ice you to look inside the Apache logfiles.
Perhaps you get a connection but SSL is just not enabled (don't trust a
"cannot connect" message, it can mean a lot of things).
Ralf S. Engelschall
have to do finally is to
restart your server.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
pts:$x86_elf_asm",
And then configure SSLeay with "perl Configure FreeBSD-elf" instead of "perl
Configure FreeBSD". Do a "make clean" first!
Then all went fine for me
Ralf S. Engelschall
On Mon, Dec 07, 1998, Todd Vierling wrote:
On Thu, 3 Dec 1998, Ralf S. Engelschall wrote:
: And one more question: What's the reason you have to name the DSO
: mod_ssl.so instead of libssl.so? Because of the conflict with the "real"
: libssl.so?
Now I can't remember whether
... Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Offici
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
or runtime dirs.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl
) which can be
used to easily upgrade the libssl.so.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.3 (03-Nov-1998 to 05-Dec-1998
$ SSL_BASE=... ./configure ...
or
$ SSL_BASE=...
$ export SSL_BASE
$ ./configure ...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
somewhere or the ELF stuff confused the
library generation. Because the port works fine at least under my FreeBSD
2.2.6 box.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
unsigned int UINT4' works.
Perhaps your SGI box has a similar problem?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
working on it.
Expect it to be updated today.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
Here is the next pure bugfixing release. In addition to other minor fixes it
mainly solves the problem where under Linux boxes the DBM library wasn't
correctly found.
Ralf S. Engelschall
[EMAIL PROTECTED
On Thu, Dec 03, 1998, Ralf S. Engelschall wrote:
[...]
Changes with mod_ssl 2.1.2 (30-Nov-1998 to 03-Dec-1998)
[...]
The FreeBSD port is now again in sync with the current release version: I've
updated the www/apache13-modssl port to Apache 1.3.3 + mod_ssl 2.1.2 now.
Happy packaging
happy with 2.0.x (not failures occur) and don't need one of
the new features of 2.1, you can wait, of course. Apache 1.3.4 should be
released at least before Christmas ;-)
Ralf S. Engelschall
[EMAIL PROTECTED
--with-apxs instead of --with-apache and
anything else works magically ;-) Let it me know when I can use you as a
beta-tester for this stuff...
Ralf S. Engelschall
[EMAIL PROTECTED]
to suggest
apply.sh be changed in this way.
Yes, this patch (it's a stripped down patch 2.1) accepts "--directory
dirname", too. I'll change it for 2.1.2 to make your life easier.
Ralf S. Engelschall
more more what we want to know ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
as expected also for you
with 2.1.1 in the next days) and try it out once without the LoadModule
command for libssl.so and once with the LoadModule command. Only this way you
can be sure that the problem is really caused by mod_ssl+SSLeay.
Ralf S. Engelschall
nger force NO_WRITEV) and the CA
list is send on client authentication. Additionally a lot of minor bugfixes
were done, of course.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
there will be not two
release branches (which I guess is what you asked about).
Ralf S. Engelschall
[EMAIL PROTECTED]
sense, because of the
re-fragmentation in the SSL record layer. So even when a SSL_writev() could
exists it would not write it's iovec is one step.
Ralf S. Engelschall
[EMAIL PROTECTED]
the not used writev() is really a
network performance problem. Usually Apache's performance penalties exists at
other corners, AFAIK.
Ralf S. Engelschall
[EMAIL PROTECTED
On Sat, Nov 28, 1998, Ralf S. Engelschall wrote:
On Sun, Nov 29, 1998, Anthony Rumble wrote:
[...]
When will EAPI have writev support..
I've now again searched for the details. When we want to create a SSL_writev()
by trying to emulate writev() we have no chance. On most systems writev
(or at least a SSLRequireSSL to
prevent access to those dirs through the SSL-disabled VirtualHost).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
mechanism in LDAP to overcome those things? Can
the LDAP filter funtions be used for this? Hmmm... my current LDAP knowledge
is too less here, sorry.
Ralf S. Engelschall
[EMAIL PROTECTED]
-inform DER -in iis-server.key -outform PEM -out server.key
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
. What's the opinion of others?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.co
\.com(:443)?$
RewriteRule ^/.* - [F]
The check for the not existing Host header is just to allow old browsers (who
don't send it) access, too. If you don't want this, leave the SetEnvIf for
^$ or the RewriteCond for "" out.
you don't need the compat code you can just build
mod_ssl without it by using --disable-rule=SSL_COMPAT, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
to convert such a IIS cert/key for Apache+mod_ssl.
Because I think it would be useful to share this experience with the others
upgraders...
Ralf S. Engelschall
[EMAIL PROTECTED
es with a fixed file extension, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interfac
ot_ needed.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
ou can use
a single DirectoryMatch instead of more Directory sections. This at least
reduces the redundancy in writing down the stuff a little bit.
Ralf S. Engelschall
[EMAIL
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
all parties (RSA DSI and RH) we
should add this information to the mod_ssl FAQ. Because this is mostly FAQ#1
for US citizens...
Ralf S. Engelschall
[EMAIL PROTECTED]
on September 20, 2000. This is in two years, Preston. And
two years in real life is a long time on the web... In the meantime a
compromise seems to be reasonable.
Ralf S. Engelschall
[EMAIL PROTECTED
d the most important
questions for which we need an RSA DSI answer: 1. Is it ok to apply the bought
license to a different package and 2. which RSA-code has to be used (the one
from BSAFE, or from RSAref, or from SSLeay). Now I'm very corious about the
response.
ion
being run?
Perhaps you also want to disable mod_info...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing
to the dialog box. At least I don't know
what we could do different on server/mod_ssl side... :-(
Ralf S. Engelschall
[EMAIL PROTECTED]
On Wed, Nov 18, 1998, William X. Walsh wrote:
On 18-Nov-98 Ralf S. Engelschall wrote:
On Wed, Nov 18, 1998, Manuel J. Galan wrote:
I've uploaded apache-1.3.3/mod_ssl-2.1.0 to
contrib site.
Builds and installs flawlessly in an Apollo (RH5.2) system.
If you have other addon
himself under this platform. So it's reasonable
to not distribute official Win32 binaries.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
TO REBUILD ALL PARTS.
And in practice this means recompiling with -DEAPI.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
use only an own compiled Apache+mod_ssl+mod_perl+whatever
bundle and not intermix RH's SRPM stuff with third party stuff.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
On Wed, Nov 18, 1998, Philip Gwyn wrote:
On 17-Nov-98 Ralf S. Engelschall wrote:
Happy birthday! The 2.1.0 tarball is rolled and released. Either
it now horribly fails or succeeds, but at least it's now out. The
official Announcement is appended below. Thanks to all who
assertions for programming errors. Because why has asserting the
returned number of bytes from read() anything to do with a programming error?
It's just an I/O error.
OTOH gcache (where the assertions originally were used) is already
gone in mod_ssl 2.1...
Ralf S. E
When it then doesn't run it's easier to
find the problem. When it runs it's easy to switch over to your RPM-based
stuff with more features.
Ralf S. Engelschall
[EMAIL PROTECTED]
related problem which currently popped up
for someone else seems not to be really related to a bug of mod_ssl under
RH5.2 in general. Instead it's more a mod_perl - Extended API or other
conflict.
Ralf S. Engelschall
[EMAIL
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
. Thanks for your immediate feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: configure.bat
will contain the complete user manual and sources.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
but I break those rules intentionally as a
webdesigner (and not as a HTML purist) here ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Sun, Nov 15, 1998, Mats Dufberg wrote:
On Sun, 15 Nov 1998, Ralf S. Engelschall wrote:
Yeah, it uses a width of 600 pixel. That's not to bother you. There are two
reasons for it: First this way I'm able to layout the various nested tables
more easily (where I sometimes had to specify
me it it
little bit (by running "time script", etc). But there will be no really
meaningful numbers, of course...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
for the 2.1 branch or be quiet later ;-)
The birth of the final mod_ssl 2.1.0 version is planned for Tuesday, November
17th, 1998. Because on this day we then can celebrate two birthdays: a 2.1*1
birthday and a 2.6*10 birthday... :-)
Greetings,
Ralf S. Engelschall
use (or under certain circumstances at least only
use one) name-based virtual hosts in conjunction with SSL. You have to use
IP-based virtual hosts. Please read the FAQ entry under
http://www.engelschall.com/sw/mod_ssl/docs/#FAQ-vhosts for more details.
Ralf S
I have quickly scanned through the FAQ for the PKCS12 CA-fix, and seen
the term there - is it the same option?
Yes, and the CA-fix you've seen is the same as mod_ssl uses under `make
certificate' (where -nobscrit is used, too).
On Fri, Nov 06, 1998, Trung Tran-Duc wrote:
On Fri, 06 Nov 1998 15:59:30 GMT,
Ralf S. Engelschall [EMAIL PROTECTED] wrote:
[...]
Also apache crashes on NT
when I try to restart it (apache.exe -k restart). It's inside ssleay.
I'm going to debug it...
[...]
It's run in the master
On Mon, Nov 09, 1998, Trung Tran-Duc wrote:
On Mon, 09 Nov 1998 10:03:23 GMT,
Ralf S. Engelschall [EMAIL PROTECTED] wrote:
[...]
This way we init SSLeay on every init under DSO/DLL situation but not under
Unix/non-DSO. And the pass phrase handling is done only on the first init
On Mon, Nov 09, 1998, Trung Tran-Duc wrote:
On Mon, 09 Nov 1998 10:03:23 GMT,
Ralf S. Engelschall [EMAIL PROTECTED] wrote:
[...]
This way we init SSLeay on every init under DSO/DLL situation but not under
Unix/non-DSO. And the pass phrase handling is done only
ne idea is to change the string
comparisons to an ID lookup, etc.
Perhaps you have more optimizing ideas?
Ralf S. Engelschall
[EMAIL PROTECTED]
as the error (do cut paste from your shell, please)?
Especially at which step does the error occur...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
One more maintainance release for the stable 2.0 branch
is available for your pleasure...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes
2.1.0 is coming...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay
programs to generate your own certs? SSLeay
comes with all those stuff, although it's not always easiy to use. The
simplest way to generate your free/own certificate for Apache is to use
mod_ssl's `make certificate' procedure.
Ralf S. Engelschall
rectly run "configure.bat"
from the shell, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
. We just have to know what SSLeay functions we have
to call on server restart time.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
an incorrect VirtualHost line.
So when 8443 doesn't work but 443 does (assuming you have matching Listen
directives both times) please let us trace this down. It should work with 8443
for you, too.
Ralf S. Engelschall
[EMAIL
should add a similar check for the HTTP port, too. Is
there a magic cookie in the first bytes of the SSL protocol which we can check
for on the HTTP port through some low-level hook?
Ralf S. Engelschall
[EMAIL PROTECTED
I was able to incorporate from an article with permissions by
the author ;-) and a few bug fixes. And then I expect the next version to be
2.1.0. Timerange? One to two weeks, I think. That depends mainly on _your_
feedback...
Greetings,
Ralf S. E
of compilation being important.
Ops, did you missed the step-by-step list at the end of the INSTALL file,
John? Or is this list still not exactly what you want? Do we have to enhance
it in some way? I append you the steps below...
Ralf S. Engelschall
"" change and to document the depth calculation this
way?
Still no votes from the hacker community?
Seems like no one uses SSLVerifyDepth... ;-)
Please say "this is a bad change, because..." now or
I'll change it this way for 2.1b9/2.1.0.
search for the correct solution together
more easily.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
e a test cert and use the pre-configured httpd.conf file
APACI installs under `make install'. Then move this stuff into your real
server environment.
Ralf S. Engelschall
[EMAIL PROTECTED]
would register...
Would be intressting...
So, go for it. Now you _can_ register under:
http://www0.engelschall.com/sw/mod_ssl/example/refs.phtml
Ralf S. Engelschall
[EMAIL PROTECTED
On Mon, Nov 02, 1998, Ralf S. Engelschall wrote:
[...]
So, go for it. Now you _can_ register under:
http://www0.engelschall.com/sw/mod_ssl/example/refs.phtml
Ops, sorry. Cut pasted to fast the URL of my development box.
The correct URL is the following (of course):
http
it should be to be
acceptable for the users. Then it's better at least to disable it all the time
and declare it as an experimental feature. I personally think the default
functionality should be already as secure and robust that users don't have
problems with it, shouldn't it?
On Sun, Nov 01, 1998, Michael Kunze wrote:
Ralf S. Engelschall wrote:
As a result I never succeeded in making an SSL connection using client
certificate with MSIE.
Just to inform you that your request is not ignored: I've no clue what's going
wrong with MSIE and I currently cannot
.
At least in the hope there are already more than we two guys who run
Apache+mod_ssl ;-)
Opinions?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
' works
again as expected.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.0.14 (09-Oct-1998 to 01-Nov-1998)
*) Backport from 2.1 branch
On Fri, Oct 30, 1998, Ben Laurie wrote:
Ralf S. Engelschall wrote:
And now I ask me why _isn't_ this better? I don't understand it, Ben. IMHO
this non-assertion way _is_ better, because it prevents the system from being
dropped down (kind of DoS) by a local attacker
I'm happy
On Sat, Oct 31, 1998, Ben Laurie wrote:
Ralf S. Engelschall wrote:
H??? Do you mean it cannot occur in practice? Or do I misunderstand you
here. As I said: We not even need an attacker: When an I/O read error occurs
for gcache it already falls down. So the DoS attacker is just
have to eliminate all assertions, of course. Some of them
can be ok. But the I/O related ones should be replaced by different error
checking code...
Ralf S. Engelschall
[EMAIL PROTECTED
).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl
we could check the pathlen of X.509 V3 certs. Opinions and ideas how we
should allow this to be configured (directives, arguments, etc.)?
Votes for the "=" to "" change and to document the depth calculation this
way?
On Thu, Oct 29, 1998, Jake Buchholz wrote:
On Thu, Oct 29, 1998 at 06:57:09PM +0100, Ralf S. Engelschall wrote:
We already discussed this stuff recently (look inside the sw-mod-ssl archives
for the details please). So it would be nice when one of the US citizens on
this list who know
mean exactly
this? Then it should unpack into the current working directory because this is
maximum portable, IMHO.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1b7 (09-Oct-1998 to 30-Oct-1998)
*) Fixed DBM access stuff: An invalid argument was given by the
NDBM emulation layer of DB
, because it prevents the system from being
dropped down (kind of DoS) by a local attacker
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
..
Please complete this stuff once, so I can add it to the FAQ for the future to
avoid again and again finding answers to the same questions. Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED
'll change my
scripts. Thanks for the reminder.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
Apache and my Linux
box for this, so any pointers appreciated.
For Apache read http://www.apache.org/docs/vhosts/.
For setting up the IP aliases on the network interfaces,
perhaps read the appended text from the BeroFTPD distribution.
Ralf S. Engelschall
On Sat, Oct 24, 1998, Simon Kenyon wrote:
On 24-Oct-98 Ralf S. Engelschall wrote:
Oh sorry, I at least should say what the main key to DSO support for mod_ssl
was: Instead of patching in SSL-things into the Apache core now a totally
generic API extension is patched in (the apache.patch
On Sat, Oct 24, 1998, Ralf S. Engelschall wrote:
Just for your information and to share my great happyness ;-) :
Dynamic Shared Object (DSO) support for mod_ssl is now possible!
Yeah, I know, it was declared as impossible even by me in the past but now
it's actually implemented
it's different objects, but try it nevertheless". I
recommend you to first try the easiest way: Use --disable-rule=IRIXN32. Then
I would try to add -n32 for SSLeay and only at last I would try a linker
option.
should at least add a hint to it that it's _really_ just a
quick illustration and that the user should read the INSTALL file when he
wants to setup the stuff correctly.
Ralf S. Engelschall
ache detaches itself
implicitly. So there is no need for "httpd ", neither with nor without
mod_ssl ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
On Thu, Oct 22, 1998, Tony Earnshaw wrote:
"Ralf S. Engelschall" wrote:
Fine.
Ralph, perhaps it's time to tell your mailer that you're back from
Apachecon?
Ops, right. I'm still fighting the huge amount of traffic which my mail
folders assembled the last week that I tota
901 - 1000 of 1055 matches
Mail list logo