SSLLog's demise (was Re: freebsd SSLCryptoDevice)
On Wed, 10 Jul 2002, Mads Toftum wrote: > Which is a really bad move IMHO - debugging with mod_ssl > was very good, and easy to use, but now with 2.0 it has been hacked into > something much less usable. Making the loglevel tie in with the general > loglevel, you get debugging info from two places at once, that it _very_ > rarely makes sense to debug together. FWIW, I was in the camp that totally agrees with this sentiment. The decision to get rid of it was by no means unanimous. Feel free to start a grassroots petition to get it added back in again. :) If the users want it back, the users want it back... --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: freebsd SSLCryptoDevice
Title: RE: freebsd SSLCryptoDevice Hi Rob, Michelle Comyns recently tested our card using Apache 2.0 and subsequently sent the attached to another customer. The tests were on Linux rather that Freebsd but should be of assistance. Try these out and let me know how you get on. Regards, Noel O'Kelly Attached are the results of our Apache 2.0 testing. These were carried out using Apache 2.0.36/ Red Hat Linux 7.2 on a Dual 1.26Ghz server with an AEP2000L card. There are a few differences in the installation for Apache 2.0. There is no longer a need to install mod_ssl as a seperate package (features have been integrated into Apache) The installation process is a s follows: From the directory where you unzipped the tar file - CFLAGS="DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure --enable-ssl --with-ssl=/usr/local --enable-shared-mods="ssl" make make install This will install Apache 2.0 to /usr/local/apache2/ This assumes that you have an AEP aware OpenSSL installed to /usr/local (I used OpenSSL-engine-0.9.6d) The line 'SSLCryptoDevice aep' should be added to the file /usr/local/apache2/conf/ssl.conf (All of the SSL configuration options have been taken from the http.conf and are now in a new ssl.conf file) Note: There is no longer an option to create a test certificate in Apache 2.0 so you will need to copy a test certificate from an older version of Apache in order to test the installation. The performance tuning is similar to previous versions of Apache. Apologies for the delay in sending these figures. If you have any further questions don't hesitate to contact me. regards, Michelle Comyns Product Support Engineer AEP Systems, Bray Business Park, Southern Cross Route, Bray, Co. Wicklow. -Original Message- From: Robert McMonigal [mailto:[EMAIL PROTECTED]] Sent: 08 July 2002 20:39 To: [EMAIL PROTECTED] Subject: freebsd SSLCryptoDevice I have been trying to get an aep hardware acclerator to work under apache 2.0.39. Everything installs fine and it runs fine with SSLCryptoDevice builtin. But if I change builtin to aep and try to start it, it appears to start mormally (no error messages from the console) but in the error log I get "Init: Failed to enable Crypto Device API `aep'" I know the card is working because I can do openssl speed rsa1024 -engine aep and the CPU time is less then a second for ten seconds of computations. I have tried this on redhat 7.3 and it works. So I was wondering if apache 2 compiles differently on freebsd then redhat. Any ideas on what is going wrong would be greatly appreciated. I run the following command for the configure CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure --prefix=/usr/local/httpd --enable-ssl --with-ssl=/usr/local/src/openssl-engine-0.9.6d Thanks, Rob _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] LinuxApache2.0.xls Description: LinuxApache2.0.xls
RE: freebsd SSLCryptoDevice
Title: RE: freebsd SSLCryptoDevice Rob, I will send you offline instructions for installing our card on Apache 2.0.39. If anyone else has similiar problems contact me directly regards, Noel O'Kelly Product support engineer Aep ltd. -Original Message- From: Robert McMonigal [mailto:[EMAIL PROTECTED]] Sent: 08 July 2002 20:39 To: [EMAIL PROTECTED] Subject: freebsd SSLCryptoDevice I have been trying to get an aep hardware acclerator to work under apache 2.0.39. Everything installs fine and it runs fine with SSLCryptoDevice builtin. But if I change builtin to aep and try to start it, it appears to start mormally (no error messages from the console) but in the error log I get "Init: Failed to enable Crypto Device API `aep'" I know the card is working because I can do openssl speed rsa1024 -engine aep and the CPU time is less then a second for ten seconds of computations. I have tried this on redhat 7.3 and it works. So I was wondering if apache 2 compiles differently on freebsd then redhat. Any ideas on what is going wrong would be greatly appreciated. I run the following command for the configure CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure --prefix=/usr/local/httpd --enable-ssl --with-ssl=/usr/local/src/openssl-engine-0.9.6d Thanks, Rob _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: freebsd SSLCryptoDevice
On Wed, Jul 10, 2002 at 01:48:15AM -0400, Cliff Woolley wrote: > Note that there's no such thing as a separate SSLLog/SSLLogLevel in Apache > 2.0 anymore -- it's all lumped in with the regular error_log. > Which is a really bad move IMHO - debugging with mod_ssl was very good, and easy to use, but now with 2.0 it has been hacked into something much less usable. Making the loglevel tie in with the general loglevel, you get debugging info from two places at once, that it _very_ rarely makes sense to debug together. For those of us who actually use the SSLLog as proof that every transaction did in fact have the right levels of crypto etc, this is a real PITA change. But I suppose that is what happens when someone decides to apr'ize stuff they don't really know a whole lot about. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: freebsd SSLCryptoDevice
On Tue, 9 Jul 2002, Geoff Thorpe wrote: > Can you ensure you've got a decent debugging level set (eg. perhaps > "SSLLogLevel info") and post the last few lines of the error log when Note that there's no such thing as a separate SSLLog/SSLLogLevel in Apache 2.0 anymore -- it's all lumped in with the regular error_log. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: freebsd SSLCryptoDevice
On Mon, 8 Jul 2002, Robert McMonigal wrote: > I have been trying to get an aep hardware acclerator to work under apache > 2.0.39. Everything installs fine and it runs fine with SSLCryptoDevice > builtin. But if I change builtin to aep and try to start it, it appears to > start mormally (no error messages from the console) but in the error log I > get "Init: Failed to enable Crypto Device API `aep'" I know the card is > working because I can do openssl speed rsa1024 -engine aep and the CPU time > is less then a second for ten seconds of computations. I have tried this on > redhat 7.3 and it works. So I was wondering if apache 2 compiles > differently on freebsd then redhat. Any ideas on what is going wrong would > be greatly appreciated. > > > I run the following command for the configure > > CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure > --prefix=/usr/local/httpd --enable-ssl > --with-ssl=/usr/local/src/openssl-engine-0.9.6d Can you ensure you've got a decent debugging level set (eg. perhaps "SSLLogLevel info") and post the last few lines of the error log when starting up apache? That should include the openssl-generated error stack which will go some way further to saying how/why the initialisation failed. I'd suspect it's a failure to load the AEP-specific shared-library (ie. a path issue) but without more info it's difficult to tell. BTW: I assume you've verified that when you say "openssl speed rsa1024 -engine aep" is working, that you're talking about the copy of the 'openssl' binary in /usr/local/src/openssl-engine-0.9.6d and *not* the 'openssl' binary installed in a system $PATH as part of the freebsd distribution? If not, you're comparing success with one (packaged, installed, and quite possibly modified) build of openssl with failure of an entirely different build of openssl. Cheers, Geoff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
freebsd SSLCryptoDevice
I have been trying to get an aep hardware acclerator to work under apache 2.0.39. Everything installs fine and it runs fine with SSLCryptoDevice builtin. But if I change builtin to aep and try to start it, it appears to start mormally (no error messages from the console) but in the error log I get "Init: Failed to enable Crypto Device API `aep'" I know the card is working because I can do openssl speed rsa1024 -engine aep and the CPU time is less then a second for ten seconds of computations. I have tried this on redhat 7.3 and it works. So I was wondering if apache 2 compiles differently on freebsd then redhat. Any ideas on what is going wrong would be greatly appreciated. I run the following command for the configure CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure --prefix=/usr/local/httpd --enable-ssl --with-ssl=/usr/local/src/openssl-engine-0.9.6d Thanks, Rob _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]