Re: Ok, Client Test Suite established

1999-03-26 Thread Hans Lohmander 

I tested the below and got "bad data from the server"
http was fine but https was not.

Netscape 4.5 Mac, PPC international. IP 193.14.164.99 in your log.
MacOS 8.1 thru Squid 2.1 patch 2. Same result bypassing the cache.

MSIE 4.5 does not allow any ssl connection wich is what is expected,
the server allows for this negotiation?

All from behinde a firewall 1.

-h

"Ralf S. Engelschall" wrote:
> 
> On Thu, Mar 25, 1999, Magnus Stenman wrote:
> 
> > >   http://en4.engelschall.com/
> > >  https://en4.engelschall.com/
> >
> > Dang. NS 4.08 Linux and NS 4.5 Mac work fine on all tests...
> > Unfortunately I cannot give you access to my box, because it's on
> > a non-public net..
> > But I can enable "debug" level in the logs..
> 
> Ahh... fine. I was already made-insecure and though I become totally crazy.
> So we can now conclude that at least for your situation it's seems a local
> platform problem. At least it seems it's not a general mod_ssl protocol
> problem. I've expected this, because I already went over the protocol stuff
> more than once and finally were convinced that in 2.2.5 and 2.2.6 it's now
> finally correct.
> 
> Hmmm.. but nevertheless you've still the nasty problems on your platform and
> the question remains: What cause it. Using the debugging loglevel can give
> some hints, yes. It's not exactly the software versions I used, right?  I
> think the problem is inside OpenSSL, because in Apache the protocol stuff
> wasn't changed for a long time. Have you already tried a _fresh_ (built from
> scratch!) Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b (sorry when I ask again,
> but too much people already described their situation the last days and I
> already intermix them)?
>Ralf S. Engelschall
>[EMAIL PROTECTED]
>www.engelschall.com
> __
> Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Hans Lohmander -- Sigma Exallon Information AB
Internet & Intranet solutions
Talkto:+46 (0)40 247636
Faxto:+46 (0)40 24 99 50
Mobile# +46 (0)709-898636
mailto:[EMAIL PROTECTED]
http://www.ei.sigma.se/
ICQ# 9319123
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

begin:vcard 
n:Lohmander;Hans
tel;cell:+46 0709 898636
tel;fax:+46 40 249950
tel;work:+46 40 247636
x-mozilla-html:FALSE
url:http://www.ei.sigma.se/
org:Sigma Exallon Information AB;Internet / Intranet
adr:;;Stortorget 9;Malmö;;S-211 22;Sweden
version:2.1
email;internet:[EMAIL PROTECTED]
title:Konsult
x-mozilla-cpt:;1
fn:Hans Lohmander
end:vcard

Re: Ok, Client Test Suite established

1999-03-26 Thread Dimitar Stoikov 

ok, it`s may be late once the problem was localized (in fact that there is
no problem;-)
I pass successfully all tests in the suite with OpenBSD 2.4/NN 4.5 for
x86-bsdi-bsd2 (not fortified).

Ralf, thanks for the great work!


--
Dimitar Stoikov. Primasoft Ltd, Internet Dept.
Take hold of OpenBSD -> http://www.OpenBSD.org

__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-26 Thread Toru Takinaka 


>>> MSIE3.02(Japanese) can't access https://en4.engelschall.com/
>>Why? What happens? An I/O error? Or is just because the server certificate is
>>a dummy one which uses the SnakeOil CA your MSIE3.02 doesn't know?
>SnakeOil CA is not the problem, it is warning only.
I'm very sorry.
This is only CA problem.
I test mod_ssl/2.2.6 with server certificate from verisign CA,
and it works fine.

__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-26 Thread Toru Takinaka 


>> MSIE3.02(Japanese) can't access https://en4.engelschall.com/
>Why? What happens? An I/O error? Or is just because the server certificate is
>a dummy one which uses the SnakeOil CA your MSIE3.02 doesn't know?
SnakeOil CA is not the problem, it is warning only.

Server certificate of https://en4.engelschall.com/ is readable on MSIE3.0.
But I can't see the page.
The error message is
Can't open site https://en4.engelschall.com/
in Japanese languange.

FYI,the log of my test server(Apache1.3.6+mod_ssl2.2.6+openssl0.9.2b) is here.
access_log:
Nothing.
error_log:
[Fri Mar 26 18:52:34 1999] [error] mod_ssl: SSL handshake interrupted by system

ssl_engine_log
[26/Mar/1999 18:52:33] [info]  Connection to child 0 established (server 
:xxx.xxx.xxx.xxx.xxx:8443)
[26/Mar/1999 18:52:33] [trace] Seeding PRNG with 1032 bytes of entropy
[26/Mar/1999 18:52:33] [trace] OpenSSL: Handshake: start
[26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: before/accept initialization
[26/Mar/1999 18:52:33] [debug] OpenSSL: read 7/7 bytes from BIO#00140880 [mem: 
0014EE10] (BIO dump follows)
+-+
| : 80 34 01 03 00 00 1b .4.  |
+-+
[26/Mar/1999 18:52:33] [debug] OpenSSL: read 47/47 bytes from BIO#00140880 [mem: 
0014EE17] (BIO dump follows)
+-+
| : 00 00 00 10 8f 80 01 80-00 01 81 00 01 81 00 03   |
| 0010: 82 00 01 83 00 04 84 28-40 00 00 03 02 00 80 79  ...(@..y |
| 0020: b1 20 b2 30 c9 da 5a d2-b2 8b 21 71 29 e0 33 . .0..Z...!q).3  |
+-+
[26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: SSLv3 read client hello A
[26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: SSLv3 write server hello A
[26/Mar/1999 18:52:33] [trace] OpenSSL: Loop: SSLv3 write certificate A
[26/Mar/1999 18:52:33] [debug] OpenSSL: write 1024/1024 bytes to BIO#00140880 [mem: 
00158280] (BIO dump follows)
+-+
| : 16 03 00 00 4a 02 00 00-46 03 00 36 fb 58 e1 5c  J...F..6.X.\ |
| 0010: 15 00 0c c8 86 97 86 db-f1 b2 2a 7c 42 cd b3 5a  ..*|B..Z |
| 0020: a0 25 f1 7a 02 3c 05 ce-9f 3a 89 20 d8 3b 82 b0  .%.z.<...:. .;.. |
| 0030: e8 85 ed 4f 32 44 e4 f4-53 59 6a ae f2 73 55 d1  ...O2D..SYj..sU. |
| 0040: c8 37 fb 28 ca 32 c8 bd-5a 42 ec ae 00 03 00 16  .7.(.2..ZB.. |
| 0050: 03 00 02 dc 0b 00 02 d8-00 02 d5 00 02 d2 30 82  ..0. |
| 0060: 02 ce 30 82 02 37 a0 03-02 01 02 02 01 01 30 0d  ..0..70. |
| 0070: 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 30 81 a9  ..*.H0.. |
| 0080: 31 0b 30 09 06 03 55 04-06 13 02 58 59 31 15 30  1.0...UXY1.0 |
| 0090: 13 06 03 55 04 08 13 0c-53 6e 61 6b 65 20 44 65  ...USnake De |
| 00a0: 73 65 72 74 31 13 30 11-06 03 55 04 07 13 0a 53  sert1.0...US |
| 00b0: 6e 61 6b 65 20 54 6f 77-6e 31 17 30 15 06 03 55  nake Town1.0...U |
| 00c0: 04 0a 13 0e 53 6e 61 6b-65 20 4f 69 6c 2c 20 4c  Snake Oil, L |
| 00d0: 74 64 31 1e 30 1c 06 03-55 04 0b 13 15 43 65 72  td1.0...UCer |
| 00e0: 74 69 66 69 63 61 74 65-20 41 75 74 68 6f 72 69  tificate Authori |
| 00f0: 74 79 31 15 30 13 06 03-55 04 03 13 0c 53 6e 61  ty1.0...USna |
| 0100: 6b 65 20 4f 69 6c 20 43-41 31 1e 30 1c 06 09 2a  ke Oil CA1.0...* |
| 0110: 86 48 86 f7 0d 01 09 01-16 0f 63 61 40 73 6e 61  .Hca@sna |
| 0120: 6b 65 6f 69 6c 2e 64 6f-6d 30 1e 17 0d 39 39 30  keoil.dom0...990 |
| 0130: 33 32 35 30 37 33 38 33-39 5a 17 0d 30 30 30 33  325073839Z..0003 |
| 0140: 32 34 30 37 33 38 33 39-5a 30 81 98 31 0b 30 09  24073839Z0..1.0. |
| 0150: 06 03 55 04 06 13 02 4a-50 31 0e 30 0c 06 03 55  ..UJP1.0...U |
| 0160: 04 08 13 05 54 6f 6b 79-6f 31 12 30 10 06 03 55  Tokyo1.0...U |
| 0170: 04 07 13 09 4d 69 6e 61-74 6f 2d 6b 75 31 0c 30  Minato-ku1.0 |
| 0180: 0a 06 03 55 04 0a 13 03-4e 45 43 31 0c 30 0a 06  ...UNEC1.0.. |
| 0190: 03 55 04 0b 13 03 4d 6b-74 31 1f 30 1d 06 03 55  .UMkt1.0...U |
| 01a0: 04 03 13 16 68 6f 6d 65-32 2e 63 73 2e 6d 70 64  home2.cs.mpd |
| 01b0: 2e 6e 65 63 2e 63 6f 2e-6a 70 31 28 30 26 06 09  .nec.co.jp1(0&.. |
| 01c0: 2a 86 48 86 f7 0d 01 09-01 16 19 77 65 62 73 74  *.Hwebst |
| 01d0: 61 66 66 40 63 73 2e 6d-70 64 2e 6e 65 63 2e 63  [EMAIL PROTECTED] |
| 01e0: 6f 2e 6a 70 30 81 9f 30-0d 06 09 2a 86 48 86 f7  o.jp0..0...*.H.. |
| 01f0: 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81  ..0. |
| 0200: 00 9f d8 2f 8b 68 1c 80-31 1b 38 d5 82 0d 5f c0  .../.h..1.8..._. |
| 0210: 21 fd 3b 49 6a f7 9d 2e-4f 2a 27 14 e1 e1 75 8d  !.;Ij...O*'...u. |
| 0220: 42 f5 8b 1f 0c 84 94 fd-f1 c4 40 d4 52 ea cf 02  B.@.R... |
| 0230: 3e 15 4a 80 c8 9a 8b f9-ab bf 2d 15 a5 7b 94 c9  >.J...-..{.. |
| 0240: 7e ef d2 9e 6d 1b e8 15-a6 a5 23 80 4f e3 f

Re: Ok, Client Test Suite established

1999-03-26 Thread Magnus Stenman 

Ralf S. Engelschall wrote:
> 
> On Thu, Mar 25, 1999, Magnus Stenman wrote:
> 
> > >   http://en4.engelschall.com/
> > >  https://en4.engelschall.com/
> >
> > Dang. NS 4.08 Linux and NS 4.5 Mac work fine on all tests...
> > Unfortunately I cannot give you access to my box, because it's on
> > a non-public net..
> > But I can enable "debug" level in the logs..
> 
> Ahh... fine. I was already made-insecure and though I become totally crazy.
> So we can now conclude that at least for your situation it's seems a local
> platform problem. At least it seems it's not a general mod_ssl protocol
> problem. I've expected this, because I already went over the protocol stuff
> more than once and finally were convinced that in 2.2.5 and 2.2.6 it's now
> finally correct.
> 
> Hmmm.. but nevertheless you've still the nasty problems on your platform and
> the question remains: What cause it. Using the debugging loglevel can give
> some hints, yes. It's not exactly the software versions I used, right?  I
> think the problem is inside OpenSSL, because in Apache the protocol stuff

I start to suspect that too... I use 0.9.1c (could not find newer RPMs)
but I'll upgrade to 0.9.2b and we'll see if the problem goes away.

It seems that at least some of the error reports come from
people using 0.9.1c


> wasn't changed for a long time. Have you already tried a _fresh_ (built from
> scratch!) Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b (sorry when I ask again,
> but too much people already described their situation the last days and I
> already intermix them)?

Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.1c

I included the "debug" level log snippet below


/magnus
 ssllog.gz

Re: Ok, Client Test Suite established

1999-03-26 Thread James H. Cloos Jr. 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

netscape 4.5 (not 4.5.1) under linux also passes.

- -JimC
- -- 
James H. Cloos, Jr.   1024D/ED7DAEA6 
<[EMAIL PROTECTED]> E9E9 F828 61A4 6EA9 0F2B  63E7 997A 9F17 ED7D AEA6
-BEGIN PGP SIGNATURE-
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE2+1E7mXqfF+19rqYRAo7AAJwJrYxwU6/9T8FSNuYJRvom8zN/VACggWne
Psesbk3OTRFZ1WuIzGkqr3U=
=WozS
-END PGP SIGNATURE-
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-26 Thread Ralf S. Engelschall 

On Fri, Mar 26, 1999, Toru Takinaka wrote:

> >Ok, because of the problem reports with various client/platforms and the fact
> >that I cannot reproduce the problems, I've now established a little test suite
> >for us. Under 
> >
> >  http://en4.engelschall.com/
> > https://en4.engelschall.com/
> >an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running under
> >FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled and
> >and a little mechanism to look at the last 16KB of the Apache logfiles.
> MSIE3.02(Japanese) can't access https://en4.engelschall.com/

Why? What happens? An I/O error? Or is just because the server certificate is
a dummy one which uses the SnakeOil CA your MSIE3.02 doesn't know?

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-26 Thread Ralf S. Engelschall 

On Thu, Mar 25, 1999, John Hamlik wrote:

> I haven't been able to duplicate the server error on IE4.0+ on your test
> server. (PR#136). ARgh!
> 
> Could you share with us the details of the installation of
> en4.engelschall.com so we may compare to find the differences and to
> test the same configuration in our own environment.  This would be most
> helpfull.

The server install I've done within 15 minutes and
was straight foreward:

1. I've extracted all three packages:

drwxr-xr-x  10 root  wheel  512 Mar 25 16:20 apache
drwxr-xr-x   8 root  staff  512 Mar 25 16:12 apache_1.3.6
-rw-r--r--   1 root  wheel  1372280 Mar 25 15:30 apache_1.3.6.tar.gz
drwxr-xr-x  10 rse   wheel  512 Mar 25 15:55 mod_ssl-2.2.6-1.3.6
-rw-r--r--   1 root  wheel   585546 Mar 25 15:31 mod_ssl-2.2.6-1.3.6.tar.gz
drwxr-xr-x  23 root  wheel 1024 Mar 25 15:38 openssl-0.9.2b
-rw-r--r--   1 root  wheel  1471369 Mar 25 15:30 openssl-0.9.2b.tar.gz

(the apache/ dir is the installation dir)

2. I've compiled OpenSSL with 
   $ perl Configure "FreeBSD-elf:cc:-g -ggdb3 -O2:::"
   but a simple
   $ ./config
   should do the same (I just wanted debugging stuff)

3. I've went to mod_ssl-2.2.6-1.3.6 and run
   $ ./configure --with-apache=../apache_1.3.6

4. I then went do apache_1.3.6 and run (I give you the config.status):

CC="cc" \
OPTIM="-g -ggdb3 -O2" \
TARGET="apache" \
SSL_BASE="/e/trail/openssl-0.9.2b" \
./configure \
"--with-layout=GNU" \
"--target=apache" \
"--prefix=/e/trail/apache" \
"--enable-module=most" 

5. I've created a certificate with "make certificate" and finally
   installed the stuff with "make install". I then only
   enabled "SSLLogLevel trace" in the apache.conf file.

That's all. Nothing special. Even the box is a PII/333 where
I've done a standard FreeBSD 3.1 installation a few weeks ago.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-26 Thread Ralf S. Engelschall 

On Thu, Mar 25, 1999, John Hamlik wrote:

> Is this a standard config?? static or module??

All static and compiled with debugging symbols
for easier debugging in case of a code dump.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Ok, Client Test Suite established

1999-03-25 Thread John Hamlik 

I really agree with Mark in that it is a little troubling.  I too
believe I have the same development environment.  I too have done a
clean install of the suite. And of course, the results are different.

John

> -Original Message-
> From: Mark Stosberg [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 25, 1999 4:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Ok, Client Test Suite established
> 
> 
> 
> I passed all tests fine with my Mac Communicator 4.51 that I 
> originally
> reported the error with. You can see my entries in the error 
> log with IP 199.120.185.113.
>   This is a little troubling, because I believe my development
> environment is identical to yours:  Apache/1.3.6 (Unix) mod_ssl/2.2.6
> OpenSSL/0.9.2b on FreeBSD 3.1
>   I had just done a clean install of all that, because I 
> tried using the
> SSLeay-0.9.0b library and got the same error. I'm going to try
> rebuilding with the 
>   OPTIM="-g -ggdb3" option your recommend for debugging, and I'll let
> you know the result of that.
> 
>  -mark
> 
>
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Ok, Client Test Suite established

1999-03-25 Thread John Hamlik 

I haven't been able to duplicate the server error on IE4.0+ on your test
server. (PR#136). ARgh!

Could you share with us the details of the installation of
en4.engelschall.com so we may compare to find the differences and to
test the same configuration in our own environment.  This would be most
helpfull.

John

> -Original Message-
> From: Ralf S. Engelschall [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 25, 1999 8:49 AM
> To: [EMAIL PROTECTED]
> Subject: Ok, Client Test Suite established
> 
> 
> 
> Ok, because of the problem reports with various 
> client/platforms and the fact
> that I cannot reproduce the problems, I've now established a 
> little test suite
> for us. Under 
> 
  http://en4.engelschall.com/
 https://en4.engelschall.com/

an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running
under
FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled
and
and a little mechanism to look at the last 16KB of the Apache logfiles.

I've now connected with the following Netscape browsers running under
X11 on
my development FreeBSD 3.1 box here at home:

 Netscape 2.02
 Netscape 3.04
 Netscape 4.08
 Netscape 4.51

and all four versions connected fine and passed the three CGI scripts
successfully without any hangs, any I/O errors or other unusual things.
In
other words, as I said: Under my development platform I cannot reproduce
your
problems. So, it's now your turn. Connect from your favorite client
platform
with your esoteric clients and hopefully let us find out something... 

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-25 Thread Toru Takinaka 


>Ok, because of the problem reports with various client/platforms and the fact
>that I cannot reproduce the problems, I've now established a little test suite
>for us. Under 
>
>  http://en4.engelschall.com/
> https://en4.engelschall.com/
>an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running under
>FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled and
>and a little mechanism to look at the last 16KB of the Apache logfiles.
MSIE3.02(Japanese) can't access https://en4.engelschall.com/
MSIE5.0(Japanese) is OK.

MSIE3.02(Japanese) can access Apache/1.3.4+mod_ssl/2.2.3+OpenSSL/0.9.1c.

__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-25 Thread Mark Stosberg 


I passed all tests fine with my Mac Communicator 4.51 that I originally
reported the error with. You can see my entries in the error log with IP 
199.120.185.113.
  This is a little troubling, because I believe my development
environment is identical to yours:  Apache/1.3.6 (Unix) mod_ssl/2.2.6
OpenSSL/0.9.2b on FreeBSD 3.1
  I had just done a clean install of all that, because I tried using the
SSLeay-0.9.0b library and got the same error. I'm going to try
rebuilding with the 
  OPTIM="-g -ggdb3" option your recommend for debugging, and I'll let
you know the result of that.

 -mark


"Ralf S. Engelschall" wrote:
> 
> Ok, because of the problem reports with various client/platforms and the fact
> that I cannot reproduce the problems, I've now established a little test suite
> for us. Under
> 
>   http://en4.engelschall.com/
>  https://en4.engelschall.com/
> 
> an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running under
> FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled and
> and a little mechanism to look at the last 16KB of the Apache logfiles.
> 
> I've now connected with the following Netscape browsers running under X11 on
> my development FreeBSD 3.1 box here at home:
> 
>  Netscape 2.02
>  Netscape 3.04
>  Netscape 4.08
>  Netscape 4.51
> 
> and all four versions connected fine and passed the three CGI scripts
> successfully without any hangs, any I/O errors or other unusual things.  In
> other words, as I said: Under my development platform I cannot reproduce your
> problems. So, it's now your turn. Connect from your favorite client platform
> with your esoteric clients and hopefully let us find out something...
> 
>Ralf S. Engelschall
>[EMAIL PROTECTED]
>www.engelschall.com
> __
> Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
http://flip.summersault.com/
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-25 Thread Juan Carlos Castro y Castro 

- Windows 98's native IE4 (Brazilian; 40-bit) works ok too. Barf!
- Netscape 4.5 (not 4.51) hacked with Fortify (http://www.fortify.net)
to allow strong crypto outside the US (hehehe) works ok too.

"Ralf S. Engelschall" wrote:
> 
> Ok, because of the problem reports with various client/platforms and the fact
> that I cannot reproduce the problems, I've now established a little test suite
> for us. Under
> 
>   http://en4.engelschall.com/
>  https://en4.engelschall.com/

-- 
 ___THE___  One man alone cannot fight the future. USE LINUX!
 \  \ /  /   ___
  \  V  /   |Juan Carlos Castro y Castro|
   \   /|[EMAIL PROTECTED]  |
   /   \|Linuxeiro, alvinegro, X-Phile e Carioca Folgado|
  /  ^  \   |Diretor de Informática e Eventos Sobrenaturais |
 /  / \  \  |da E-RACE CORPORATION  |
 ~~~   ~~~   ---
   RACER
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Ok, Client Test Suite established

1999-03-25 Thread Steffen Dettmer 

> >  https://en4.engelschall.com/
Netscape 4.5 [en]-98286
Linux 2.0.36

Everything looks fine...

oki,

Steffen

__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Ok, Client Test Suite established

1999-03-25 Thread Philip Gwyn 

Linux 2.2.3 (based on RH 4.2)
Netscape Communicator 4.06 (export version)

Everything worked fine.

Later tonight I'll try with MSIE under windoze.

I'm having reports of people using MSIE having connection problems.

httpsd: [Thu Mar 25 15:50:17 1999] [error] mod_ssl: SSL handshake interrupted by
 system (System error follows)
httpsd: [Thu Mar 25 15:50:17 1999] [error] System: Connection reset by peer (err
no: 104)

I'm going to try to reproduce this tonight.

-Philip


Philip Gwynhttp://www.artware.qc.ca/
(450) 674-9066  Internet ARTware inc
[EMAIL PROTECTED]  Programmeur
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Ok, Client Test Suite established

1999-03-25 Thread John Hamlik 

Is this a standard config?? static or module??

> -Original Message-
> From: Ralf S. Engelschall [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 25, 1999 8:49 AM
> To: [EMAIL PROTECTED]
> Subject: Ok, Client Test Suite established
> 
> 
> 
> Ok, because of the problem reports with various 
> client/platforms and the fact
> that I cannot reproduce the problems, I've now established a 
> little test suite
> for us. Under 
> 
>   http://en4.engelschall.com/
>  https://en4.engelschall.com/
> 
> an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is 
> running under
> FreeBSD 3.1. It has three test CGI scripts installed, 
> debugging enabled and
> and a little mechanism to look at the last 16KB of the Apache 
> logfiles.
> 
> I've now connected with the following Netscape browsers 
> running under X11 on
> my development FreeBSD 3.1 box here at home:
> 
>  Netscape 2.02
>  Netscape 3.04
>  Netscape 4.08
>  Netscape 4.51
> 
> and all four versions connected fine and passed the three CGI scripts
> successfully without any hangs, any I/O errors or other 
> unusual things.  In
> other words, as I said: Under my development platform I 
> cannot reproduce your
> problems. So, it's now your turn. Connect from your favorite 
> client platform
> with your esoteric clients and hopefully let us find out something... 
> 
>Ralf S. Engelschall
>[EMAIL PROTECTED]
>www.engelschall.com
> __
> Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-25 Thread Ralf S. Engelschall 

On Thu, Mar 25, 1999, Magnus Stenman wrote:

> >   http://en4.engelschall.com/
> >  https://en4.engelschall.com/
>
> Dang. NS 4.08 Linux and NS 4.5 Mac work fine on all tests...
> Unfortunately I cannot give you access to my box, because it's on
> a non-public net..
> But I can enable "debug" level in the logs..

Ahh... fine. I was already made-insecure and though I become totally crazy.
So we can now conclude that at least for your situation it's seems a local
platform problem. At least it seems it's not a general mod_ssl protocol
problem. I've expected this, because I already went over the protocol stuff
more than once and finally were convinced that in 2.2.5 and 2.2.6 it's now
finally correct.

Hmmm.. but nevertheless you've still the nasty problems on your platform and
the question remains: What cause it. Using the debugging loglevel can give
some hints, yes. It's not exactly the software versions I used, right?  I
think the problem is inside OpenSSL, because in Apache the protocol stuff
wasn't changed for a long time. Have you already tried a _fresh_ (built from
scratch!) Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b (sorry when I ask again,
but too much people already described their situation the last days and I
already intermix them)?
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-25 Thread Wanderlei Antonio Cavassin 

On Thu, 25 Mar 1999, Ralf S. Engelschall wrote:

>   http://en4.engelschall.com/
>  https://en4.engelschall.com/
> 
...
>  Netscape 2.02
>  Netscape 3.04
>  Netscape 4.08
>  Netscape 4.51

And these clients also works fine on all tests:

  Netscape 4.5 (Linux/glibc) + Fortify
  Lynx-SSL


Wanderlei Antonio Cavassin
Conectiva 

__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Ok, Client Test Suite established

1999-03-25 Thread Magnus Stenman 

Ralf S. Engelschall wrote:
> 

Dang. NS 4.08 Linux and NS 4.5 Mac work fine on all tests...

Unfortunately I cannot give you access to my box, because it's on
a non-public net..

But I can enable "debug" level in the logs..

/magnus

> Ok, because of the problem reports with various client/platforms and the fact
> that I cannot reproduce the problems, I've now established a little test suite
> for us. Under
> 
>   http://en4.engelschall.com/
>  https://en4.engelschall.com/
> 
> an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running under
> FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled and
> and a little mechanism to look at the last 16KB of the Apache logfiles.
> 
> I've now connected with the following Netscape browsers running under X11 on
> my development FreeBSD 3.1 box here at home:
> 
>  Netscape 2.02
>  Netscape 3.04
>  Netscape 4.08
>  Netscape 4.51
> 
> and all four versions connected fine and passed the three CGI scripts
> successfully without any hangs, any I/O errors or other unusual things.  In
> other words, as I said: Under my development platform I cannot reproduce your
> problems. So, it's now your turn. Connect from your favorite client platform
> with your esoteric clients and hopefully let us find out something...
> 
>Ralf S. Engelschall
>[EMAIL PROTECTED]
>www.engelschall.com
> __
> Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Ok, Client Test Suite established

1999-03-25 Thread Ralf S. Engelschall 


Ok, because of the problem reports with various client/platforms and the fact
that I cannot reproduce the problems, I've now established a little test suite
for us. Under 

  http://en4.engelschall.com/
 https://en4.engelschall.com/

an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running under
FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled and
and a little mechanism to look at the last 16KB of the Apache logfiles.

I've now connected with the following Netscape browsers running under X11 on
my development FreeBSD 3.1 box here at home:

 Netscape 2.02
 Netscape 3.04
 Netscape 4.08
 Netscape 4.51

and all four versions connected fine and passed the three CGI scripts
successfully without any hangs, any I/O errors or other unusual things.  In
other words, as I said: Under my development platform I cannot reproduce your
problems. So, it's now your turn. Connect from your favorite client platform
with your esoteric clients and hopefully let us find out something... 

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]