of work is involved in making
this happen?
Sure, it is possible since a longer time. All you have to do is to
configure a DSA based cert/key pair instead of a RSA based one with
SSLCertificateFile and SSLCertificateKeyFile. See the user manual for
details.
Ralf S
pair. Just remove
the leading comment characters from the pre-configured directives for
server-sa.{crt,key}.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
implicitly by Apache for mod_ssl, because the
buffers were allocated from one of Apache's memory pools (see for
``ap_palloc(mc-pPool, ...)'' calls). So there should be no memory leak.
Ralf S. Engelschall
[EMAIL PROTECTED
your browser...
From within httpd.conf you can use "SSLRequire". From within a CGI
script you can base your restrictions on the SSL_ environment
variables. See the mod_ssl user manual for a complete list of those
variables.
Ralf S. E
works but the commands of mod_expire
still do not work? Then your problem is a missing AddModule command
after the LoadModule.
Ralf S. Engelschall
[EMAIL PROTECTED
verify your
server certificate. So it is clear that it asks you to manually force
it to trust your server certificate with a popup dialog. That's all the
usual and expected behavior.
Ralf S. Engelschall
[EMAIL PROTECTED
... for example an intermediate
certificate...
The intermediate certificate has to be configured with
SSLCertificateChainFile. And you need an SSLCipherSuite which allows
export ciphers, too.
Ralf S. Engelschall
[EMAIL PROTECTED
eFile". The "no
certifcate configured" was already fixed some time ago.
Ralf S. Engelschall
[EMAIL PROTECTED]
/ rsaref
Errr.. that has to be -L`pwd`/../rsaref-2.0/local/ (note the
backticks!).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
-1.3.9/pkg.sslmod'
make: [all] Error 2 (ignored)
Hmmm.. strange, I cannot reproduce this. Neither with OpenSSL 0.9.5 nor
OpenSSL 0.9.5a. Are you sure you're using OpenSSL 0.9.5?
Ralf S. Engelschall
[EMAIL PROTECTED
estination should have a source ip of 160.124.44.207.
You usually get this if the user pressed the stop button while the data
was still transferred. Usually nothing to worry about.
Ralf S. Engelschall
[EMAIL
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
AVE_IPCSEM
#include sys/types.h
Thanks for your feedback. I've comitted this for mod_ssl 2.6.3.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
only
HTTP is spoken. The reason is always a server mis-configuration.
Make sure your Listen and VirtualHost directives match and that an
"SSLEngine on" is present in your vitual host for HTTPS.
Ralf S. Engelschall
, correct?
Yes.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
laught, its not a joke).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
... ??
No reason from my or out Majordomo's side. It just appears that ones
mailer has spooled the stuff for a few weeks and finally delivered
it
Ralf S. Engelschall
[EMAIL PROTECTED
MacOSX stuff, I think.
Sorry, I've no clue what MacOSX' problem is, but perhaps you should
first try to build mod_ssl as a regular/static module instead of a DSO.
Ralf S. Engelschall
[EMAIL PROTECTED
here
"apxs" is the one from the Apache installation which includes EAPI!) and
use the resulting mod_bandwidth.so instead.
Ralf S. Engelschall
[EMAIL PROTECTED]
mention apache API plugins.
Yes, and that's especially why the stuff is explicitly called "user
manual" and not "developer manual" ;)
Ralf S. Engelschall
PHP and mod_ssl with the APXS
mechanism separately.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
mention apache API plugins.
Yes, and that's especially why the stuff is explicitly called "user
manual" and not "developer manual" ;)
Ralf S. Engelschall
here
"apxs" is the one from the Apache installation which includes EAPI!) and
use the resulting mod_bandwidth.so instead.
Ralf S. Engelschall
[EMAIL PROTECTED]
virtual server part. Check your server configuration, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
)
This stuff is declared experimental, because it was still _NOT_
tested in depth and is still _UNDOCUMENTED_. So keep in mind what
SSL_EXPERIMENTAL means and use this with care!
Ralf S. Engelschall
[EMAIL PROTECTED
host container entries, etc.,
into newly created httpd.conf file ?
It will overwrite your executeables and DSOs, but it will
preserve your configuration files.
Ralf S. Engelschall
[EMAIL PROTECTED
away.
Hmmm... strange. But just to make sure: you nevertheless have a "nobody"
in your /etc/passwd, right? But it nevertheless doesn't allow you to
perform a "chown nobody" on some files if you are logged in as root?
H... very strange. What strange OS is this?
(NES) is configured with SSL (server cert only). Can
Apache Proxy act as a SSL client?
If mod_ssl is loaded, mod_proxy can act as a HTTPS client, yes.
Ralf S. Engelschall
[EMAIL PROTECTED
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
. [...]
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
for such
an experimental feature.
But keep in mind that for simple HTTPS client support in mod_proxy you
don't need this experimental stuff. mod_ssl always provides basic HTTPS
support for mod_proxy.
Ralf S. Engelschall
[EMAIL PROTECTED
it. APXS should be fixed to be aware of surrounding
sections.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
with this server
and versions.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
On Wed, Mar 15, 2000, Jeff wrote:
Does anyone know what version of RSA BSAFE toolkit is used in OpenSSL 0.9.x
(crypto altgorithms, etc.)?
Our OpenSSL doesn't contain the RSA BSAFE toolkit, nor do we use it.
Or did I misunderstood your question?
Ralf S
s for your understanding.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
(Documentation, FAQs, Mailing Lists, Newsgroups,
etc.). Should your problems then still remain, feel free to contact me again.
Otherwise I'll assume the problem was already solved in the meantime.
Thanks for your understanding.
Ralf S. Engelschall
immediately upgrade the Apache installation on
this box. That all...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ave to use "RewriteLogLevel", too...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
and VirtualHost directives match and that the VirtualHost
..:443 has an "SSLEngine on", too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
On Sun, Mar 12, 2000, Robert Hiltibidal wrote:
[...]
I wonder could there be something in the -DEAPI option that could cause
SSL to "break"?
[...]
No, I don't think it can break anything.
Ralf S. E
discovered that it leaks a few bytes per restart while in the
past there was no leak. Can you find out with some tools where it leaks?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
touch $HOME/.rnd" doesn't work, of course.
Doing a "cp /vmunix $HOME/.rnd; openssl genrsa ..." or something similar
should work better.
Ralf S. Engelschall
correctly. What do I do?
Create a $HOME/.rnd file with some initial random data/garbish.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
filesystem where the DBM library perhaps deadlocks itself?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
to
stick with Apache 1.3.9 and not use 1.3.12? But if you really want 2.6.2
to run with 1.3.9, it would be possible, of course. But you've to fiddle
around yourself with the source tree and merge mod_ssl into it manually.
Ralf S. Engelschall
piled with this
option?
The option is /DEAPI for the underpriviledged... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschal
O and forget to load it later
(i.e. no "LoadModule" directive in your httpd.conf).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
the builtin seeding source instead.
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
r
seems to have used --with-ssl=openssl-install-prefix instead of
--with-ssl=openssl-source-dir.
Ralf S. Engelschall
[EMAIL PROTECTED]
suite is involved) _only_.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
] mod_ssl: Init: Failed to generate
temporary 512 bit RSA private key
FAQ: http://www.modssl.org/docs/2.6/ssl_faq.html#entropy
Ralf S. Engelschall
[EMAIL PROTECTED
se.
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
itional
SSLProxy directives available which are similar to SSL for the
HTTPS proxy situation and which can be used for verifying the backend
server.
Ralf S. Engelschall
/ http://origin/" to the
HTTPS VirtualHost on proxy.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
ciphers (use "openssl ciphers -v" to find the cipher spec string)
and/or SSLRequire and check the cipher bits with it.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
$HOME/.rnd with some initial garbage in it ("cp
/var/log/messages $HOME/.rnd").
Ralf S. Engelschall
[EMAIL PROTECTED]
upgrade to mod_ssl 2.6, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
anks for discovering this subtle problem. The actual error
was that it is bogus to use the context entry at all for the proxy
stuff. There is no reason for this. The appended patch fixes this and
will be comitted for mod_ssl 2.6.2. Thanks for your help.
Yours,
And another round to make mod_ssl 2.6 as stable as it can be: version 2.6.2.
It provides important bugfixes and a new ca-bundle.crt file for client
authentication.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
're using Apache
1.3.12 and mod_ssl 2.6.0 and that your source tree isn't at an older state?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
is an
EAPI thing and not a mod_ssl thing.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
startup egd:/path/to/egd-socket
feature into mod_ssl.
Now done. egd:/path/to/socket source is now supported in 2.6.1 if
OpenSSL version is = 0.9.5. Thanks for the suggestions.
Ralf S. Engelschall
[EMAIL PROTECTED
mod_ssl 2.6.1 is now available. It provides mainly PRNG changes, but
also a few other fixes and cleanups.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
is problem?
Files to patch on "nmake /f Makefile.nt"? No, the make procedure does
not patch anything. I think you've not correctly applied mod_ssl+EAPI to
your Apache source tree. Check this first, please.
; actually tries to find some files to
seed the PRNG: /var/log/messages /var/adm/messages /kernel /vmunix
/vmlinuz /etc/hosts /etc/resolv.conf. Can it be that Rhapsody has none
of them? Which such files exists on Rhapsody?
Ralf S. E
community in the last years. So if you want
my stuff just install the official wu-ftpd 2.6.0 and you get the same
FTP server functionality as on ftp.modssl.org.
Ralf S. Engelschall
[EMAIL PROTECTED
ot applied mod_ssl correctly to the Apache source tree. The
only compile time errors I expect are problems related to vendor header
conflicts or problems on non-Unix platforms. But such direct compile
errors should never occur.
Ralf S. E
is closed for features and for Apache 2.0 EAPI was partially
and politically replaced by something different.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
RPMs contain some errors, an invalid serial number,
no changelog, etc
(and as far as I've seen aren't ANNOUNCed yet.)
Could you please replace them with the ones I built?
/bin/done
Ralf S. Engelschall
[EMAIL
please so kind and post to modssl-users
again (as a single all-in-one patch) your suggested patches?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
fully when comitting any changes
to not break non-Unix platforms. Can it be that any OpenSSL header
changes cause this?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
These additions work also with vc++ 5.0
Ok, I've added these lines to mod_ssl.h for 2.6.1.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
DSHARED_MODULE -I/sw/pkg/websrv/include/apache
| -I/e/openssl/pkg/openssl-0.9.4/include -c mod_sxnet.c
| gcc -shared -o mod_sxnet.so mod_sxnet.o -L/sw/pkg/websrv/lib/mm/lib -lmm
| -lcrypt
| rse@en1:/e/modssl/src/mod_ssl/pkg.mod_ssl/pkg.contrib/sxnet
| :
with this Apache version (especially because of security
reasons you should consider to upgrade to 1.3.12).
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes
On Fri, Feb 25, 2000, drew wrote:
does anyone have information about getting ones CA cert installed into
Microsoft and Netscapes Browsers, ie becoming a fully qualified CA
Start reading at www.modssl.org under Related-HowTo, please.
Ralf S. Engelschall
this Stronghold derived stuff over one year ago) and your complains to
me (who merged this into mod_ssl and perhaps broke it this way ;).
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
x509 -noout -text -in client.crt | grep Subject:
SSL_CLIENT_I_DN
The DN of the Issuer in the Client Certificate
what you see if you would run
$ openssl x509 -noout -text -in client.crt | grep Issuer:
Ralf S. Engelschall
and the private key is
contained (because the browser has to know the private key, too).
Ralf S. Engelschall
[EMAIL PROTECTED]
browser.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
ot; Apache or stopped and started it? Because this
can happen if you add a certificate/key pair to a new virtual host and
just restart the server.
Ralf S. Engelschall
[EMAIL
Engelschall
Visit us at www.engelschall.com...
(wedding pictures coming in a few days ;)
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
On Tue, Feb 22, 2000, varma chintalapati wrote:
Can we use modssl in USA for commercial use.Can
we get the RSA patent.Could you explain in detail.
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/README.Patents
Ralf S. Engelschall
proceed if any occur.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.mod
... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
+mod_ssl+OpenSSL webserver? AFAIK there is no GUI which
also supports SSL, but I'm not up-to-date with the available GUIs.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
a
Solaris 2.8 box (both SPARC and x86 CPU) where at least a C compiler and
debugger is available for me. Can anyone provide me such Solaris 2.8
access for a few days? Please contact me if you can help out. Thanks.
Yours,
Ralf S. E
weak. I've fixed this now to check
for "*\ -h \*" (and similar for -q and -v) at the last alternative.
Thanks for your feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
, will mod_ssl installation slow down
all Apache processes?
No, not noticeable. Or more correct: mod_ssl slows down the Apache
processes not more than every other additionally activated module.
Ralf S. Engelschall
[EMAIL
);
Thanks for your feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
, FAQs, Mailing Lists, Newsgroups,
etc.). Should your problems then still remain, feel free to contact me again.
Otherwise I'll assume the problem was already solved in the meantime.
Thanks for your understanding.
Ralf S. Engelschall
time. BTW, EAPI is distributed
with mod_ssl, so you can't find it on www.apache.org.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
it compiled fine against both OpenSSL 0.9.4 and the latest
snapshot. Thanks for your feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: ssl_engine_vars.c
nt, too. Just declare the function as
AP_HOOK_SIG2(int,ptr) and make sure "result" is an int.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
proxy server or send
me a example configuration?
The error messages indicate that you're speaking HTTPS to a port where
no HTTPS is spoken. There only HTTP is spoken which leads to those
errors. Make sure your Listen and VirtualHost sections match and that
"SSLEngine on" is present in the
_outside_ of all VirtualHost sections.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
this instead to the PHP support
mailing lists, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
201 - 300 of 1055 matches
Mail list logo