Eli Marmor <[EMAIL PROTECTED]> writes:
> > Under NT you can go to http://www.opensa.org/ and get Apache, mod_ssl,
> > OpenSSL and PHP4 with a comfortable installation for about 3MB.
> > Five to ten minutes download plus two minutes installation and that`s
> > it. That should be ok ?!
>
> I know
I searched the archives (ran through the debugger, just called netscape
support, ...) and came up empty, so...
When our server is setup to require client certs, we've found that netscape
on Windows 9x and NT (not IE and not netscape on GNU/Linux) will "hang" on
the first connection to the server
Rainer Nowagk <[EMAIL PROTECTED]> writes:
> Hi,
>
> In a content handler (written with the C API) I want to check whether
> the current transaction goes via SSL or not.
> What is the best method to do this?
if (ap_ctx_get(r->connection->client->ctx, "ssl") != NULL)
ssl;
<[EMAIL PROTECTED]> writes:
> I just built apache_1.3.9 + mod_ssl-2.4.5-1.3.9 + openssl-0.9.4 (it
> wouldn't build with rsaref, but that's another can o' worms I'll worry
> about later).
>
> It's running on both ports 80 and 443. I can connect with standard http
> fine, but when I try https, the
This expired on Oct. 8th. Would a certificate-ca Makefile target be a
reasonable WISHLIST item?
-Tom
P.S. I haven't checked the DSA variant.
--
Tom Vaughan
__
Apache Interface to OpenSSL (mod_ssl) www.modss
sharri parsell <[EMAIL PROTECTED]> writes:
> i hope this is a simple question:
-l does not show dynamically loaded modules.
>
> i've just finished installing a mod_ssl'd and mod_perl'd apache.
> i followed the installation docs (there was even an example for my
> setup) pretty carefully. upon
Alexander Boiler <[EMAIL PROTECTED]> writes:
> I want now to use X509 certificates to access the application on iis
> server .
Without access to the client's private key, there is no way the the
apache+mod_ssl based proxy, or any proxy, can make a connection to the
other server as though it were
Ben should really like this one. By default, IE always, and I mean always,
re-negotiates every two minutes. This can be modified by changing the
registry setting:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ClientCacheTime
The unit of measure is ms. There is also a ServerCac
Any plans to make the MM CVS archive available via rsync?
A recent query shows only:
RSYNC service ready (rsync 2.3.1)
wml-distrib Website META Language (WML): Distribution Files
wml-cvs Website META Language (WML): CVS Repository
eperl-distrib Embedded Perl 5 Language (ePerl): Di
[EMAIL PROTECTED] writes:
> [Fri Aug 13 22:39:30 1999] [error] OpenSSL: error:140D9115:SSL
> routines:SSL_GET_PREV_SESSION:session id context uninitialized
> [Fri Aug 13 22:39:51 1999] [error] mod_ssl: SSL handshake failed (client
> 127.0.0.1, server "servername is here":443) (OpenSSL library err
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> What do you mean by "first time" and "subsequent calls", Tom? Do you mean
> really subsequent calls in the same HTTP request processing step or calls in
> different HTTP requests? At least I think that the ssl_scache_retrieve
> function call sh
First, this is only for my own edification. This is not (necessarily)
something I want to see put into mod_ssl. But what would an EAPI hook have
to look like in order to return the SSL session data? I currently have
something that looks like:
SSL_SESSION *ssl_scache_lookup(const conn_rec *c)
{
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Thu, Aug 12, 1999, [EMAIL PROTECTED] wrote:
>
> > I suppose you could run through all the cache entries and make sure they
> > jive with the server's configuration, and then remove the ones that
> > don't.
>
> I've still not checked the te
"David Harris" <[EMAIL PROTECTED]> writes:
> Of Ralf S. Engelschall wrote:
> > Hmmm... I've no great opinion on this issue. I can see reasonable arguments
> > for both keeping the DBM file and truncating it. At least I've no objection
> > on using O_TRUNC or doing an unlink before ssl_dbm_open i
[EMAIL PROTECTED] writes:
> Our QA team noticed that a browser had connected to the server using a
> particular cipher, the server was then configured to not allow that cipher,
> the server was re-started, and the browser was able to resume its session
> using the now dis-allowed cipher.
I mean
Our QA team noticed that a browser had connected to the server using a
particular cipher, the server was then configured to not allow that cipher,
the server was re-started, and the browser was able to resume its session
using the now dis-allowed cipher.
-Tom
--
Tom Vaughan
__
[EMAIL PROTECTED] writes:
> We'd like to have our config tool build this directive, but nobody can seem
> to figure this directive out. The config tool would have checkboxes like:
>
> [ ] 40 DES w/ SHA
> [ ] 56 DES w/ SHA
> [ ] 3DES w/ SHA
>
> [ ] 40 RC4 w/ M
Jukka Juslin <[EMAIL PROTECTED]> writes:
> This problem appears after the New Certificate -dialog on the client side.
> Problem seems to be client dependent since Irix+Netscape_4.08 work fine.
>
[ snip ]
> If somebody have had same error message and figured out the reason,
> please reply!
I rem
[EMAIL PROTECTED] writes:
> "Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
>
> [snip]
>
> > Ok, ok, when I understand you correctly, you want that mod_ssl can read any
> > combination Let's see what I can do.
>
> Much appreciated! Though I don't think every combination is required. At
>
Mark Jaffe <[EMAIL PROTECTED]> writes:
> I'm sorry, I may be sending this to the wrong list; in the
> apache_1.3.6 INSTALL.SSL doc, it has this section:
Right list.
The --prefix option is where you want Apache+mod_ssl installed. You may
want to try '--layout=Apache' instead.
But if INSTALL.SS
Generally the message below from your logfile means that the client hit the
'stop' button. As for your start/stop/restart problems, I dunno. It could
be that you just aren't waiting long enough for your server to
startup. There is a lot mod_ssl has to do at init. Do a `tail -f
logs/error.log` and
My guess is that you already have another server process running that is
bound to this port. Do a `ps auxw | grep httpd` and kill 'em all. And then
start apache.
-Tom
Jason Gilmore <[EMAIL PROTECTED]> writes:
> Nevermind!
>
> I fixed it. The problem seemed to be that I was explicitly (i.e. Lis
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> How about his quick try:
>
> rse@en1:/u/rse
> :> openssl ciphers -v "-ALL:RSA:-HIGH:-MEDIUM:-MD5:RC4-MD5:-RC4-64-MD5"
> DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
> EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA
James Simmons <[EMAIL PROTECTED]> writes:
> Question we are setting cookies in a unsecure area then we transfer to
> a secure area can we still access the same cookies? Is this safe to do?
So long as this is within the same domain, then you should have no problem.
As far as security goes, that
Ben Laurie <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] wrote:
> >
> > No user session that
> > is. My idea is to have the user authenticate, and then bind the user id to
> > the ssl session id. Next time around, I'll see that I have an user id
> > associated with the ssl session id and not b
Ben Laurie <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] wrote:
> >
> > The idea behind this is to make the ssl session id available so that other
> > modules may use the ssl session id as a `key' into their own session table.
>
> This really isn't a good idea. The most obvious reason is that
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Wed, May 19, 1999, [EMAIL PROTECTED] wrote:
>
> > This patch makes the ssl session id available via the environment variable
> > SSL_SESSION_ID. Apache modules may obtain this ssl session id via the
> > "ap::mod_ssl::var_lookup" EAPI hook. T
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> 1. When this is a separate module which does the redirect and
>mod_ssl does nothing more with the variables than just implement them, it
>would be more clean to implement the two directives directly in your own
>module where you do
This patch[1] adds two new directives, SSLServerName and SSLServerPort. The
idea behind these two directives is to associate a SSL-aware Apache server,
with a non SSL-aware Apache server. For example:
One could have in httpd.conf:
Listen 80
Listen 443
SSLServerName ssl.f
This patch makes the ssl session id available via the environment variable
SSL_SESSION_ID. Apache modules may obtain this ssl session id via the
"ap::mod_ssl::var_lookup" EAPI hook. The value of this ssl session id is
actually the concatenation of the hex representation of each byte in the
ssl ses
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Mon, May 17, 1999, [EMAIL PROTECTED] wrote:
>
> > Is it possible to get the SSL session id
> > for further handling in my servlet?
> >
> > In the ssl_engine_log I can see the
> > request with [info] Connection: Client IP: xx.xx.xx.xx...
> >
"Dave Neuer" <[EMAIL PROTECTED]> writes:
> -Original Message-
> From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Wednesday, April 28, 1999 5:55 PM
> Subject: Re: mod_ssl w/ BSAFE?
>
>
> >On Wed, 28 Apr 1999, Dave Neuer wrote:
> >
> >> Has a
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Tue, Mar 30, 1999, [EMAIL PROTECTED] wrote:
>
> >[...]
> > > Sorry, I still don't understand the point here, too. Why do you want that
> > > other modules should be able to access the session ids in the session cache?
> >
> > So that other
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Mon, Mar 29, 1999, [EMAIL PROTECTED] wrote:
>
[snip]
> > Unless there is some standard way to come
> > up with session id's then there is the possiblity that modules could use
> > the same session id within the same pool which would be bad.
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> Another update is available before new features will be introduced (in 2.2.8):
> mod_ssl 2.2.7 for Apache 1.3.6. This version mainly contains support for the
> MSIE client workaround. Additionally some memory leaks were fixed. The next
> versi
Have you created a new server certificate? This sounds familiar. If I
remember correctly, you'll have to goto Security->Web Sites in your browser
and delete the server certificate entry for this site.
-Tom
[EMAIL PROTECTED] writes:
> Full_Name: Ronan-Yann Lorin
> Version: 2.2.6
> OS: Linux
> S
James Simmons <[EMAIL PROTECTED]> writes:
> Okay I have some new problems. First on my test server I have one virtual
> host and it works for both http and https. On my live machine when I tried
> this it would only make the server go only threw the SSL port. So I had to
> define a second virtual
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
[snip]
> Yeah, the problem is that OpenSSL doesn't know these "ENCRYPTED PRIVATE KEY"
> headers. Mod_ssl cannot change this, of course. The question now is: From
> where do they come, i.e. which program created this format? And what's in
> this
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
>*) The SSLCertificateFile and SSLCertificateKeyFile directives now can read
> PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER
> format certificate and private key files. This is mostly provided for
> co
"Christian Buysschaert" <[EMAIL PROTECTED]> writes:
> For your Netscape browser, you could use Fortify (www.fortify.net) to
> patch your browser to allow strong cryptography.
See also http://www.replay.com/. Many 128 bit versions of many popular
browsers to import.
-Tom
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> As you perhaps remember, one of my current projects is to add shared memory
> pools to Apache 1.3. Because this would open a large scale of new
> possibilities for module authors, especially for Doug, Rasmus and me.
It would be really cool to
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
[snip]
> When this is the case, then it gets hard for an OpenSSL application. Because
> AFAIK the in-core cache of OpenSSL (per server process) cannot be devided into
> separate instances (for each virtual server) by the application. So, it seem
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
[snip]
> Ok, with the appended patch I was at least able to load PEM, DER+Base64 and
> plain DER server.crt and server.key files. Please try it out with your
> cert/keys and give me feedback, please.
Again, thank you Ralf. Well it's late Friday
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
[snip]
> Ok, ok, when I understand you correctly, you want that mod_ssl can read any
> combination Let's see what I can do.
Much appreciated! Though I don't think every combination is required. At
least not by us. DER Base64 encoding of PKCS
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
[snip]
> Ok, sounds like a reasonable suggestion. But do you want DER+Base64 or just
> plain DER? Because DER is a binary format while DER+Base64 is the binary plus
> Base64 transformed and PEM is actually DER+Base64+Header/Footer. So, what
> exa
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Thu, Mar 04, 1999, [EMAIL PROTECTED] wrote:
>
> > If I wanted mod_ssl to use DER Base64 encoded certs by default, would it be
> > as simple as doing a `perl -pi -e 's/PEM/DER/g;'` to the mod_ssl source
> > files, and then adding '-outform DE
If I wanted mod_ssl to use DER Base64 encoded certs by default, would it be
as simple as doing a `perl -pi -e 's/PEM/DER/g;'` to the mod_ssl source
files, and then adding '-outform DER' to makecrt.sh where appropriate?
(compile and install afterwards of course)
Thanks,
Tom
___
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Wed, Mar 03, 1999, [EMAIL PROTECTED] wrote:
>
> >[...]
> > Is this the same re-start bug that's been around for a while?
>
> Oh wait, I forgot to ask in the last mail: What bug are _YOU_ speaking about?
> I reads like you know a restart bug
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Tue, Mar 02, 1999, Ralf S. Engelschall wrote:
>
> > On Tue, Mar 02, 1999, Sander Steffann wrote:
> >
> > > Same problem here on Linux. https is also down after a graceful restart.
> > > Sander.
> > >
> > > >mod_ssl/2.2.3 failed to restart(
Stein Vrale <[EMAIL PROTECTED]> writes:
> Im using apache-1.3.3, mod_auth_pam-0.8, mod_ssl-2.0.13-1.3.3, and
> mod_pam auth seems to work ok for me with mod_ssl.
So your problem has gone away?
>
> Im using virtual hosts and a location setup like this, have not tried
> with .htaccess. Also note
Nuno Miguel Neves <[EMAIL PROTECTED]> writes:
> Hi.
>
> I'm trying to use mod_auth_pam and mod_ssl, but it seems that they are
> exclusive!
What version of mod_auth_pam? What version of PAM?
> When I compile Apache without SSL, the .htacces file works fine, and shows
> me a login/password wind
51 matches
Mail list logo
