9.6g-Win32.zip - contains only OpenSSL binaries The parts are not so well integrated as they are with Apache 2.0.42. Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip - contains all 3 parts - Mod_SSL is built into Apache 2 and the make like to put the OpenSSL binaries into the Apache/bin directory. Actual urls... http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g -Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I hope I did not misunderstood what you wanted ... (I talk too much) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ken, The sources are always easy to get, at least from my experience. The problem lies in the fact that Windows machines do not have a compiler. I am on the lists, so I know when people are looking for a new build (security alert for example). It does not take me long to buld the code. Te most common problem for anyone trying to build the code is to get the build machine set up properly; I plan to address this soon, with a How-To doc. It makes the most sense to have ftp access, I guess. But, that can go either way. I can also provide you with an ftp account on my server as well. It is more expedient for me to make the code and put it on your server. It mitgates some of the risks of using the code, by restricting who has write access to it. I generally warn people that I did not build a properly configured server with the older builds and leave it up to them to test it. I will respond to problems caused by a bad build. The new code, I am using (testing) and know first hand if I mess up the build. Generally though, once you get the build working it is reliable -- I don't have to code anything afterall ... just follow instructions. My personal email account is [EMAIL PROTECTED] If you hit my index.html on tor.ath.cx you will get a 'new install page' for IIS ... my idea of humor ... my server is for friends and they know enough to look for an 'easter egg' - click the Icon. My internet server is a Linux box, I build and use the Windows code for my employer, where I manage more than 20,000 installations of Apache. I will touch bases with you later. Thanks again. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken Campney wrote: Everyone have their reading glasses on? In an effort to get to the meat of the issue without all the mind numbing legal double talk I made a couple of phone calls. (I figured what the hell, they take what they want from my income, I'll make them regret answering the phone) I appears that since the module is going to be free to everyone who wants/needs it the only thing that may need to be done is notifying them what the url is, and provide a disclamer warning about export regulations. I still have a few things to read through though. I may need some information such as who wrote the app (company, etc). *ideas anyone?? (I'm new to OpenSSL and the various modules so excuse me if the answer to that is obvious) Once I get this figured out, the module should have an additional 1-14 download locations. (if desired) Ken, This is great! For what it is worth there is a disclaimer on this page that may serve the purpose you describe in your comments. http://www.modssl.org/source/ A good source of names for all of the parts can be found in the LICENSE.TXT from the Apache 2.0.42 build - I have included it as an attachment. Please let me know if there is anything else that I can do to assist you. Thank you for taking the time to check on the export rules. Chris. /* * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2002 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. The end-user documentation included with the redistribution, *if any, must include the following acknowledgment: * This product includes software developed by the *Apache Software Foundation (http://www.apache.org/). *Alternately, this acknowledgment may appear in the software itself, *if and wherever such third-party acknowledgments normally appear. * * 4. The names Apache and Apache Software Foundation must *not be used to endorse or promote products derived from this *software without prior written permission. For written *permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called Apache, *nor may Apache appear in their name, without prior written *permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * http://www.apache.org/. * * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. */ APACHE HTTP SERVER SUBCOMPONENTS: The Apache HTTP Server includes a number of subcomponents with separate copyright notices and license terms. Your use of the source code for the these subcomponents is subject to the terms and conditions of the following licenses. For the mod_mime_magic component: /* * mod_mime_magic: MIME type lookup via file magic numbers * Copyright (c) 1996-1997 Cisco Systems, Inc. * * This software was submitted by Cisco Systems to the Apache Group in July * 1997. Future revisions and derivatives of this source code must * acknowledge Cisco Systems as the original contributor of this module. * All other licensing and usage conditions are those of the Apache Group. * * Some of this code is derived from the free version of the file command * originally posted to comp.sources.unix. Copyright info
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken Campney wrote: ERRR. Do I have the right file name?? lol What ever the file name/names in need of a depot is, I'm assuming it was Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken - Original Message - From: Ken Campney [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:42 PM Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) Ken, I copied the filename conventions from the previous versions ... looked at them to see what they contain, so as to remain consistent. A large number of people still want to use the Apache 1.3.26, with fixed OpenSSL - I am using Apache 2.0.40 (soon to move to 2.0.42). I can make any version, but this is the most popular right now. OpenSA has a nice distribution, but I have not checked to see what rev's they are at. Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL libs, etc. Openssl-0.9.6g-Win32.zip - contains only OpenSSL binaries The parts are not so well integrated as they are with Apache 2.0.42. Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip - contains all 3 parts - Mod_SSL is built into Apache 2 and the make like to put the OpenSSL binaries into the Apache/bin directory. Actual urls... http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I hope I did not misunderstood what you wanted ... (I talk too much) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Ken, The source for: - Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip - Openssl-0.9.6g-Win32.zip 2002.09.21 12.08 3,066,788 apache_1.3.26-win32-src.zip 2002.09.18 04.32 753,241 mod_ssl-2.8.10-1.3.26.tar.gz.tar 2002.09.21 12.09 2,170,570 openssl-0.9.6g.tar.gz.tar The source for: - Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip 2002.09.25 01.14 6,750,712 httpd-2.0.42-win32-src.zip 2002.09.21 12.09 2,170,570 openssl-0.9.6g.tar.gz.tar Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Jim Lee wrote: Hi, I wish to have this file that hunter has contributed (Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) to be available to everyone without any problems. Jim and friends, I have also tried to contact someone at OpenSSL, with no reply. My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. The files are not that large, so if you can endure the slow download, you are all welcome to help yourselves. Jim, the build is ok then? You have it up and running? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Cliff Woolley wrote: On Wed, 25 Sep 2002, hunter wrote: My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. Why not just upload it to the contrib area at modssl.org? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I have tried. I am not sure whether I am doing something wrong or the page is broken. I will try again, but each time I try to FTP, the write fails. I am open to any suggestions. I sent Ralf a note but he has not replied. I should have sent a note to you ... :-) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
hunter wrote: Cliff Woolley wrote: On Wed, 25 Sep 2002, hunter wrote: My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. Why not just upload it to the contrib area at modssl.org? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I have tried. I am not sure whether I am doing something wrong or the page is broken. I will try again, but each time I try to FTP, the write fails. I am open to any suggestions. I sent Ralf a note but he has not replied. I should have sent a note to you ... :-) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I did try again ... seems to work this time. ??? And ... someone else must have put the binaries there as well ... but I didn't overwrite them. Thanks for the nudge... Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Ken Campney wrote: If you'd like, I'd be more than happy to host the file for download on my network - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 1:42 AM Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken, it is nice of you to offer. http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip I just made the new Apache as well... http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I also tried again to upload to ModSSL (again) and still cannot write the files there. I am in Toronto. I suppose I should pay more attention to the export rules - is Canada included? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Jim Lee wrote: Hi, Since i am a windows user, i am looking for an already compiled file: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Since i do not have any compilers installed, i would really appreciate if any of our UNIX friends could help our WINDOWS collegues and post the Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the following location: http://www.modssl.org/contrib/ftp/contrib/ Thanks, Bye, -Jim. From: Horst To: Jim Lee [EMAIL PROTECTED] Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT) Hi Jim, I didn't read all the previous messages and the reference to http://www.modssl.org/contrib/ftp/contrib/ but I'd guess you can google for the 3 independent files. That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently. - Horst (ohh, just realizing you are on Win - I am on linux and got the RPMs with no problem) On Wed, 18 Sep 2002, Jim Lee wrote: I have been unable to find the file: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip at the following location: http://www.modssl.org/contrib/ftp/contrib/ Any help from our fellow members in the group would be higly appreciated in view of the recent openSSL worm virus alerts. Thanks and Regards, Bye, -Jim. From: Paul To: [EMAIL PROTECTED] Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Date: Wed, 18 Sep 2002 09:02:41 +1200 Hi, I am looking for the following file: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip in the http://www.modssl.org/contrib/ftp/contrib/ folder. If anyone could contribute this file, i would highly appreciate it. Hi Jim, I'm looking for that file too! Did you have any luck. Cheers, Paul. -- _ _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Jim and/or Paul, I don't know how to contribute... I will find out, but it is late and I want to go to bed. Maybe someone can put these into http://www.modssl.org/contrib/ftp/contrib/ for me. And, someone could shorten the path to the knowledge of how to submit the code for contribution -- I tried ftp'ing and could not write (no suprise). I have binaries (untested) for the releases you are after. (I am running Apache 2.0.40 but can easily build the code for these versions - configuring and testing it is more work and I leave that up to you). If you have any problem with the code I will spend some more time on it later in the evening - send me a note ([EMAIL PROTECTED] or [EMAIL PROTECTED]). http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip I built the openssl with masm as well by the way. chris P.S. I cannot handle a lot of traffic and suffer from (relatively) slow transfer rate. (ADSL Modem with Sympatico) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Problem compiling Apache with modssl on HPUX system...
Gilles Gros wrote: You need to have felx and bison installed and accessible in your path. Gilles - Original Message - From: Almada, Jon F [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 30, 2002 2:54 PM Subject: Problem compiling Apache with modssl on HPUX system... Hello, I am attempting to compile Apache with the Mod-SSL modules per the instructions on the site. I am running on a HP-UX 11 machine and everything went fine until I began compiling the Apache server - Any advice about how to get out of this pickle would most certainly be appreciated ;) Sincerely, Jon F. Almada Web Developer GenCorp-Aerojet rm -f libmain.a ar cr libmain.a alloc.o buff.o http_config.o http_core.o http_log.o ht tp_main.o http_protocol.o http_request.o http_vhost.o util.o util_date.o util_s cript.o util_uri.o util_md5.o rfc1413.o /bin/true libmain.a === src/main === src/lib === src/lib/expat-lite === src/lib/expat-lite === src/lib === src/modules === src/modules/standard === src/modules/standard === src/modules/ssl flex -Pssl_expr_yy -s -B ssl_expr_scan.l Make: Cannot load flex. Stop. *** Error exit code 1 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] In the interest of preventing another misunderstanding... Giles meant 'flex' not felx... You need to have felx and bison installed and accessible in your path. Chris. (please excuse me if it was already obvious) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: virtual host port 443
ann wallace wrote: im sure this question has been asked before, but i looked around and i cannot find anything... so here goes, i have one virtualhost set up to use port 443, but for some reason if you go to any of the virtualhost set up on port 80, via https it defaults to the one host set up on port 443. config: Listen 1.2.3.4:80 NameVirtualHost 1.2.3.4:80 VirtualHost 1.2.3.4:80 ServerAdmin blah@blah DocumentRoot /home/httpd/html ServerName www.blah.blah ErrorLog logs/blah-error_log TransferLog logs/blah-access_log Directory /home/httpd/html AllowOverride AuthConfig Options Indexes Includes ExecCGI Order allow,deny Allow from all /Directory /VirtualHost IfDefine HAVE_SSL Listen 1.2.3.4:443 VirtualHost 1.2.3.4:443 ServerAdmin webmaster@otherdomain DocumentRoot /www/lotherdomain ServerName www.otherdomain.net ServerAlias otherdomain.net *.otherdomain.net ErrorLog /var/log/httpd/secure-otherdomain-errlog TransferLog /var/log/httpd/secure-otherdomain-access_log SSLEngine on SSLCertificateFile/etc/httpd/conf/ssl.crt/www.otherdomain.net.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key AddType text/html .shtml .html AddHandler server-parsed .shtml .html Directory /www/otherdomain Options Indexes Includes FollowSymLinks ExecCGI AllowOverride AuthConfig Order allow,deny Allow from all /Directory /VirtualHost thanks ann __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] ann, Requesting https means 'use port 443'. That is consistent with your results, though it may not be consistent with your intent. I am sorry, but I do not have the experience to know how to achieve what you want, however I will give the limited insight that I have aquired... I have been able to specify ports explicitly in the url to override the http or https, but when left to figure it out my servers (the browsers) obey the rules. http = 80 https = 443 I have specifically set a server to listen to http = 1046 https = 1047 But, in order to make this work as expected I need to pass the port on the url. I have noticed that different browsers behave differently to not specifying the port. In some cases typing the url to a server listening on a non-standard port will result in complete failure (by not providing the http part) http://my.domain.org:1046 https://my.domain.org:1047 It may be that there is more than one derived valued from the terms, 'http' and 'https'. I think (but wait to be corrected) that you must maintain the separation of function between your secure and non-secure servers so that http and https behave naturally. That is ... the server that is listening on port 80 is non-secure and will respond to requests from 'http' while your server listening on port 443 will be secure and will respond to requests from 'https'. However, I don't think this precludes your ability to specify ports and thus force http or https on different port values. I do not know if this will help you and I invite someone to correct me for the benefit of us both. chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Failure to load mod_ssl under NT/apache 2.0
arcean wrote: -- Original Message -- From: Alex Moon [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 11:37:20 +0100 I've been trying to get apache 2.0.39 +modssl to work under winNT. But i am failing at what seems like the first hurdle i.e. i cannot seem to get the apache mod_ssl.so module to load. It comes up with the following: with apache 1.3.2* under windows (not cygwin) you had to load .DDL and not .SO maybe it a way to search Cannot load C:/apache2/modules/mod_ssl.so into server: The operating system cannot run %1 Any ideas greatfully received as I cannot see what I have done wrong, Alex Technical Manager Online Learning Support Unit Middlesex University Business School [EMAIL PROTECTED] 020 8411 5092 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] I have not done this for several weeks and maybe the distribution has changed, but... mod_ssl.so was not built with Apache 1.0.39 ...you have to build it. 1. place openssl into ?:\httpd-2.0.39\srclib ... there are instructions somewhere to follow... 2. follow the instructions in openssl and build it ... you need masm7, perl, vc6, etc. 3. build apache ... it finds openssl and builds mod_ssl.so ... you need awk, bison, sed and flex (new cygwin) ... I had to get newer version of cygwin before it worked, but then the newer perl was a problem. ... older perl must be in path before cygwin After it all comes to gether you can use nmake -f makefile.win installr Then I had trouble making certs... Try these hints ... I will make more detailed instructions later if needed but I think the newer packages (must) probably work better than what I used ... but I have not checked. I will have to download new source and try again to know what the situation is and I am sorry but I have to run off to work. Later, ok? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Failure to load mod_ssl under NT/apache 2.0
arcean wrote: -- Original Message -- From: hunter [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 09:22:37 -0400 arcean wrote: -- Original Message -- From: Alex Moon [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 11:37:20 +0100 I've been trying to get apache 2.0.39 +modssl to work under winNT. But i am failing at what seems like the first hurdle i.e. i cannot seem to get the apache mod_ssl.so module to load. It comes up with the following: with apache 1.3.2* under windows (not cygwin) you had to load .DDL and not .SO maybe it a way to search [over load sniped ... ] I said : with apache 1.3.2* under windows (not cygwin) you had to load .DDL ^^^^^ not cygwin, native win32 if you prefer (with DLL) 1.3.2* like 1.3.20 or 1.3.26 ... not 1.0.39 (not sure it existes) i know my english is bad but with cygwin i never try I have not done this for several weeks and maybe the distribution has changed, but... mod_ssl.so was not built with Apache 1.0.39 ...you have to build it. 1. place openssl into ?:\httpd-2.0.39\srclib ... there are instructions somewhere to follow... 2. follow the instructions in openssl and build it ... you need masm7, perl, vc6, etc. 3. build apache ... it finds openssl and builds mod_ssl.so ... you need awk, bison, sed and flex (new cygwin) ... I had to get newer version of cygwin before it worked, but then the newer perl was a problem. ... older perl must be in path before cygwin After it all comes to gether you can use nmake -f makefile.win installr Then I had trouble making certs... Try these hints ... I will make more detailed instructions later if needed but I think the newer packages (must) probably work better than what I used ... but I have not checked. I will have to download new source and try again to know what the situation is and I am sorry but I have to run off to work. Later, ok? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] I'm sorry I failed to make it clear when I replied - I was in a hurry to get to work. The compile is with vc6 or vc 7 but some of the cygwin (unix) tools are used and must be avaialble. I don't use cygwin to build Apache or openssl. If you are still having trouble ... I am going to get the latest source now and see if the build conditions are the same as when I built mine. If they are then I think I can help you ... I worked through similar difficulties already. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Failure to load mod_ssl under NT/apache 2.0
I apologize for the sloppiness... hunter wrote: arcean wrote: (snip) I will have to download new source and try again to know what the situation is and I am sorry but I have to run off to work. Later, ok? Chris. I have not located an msi installer for Apache 2.0.39 These are the steps that I followed build it from source. 1. Download httpd-2.0.39-win32-src.zip 2. Unzip into directory httpd-2.0.39 3. Create directory ?:\httpd-2.0.39\srclib\openssl 4. Extract openssl-0.9.6d.tar.gz 5. Copy the contents of \openssl-0.9.6d to \httpd-2.0.39\srclib\openssl 6. Go to :\httpd-2.0.39\srclib\openssl follow instructions in INSTALL.W32 Bellow is the results mixed within the instructionss... Visual C++ -- First should run Configure: perl Configure VC-WIN32 2002.07.17 21.47.37.13 [I:\httpd-2.0.39\srclib\openssl]perl configure VC-WIN32 Configuring for VC-WIN32 IsWindows=1 CC=cl CFLAG =-DTHREADS -DDSO_WIN32 EX_LIBS = BN_ASM=bn_asm.o DES_ENC =des_enc.o fcrypt_b.o BF_ENC=bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM = RMD160_OBJ_ASM= PROCESSOR = RANLIB=/usr/bin/ranlib PERL =/usr/bin/perl THIRTY_TWO_BIT mode BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined Configured for VC-WIN32. 2002.07.17 21.48.04.99 [I:\httpd-2.0.39\srclib\openssl] Next you need to build the Makefiles and optionally the assembly language files: - If you are using MASM then run: ms\do_masm 2002.07.17 21.48.04.99 [I:\httpd-2.0.39\srclib\openssl]ms\do_masm Generating x86 for MASM assember Bignum DES crypt(3) Blowfish CAST5 RC4 MD5 SHA1 RIPEMD160 RC5\32 2002.07.17 21.49.00.49 [I:\httpd-2.0.39\srclib\openssl]perl util\mkfiles.pl 1MINFO 2002.07.17 21.49.00.85 [I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-MSDOS no-sock ms\msdos.mak 2002.07.17 21.49.00.85 [I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-W31-32 ms\w31.mak 2002.07.17 21.49.00.85 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-W31-32 1ms\w31dll.mak unknown option - 2002.07.17 21.49.01.34 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl VC-WIN32 1ms\nt.mak unknown option - 2002.07.17 21.49.01.79 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-WIN32 1ms\ntdll.mak unknown option - 2002.07.17 21.49.02.23 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 libeay 1ms\libeay16.def 2002.07.17 21.49.05.07 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 libeay 1ms\libeay32.def 2002.07.17 21.49.07.95 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 ssleay 1ms\ssleay16.def 2002.07.17 21.49.10.64 [I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 ssleay 1ms\ssleay32.def 2002.07.17 21.49.13.33 [I:\httpd-2.0.39\srclib\openssl] - If you are using NASM then run: ms\do_nasm - If you don't want to use the assembly language files at all then run: ms\do_ms If you get errors about things not having numbers assigned then check the troubleshooting section: you probably won't be able to compile it as it stands. Then from the VC++ environment at a prompt do: nmake -f ms\ntdll.mak 2002.07.17 21.49.13.33 [I:\httpd-2.0.39\srclib\openssl]nmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. ' in macroak(239) : fatal error U1001: syntax error : illegal character ' Stop. 2002.07.17 21.50.09.96 [I:\httpd-2.0.39\srclib\openssl]nmake -f ms\ntdll.mak in macroak(239) : fatal error U1001: syntax error : illegal character - this is the error you get when you use the new cygwin perl... ...make certain older perl is ahead in path and start over... 2002.07.17 21.57.07.91 [I:\httpd-2.0.39\srclib\openssl]perl configure VC-WIN32 Configuring for VC-WIN32 IsWindows=1 CC=cl CFLAG =-DTHREADS -DDSO_WIN32 EX_LIBS = BN_ASM=bn_asm.o DES_ENC =des_enc.o fcrypt_b.o BF_ENC=bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM = RMD160_OBJ_ASM= PROCESSOR = RANLIB=true PERL =perl THIRTY_TWO_BIT mode BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined Configured for VC-WIN32. 2002.07.17 21.57.54.71 [I:\httpd-2.0.39\srclib\openssl] 2002.07.17 21.57.54.71 [I:\httpd-2.0.39\srclib\openssl]ms\do_masm Generating x86 for MASM assember Bignum DES crypt(3) Blowfish CAST5 RC4 MD5 SHA1 RIPEMD160 RC5\32 2002.07.17 21.58.37.68 [I:\httpd-2.0.39\srclib\openssl]perl util\mkfiles.pl 1MINFO 2002.07.17 21.58.37.86 [I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-MSDOS no-sock ms\msdos.mak 2002.07.17 21.58.37.86 [I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-W31-32 ms\w31.mak 2002.07.17 21.58.37.86 [I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-W31-32 1ms\w31dll.mak 2002.07.17 21.58.38.10 [I:\httpd-2.0.39
Compile fails while building mod_ssl - ?? bison - lex.ssl_expr_yy.c(1753)
Could someone help me figure out why my compile fails...
This is the first time I have tried to compile with mod_ssl - that
is with openssl in srclib.
The code builds fine otherwise.
Compile errors...
echo/nologo /MD /W3 /O2 /I ../../include /I
../../srclib/apr/include /I ../../srclib/apr-util/include /I
../../srclib/openssl/inc32/openssl /I ../../srclib/openssl/inc32
/D NDEBUG /D WIN32 /D _WINDOWS /D WIN32_LEAN_AND_MEAN /D
NO_IDEA /D NO_RC5 /D NO_MDC2 /Fo.\Release\\
/Fd.\Release\mod_ssl /FD /c ssl_expr_scan.c
I:\Temp\nm18BC.tmp
cl.exe @I:\Temp\nm18BC.tmp
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : 'Unknown'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1915) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1917) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1926) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1935) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1943) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1945) : error C2059: syntax error : '}'
.\Release\mod_ssl.so target does not exist
echo kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib
gdi32.lib ssleay32.lib libeay32.lib /nologo /subsystem:
windows /dll /incremental:no /pdb:.\Release\mod_ssl.pdb
/map:.\Release\mod_ssl.map /machine:I386
/out:.\Release\mod_ssl.so /
implib:.\Release\mod_ssl.lib
/libpath:../../srclib/openssl/out32dll
/libpath:../../srclib/openssl/out32 /base:@..\..\os\win3
2\BaseAddr.ref,mod_ssl .\Release\mod_ssl.obj
.\Release\ssl_engine_config.obj .\Release\ssl_engine_dh.obj
.\Release\ssl_e
ngine_init.obj .\Release\ssl_engine_io.obj
.\Release\ssl_engine_kernel.obj .\Release\ssl_engine_log.obj
.\Release\ssl_
engine_mutex.obj .\Release\ssl_engine_pphrase.obj
.\Release\ssl_engine_rand.obj .\Release\ssl_engine_vars.obj
.\Releas
e\ssl_expr.obj .\Release\ssl_expr_eval.obj
.\Release\ssl_expr_parse.obj .\Release\ssl_expr_scan.obj
.\Release\ssl_scac
he.obj .\Release\ssl_scache_dbm.obj
.\Release\ssl_scache_shmcb.objI:\Temp\nm18BD.tmp
echo .\Release\ssl_scache_shmht.obj .\Release\ssl_util.obj
.\Release\ssl_util_ssl.obj .\Release\ssl_util_table.o
bj .\Release\mod_ssl.res ..\..\srclib\apr\Release\libapr.lib
..\..\srclib\apr-util\Release\libaprutil.lib ..\..\Releas
e\libhttpd.lib I:\Temp\nm18BD.tmp
link.exe @I:\Temp\nm18BD.tmp
LINK : fatal error LNK1181: cannot open input file
'.\Release\ssl_expr_scan.obj'
cd ..\..
cd support
nmake -f abs.mak CFG=abs - Win32 Release
RECURSE=0 /build
.\Release Tue Jun 18 21:15:41 2002
The actual error varies ..
(before compiling with Visual Studio from the command line)
cd ..\..
cd modules\ssl
nmake -f mod_ssl.mak CFG=mod_ssl - Win32 Release
RECURSE=0 .\Release\mod_ssl.so
Microsoft (R) Program Maintenance Utility Version 7.00.9466
Copyright (C) Microsoft Corporation. All rights reserved.
if not exist .\Release/ mkdir .\Release
tempfile.bat
tempfile.bat
tempfile.bat
tempfile.bat
rc.exe /l 0x409 /fo.\Release\mod_ssl.res /d NDEBUG
.\mod_ssl.rc
cl.exe @I:\Temp\nm1A17.tmp
mod_ssl.c
ssl_engine_config.c
ssl_engine_dh.c
ssl_engine_init.c
ssl_engine_io.c
ssl_engine_kernel.c
ssl_engine_log.c
ssl_engine_mutex.c
ssl_engine_pphrase.c
ssl_engine_rand.c
ssl_engine_vars.c
ssl_expr.c
ssl_expr_eval.c
ssl_expr_parse.c
\cygnus\cygwin-b20\share\bison.simple(333) : warning C4013: 'alloca'
undefined; assuming extern returning int
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : 'Unknown'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax
Re: Remote Startup ????
andrew wrote: O.K. three weeks of my times been wasted so far in discovering that the apache wasn't hanging or unable to find a valid cert file. BUT mod_ssl had it waiting at the command prompt expecting me to enter the certificate pass- phase. HOW is a person suppose to remotly start such a server ?? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Andrew - This is addressed in the mod_ssl FAQ quite well. I will quote from the FAQ directly since it describes the fixes quite well: How can I get rid of the pass-phrase dialog at Apache startup time? [L] The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in encrypted format for security reasons. The pass-phrase is needed to be able to read and parse this file. When you can be sure that your server is secure enough you perform two steps: 1.Remove the encryption from the RSA private key (while preserving the original file): cp server.key server.key.org openssl rsa -in server.key.org -out server.key 2.Make sure the server.key file is now only readable by root: chmod 400 server.key Now server.key will contain an unencrypted copy of the key. If you point your server at this file it will not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate you on the net. PLEASE make sure that the permissions on that file are really such that only root or the web server user can read it (preferably get your web server to start as root but run as another server, and have the key readable only by root). As an alternative approach you can use the ``SSLPassPhraseDialog exec:/path/to/program'' facility. But keep in mind that this is neither more nor less secure, of course. I hope that helps and answers your question. Cheers! -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ca and certs
Lutz Jaenicke wrote: Michael, I won´t comment on the pest aspect. Please make sure that you really understand what you are doing and that you did check all resources to find the problem yourself. I am definitely missing the logfile entries for the apache startup and for your connection attempts. Maybe they already include the hint you are looking for. For another approach is to take the openssl CA.pl tool for generating the certs, it will hide some part of the process for you. Please consider reading http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/doc/myownca.html as description of this way (which is just hiding the full process by wrapping it with a, hmm, comfortable script). Regards, Lutz Well i did do a ton of reading, and yes even tried the CA.pl(sh) script. What it turned out to be, just for anyone else that is curious, is that the Location (city) needed to be different between the CA and the server cert itself. Once i made that one and only change, it all works well. Thank you all for your advice, time, and help. Regards -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.4.8 (Important Bugfix)
I am running mod_ssl-2.4.8-1.3.9 on the following all built without a problem (once i did a little hacking in openssl to get it to successfully compile): RedHat 5.2 Linux 2.0.38 Apache 1.3.9 OpenSSL 0.9.4 mod_ssl 2.4.8 mod_perl 1.21 PHP 3.0.12 Works like a charm, and even works/compiles better on my other 5 redhat 6.1 linux 2.2.12-20 servers. Cheers. -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ca and certs
Dear list readers - Sorry to be such a pest, but does anyone have a ca.config that they could share with me so i can see the correct syntax of this file. I would greatly appreciate it. Regards -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: CA and certs
[EMAIL PROTECTED] wrote: your CA information has to be different from the information listed in the key you wish to sign. Try that and it should work. -- Colin Faber Perl programer, Systems administration fpsn.net, Inc. [EMAIL PROTECTED] www.fpsn.net Colin - Here is the procedure i followed: 1) /usr/share/ssl/mod_ssl/ openssl genrsa -des3 -out ca.key 1024 1112 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus .+ .+ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: 2) /usr/share/ssl/mod_ssl/ openssl req -new -x509 -days 365 -key ca.key -out ca.crt Using configuration from /usr/local/openssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Ohio Locality Name (eg, city) []:Lakewood Organization Name (eg, company) [Internet Widgits Pty Ltd]:The UserFriendly Netw ork Organizational Unit Name (eg, section) []:Certificate Authority Common Name (eg, YOUR name) []:UFN CA Email Address []:[EMAIL PROTECTED] 3) /usr/share/ssl/mod_ssl/ openssl genrsa -des3 -out server.key 1024 1112 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus ...+ ..+ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: 4) /usr/share/ssl/mod_ssl/ openssl req -new -key server.key -out server.csr Using configuration from /usr/local/openssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Ohio Locality Name (eg, city) []:Lakewood Organization Name (eg, company) [Internet Widgits Pty Ltd]:The UserFriendly Netw ork Organizational Unit Name (eg, section) []:Web Development Unit Common Name (eg, YOUR name) []:www.userfriendly.net Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 5) /usr/share/ssl/mod_ssl/ ./sign.sh server.csr CA signing: server.csr - server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Ohio' localityName :PRINTABLE:'Lakewood' organizationName :PRINTABLE:'The UserFriendly Network' organizationalUnitName:PRINTABLE:'Web Development Unit' commonName:PRINTABLE:'www.userfriendly.net' emailAddress :IA5STRING:'[EMAIL PROTECTED]' Certificate is to be certified until Nov 6 02:06:59 2000 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt - CA cert server.crt: OK 6) /usr/share/ssl/mod_ssl/ openssl rsa -in server.key.org -out server.key read RSA private key Enter PEM pass phrase: writing RSA private key 7) Û²±°root@niteowl°±²ÛÛ²±° Sat Nov 6 09:07:35pm /usr/share/ssl/mod_ssl/ chmod 400 server.key Û²±°root@niteowl°±²ÛÛ²±° Sat Nov 6 09:07:43pm /usr/share/ssl/mod_ssl/ cp server.crt /etc/httpd/conf/ cp: overwrite `/etc/httpd/conf/server.crt'? y Û²±°root@niteowl°±²ÛÛ²±° Sat Nov 6 09:07:54pm /usr/share/ssl/mod_ssl/ cp server.key /etc/httpd/conf/ cp: overwrite `/etc/httpd/conf/server.key'? y Û²±°root@niteowl°±²ÛÛ²±° Sat Nov 6 09:07:59pm /usr/share/ssl/mod_ssl/ /etc/rc.d/init.d/httpd restart I restarted the webserver and STILL get the annoying message about the signature: "The server's certificate has an invalid signature. You will not be able to connect to this site securely." Now, i took your advice as evidenced above, and still got the same result. Any ideas? Regards -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL
CA and server certs
Dear list readers - I have followed the instructions for generating my own CA and server certificate, and signed the server.csr creating the server.crt and put both the server.crt and server.key in /etc/httpd/conf/ and checked the httpd.conf.ssl file to make sure the server was pointing to these files in the corect location. And stopped and restarted the webserver. Now when i go to connect to it via an https request i get the following error: "The server's certificate has an invalid signature. You will not be able to connect to this site securely." I comared the pub and priv keys using the commands from the FAQ and have verified, i believe, that they do indeed match. Any ideas on how to correct this problem? Any help/advice would be GREATLY appreciated. -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
CA and certs
Dear list readers: I found what i believe to be the problem that i am having. When i go to sign the server.csr, i get the following error after committing: error 7 at 0 depth lookup:certificate signature failure And that is why i am getting the signature error in apache trying to connect to the https. Any ideas? -- Michael B. Weiner Systems Administrator/Partner The UserFriendly Network (UFN) -- / / (_)__ __ __ / /__/ / _ \/ // /\ \/ / //_/_//_/\_,_/ /_/\_\ * * * CHOICE OF A GNU GENERATION * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
