I'm so sorry, I had no idea that was happening. I'm
using a
company mail here.
The only thing I can do about it is
unsubscribe, I'll do that immediately.
/Daniel
- Original Message -
From:
Harald
Langaker
To: [EMAIL PROTECTED]
Cc: modssl-users@modssl.org
Sent:
This can't be the problem, as I specify the CA using SSLCACertificatePath using the proper HASH names. I've also tried SSLCACertificateFile.using s_client with SSLVerifyClient optional, it shows that the server is correctly identifying which CAs are allowed.I think the problem is with Safari and
Hoda Nadeem schrieb:
A team member was able to find a working solution (issue: single IP, two
domains, one domain requires client auth, the other domain plain SSL,
both functional with same apache instance using virtual hosts):
Hi Hoda,
test the following:
Close all browsers to get a new
: Re: SSL Client Auth with Virtual Hosts
Hoda Nadeem schrieb:
Eckard and All,
Does anybody know if there is any work around to get the following
scenario to work?
1 IP Address
2 domain names attached to the same server IP address
2 SSL virtual hosts: 1 with client authentication, 1
- Original Message -
From:
C T
To: modssl-users@modssl.org
Sent: Wednesday, June 22, 2005 2:34
AM
Subject: certificate and authentication
re-prompting
I need some advice/help.
I am running...well my web host service is running...
Apache/2.0.46 (Red Hat) Server
On Wed, Jun 22, 2005 at 02:06:32PM -0500, Jeffrey M. Johnson wrote:
I have a host that has 40 some virtual hosts associated with it, but only
one of those hosts is configured for modssl. I know need to configure a
second (and possible more) virtualhosts for modssl.
First, I am assuming
Jeffrey M. Johnson wrote:
I am knew to this list and have spent many hours looking for an answer I
am sure is probably right in front of my face.
knew?! from a .edu address? ::boggle:: alas, I digress.
I have a host that has 40 some virtual hosts associated with it, but
only one of those
On Tue, 21 Jun 2005, Jon August wrote:
Hi,
I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
When I start apache, everything appears to work except the SSL site.
There's some sort of warning about the cache. mod_ssl.c is listed as
a compiled in module, and there's an:
Can I just remove the IfDefine tags? or is that not recommended?
On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:
On Tue, 21 Jun 2005, Jon August wrote:
Hi,
I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
When I start apache, everything appears to work except the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 21 Jun 2005, Jon August wrote:
Can I just remove the IfDefine tags? or is that not recommended?
You could though the gain might not be there, why not just run the server
in the proper mode?
Thanks,
Ron DuFresne
On Jun 21,
On Tue, 21 Jun 2005, Jon August wrote:
Can I just remove the IfDefine tags? or is that not recommended?
Yes, feel free. My understanding is that the only reason it's in there in
the first place is to try to make it clear that SSL isn't something you
can have work directly out of the box...
m surfaces when I begin to browse around in the https area. Sooner
or later I will get re-prompted to accept the certificate and enter my
username/password, again.
I don't know why it does this, and my web hosting service can't seem to
explain it either.
I've reproduced the error on more than 4
Hoda Nadeem schrieb:
Eckard and All,
Does anybody know if there is any work around to get the following
scenario to work?
1 IP Address
2 domain names attached to the same server IP address
2 SSL virtual hosts: 1 with client authentication, 1 without client
authentication
I need to try to
Joe Orton wrote:
On Fri, Jun 03, 2005 at 08:56:56AM +0200, yvin Smme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
mod_ssl in httpd 2.0
yvin Smme wrote:
Joe Orton wrote:
On Fri, Jun 03, 2005 at 08:56:56AM +0200, yvin Smme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
of entropy
[Thu Jun 09 17:33:46 2005] [info] Initial (No.1) HTTPS request received for
child 0 (server www.myserver.com:443)
[Thu Jun 09 17:33:46 2005] [info] Requesting connection re-negotiation
[Thu Jun 09 17:33:46 2005] [info] Awaiting re-negotiation handshake
[Thu Jun 09 17:38:46 2005] [error] Re
:443, client 192.168.0.253)
[Thu Jun 09 17:33:46 2005] [info] Seeding PRNG with 144 bytes of entropy
[Thu Jun 09 17:33:46 2005] [info] Initial (No.1) HTTPS request received for
child 0 (server www.myserver.com:443)
[Thu Jun 09 17:33:46 2005] [info] Requesting connection re-negotiation
[Thu Jun 09 17
Am Montag, 13. Juni 2005 09:49 schrieb Charles-Edouard Ruault:
Well to prevent access in http you should place a deny directive in the
http related part of your config file.
Location /yoururl
deny from all
/Location
I think this will be the only solution. However the documentation says:
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts
Hoda Nadeem schrieb:
On my setup, client authentication is either on or off globally. I
can't seem to isolate it at the virtual host level.
Exactly.
Take a look at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts,
use
I looked at that. That seems to be an issue with mod_proxy_connect.
This issue turns up only if the proxy is running on the ssl enabled server
on the ssl enabled port.
Its a problem with mod_ssl more than anything else.
--- Ursprüngliche Nachricht ---
Von: Fitzner Daniel [EMAIL PROTECTED]
Are you using name-based or ip-based VirtualHosts?
--- Darryl W. DeLao Jr. [EMAIL PROTECTED] wrote:
I am running Apache 2.0.46 on RHEL 3.0 ES. I have about 8 virtualhosts
using port 80. I want to add a virtualhost for port 443. I have the
key installed, etc. When I add a virtualhost for this
Also let me know:
Does your Default-site have the option for SSL-Enabling?
If so what is the configuration...you may send me the
Default-virtual-host snippet from ssl.conf if it exists?
If you have defaultsite SSL-Enabled on port 443, then
you cannot have the other SSL-Enabled virtual hosts
Hello,
Try putting all virtual host in the ssl.conf file. For the non ssl hosts
make sure sslengine is off. Let me know if this works if you have not
already tried it.
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darryl W. DeLao Jr.
Sent:
.
- Original Message -
From: Waller, Lonie [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Monday, June 06, 2005 9:32 AM
Subject: RE: Apache and SSL
Hello,
Try putting all virtual host in the ssl.conf file. For the non ssl hosts
make sure sslengine is off. Let me know if this works if you
You may try the following section in /etc/httpd/conf.d/ssl.conf:
# Use SSLCryptoDevice to enable any supported hardware
SSLCryptoDevice builtin
Instead of bulitin give the name of your device.
--- Horthik [EMAIL PROTECTED] wrote:
hi,
I am writting an interface for a SSLHardware
On Fri, Jun 03, 2005 at 08:56:56AM +0200, yvin Smme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
mod_ssl in httpd 2.0 supports the
I suggest you follow the procedure in the openssl source package
(install.w32) instead of using the perl commands in the apache httpd
documentation. This worked fine for me.
HTH
michael
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im
Auftrag von b h
@modssl.org
Subject: Re: problem compiling on windows
I suggest you follow the procedure in the openssl source package
(install.w32) instead of using the perl commands in the apache httpd
documentation. This worked fine for me.
HTH
michael
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 1:27 AM
To: modssl-users@modssl.org
Subject: Re: problem compiling on windows
I suggest you follow the procedure in the openssl
source package
(install.w32) instead of using
Yes, I've had an environment like that running.
/Daniel
- Original Message -
From: Hoda Nadeem [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Tuesday, May 31, 2005 6:05 PM
Subject: SSL Client Auth with Virtual Hosts
Does anybody know if it is possible to use virtual hosts with
/etc/httpd/conf/ssl.crt/server-calist.crt
SSLOptions +StdEnvVars +ExportCertData
/VirtualHost
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Kimblad
Sent: Thursday, June 02, 2005 8:50 AM
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth
Rob,
I may be wrong but i would work through your mod_rewrite configuration as
afaik this error is caused by internal redirections going in a loop, rather
than it being an ssl related error.
you can turn on rewrite logging and see exactly what it is doing, although
beware this does produce
Hope this was helpful.
/Daniel
- Original Message -
From: Hoda Nadeem [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Thursday, June 02, 2005 3:26 PM
Subject: RE: SSL Client Auth with Virtual Hosts
Are there any parameters that I am missing, or am I doing something
Do you have different VirtualHosts configured for
the domain-name
and the IP-address? If so, do they differ in configuration?
/Daniel
- Original Message -
From:
Rob Waldrum
To: modssl-users@modssl.org
Sent: Thursday, June 02, 2005 3:36
PM
Subject: Redirection
Hoda Nadeem schrieb:
On my setup, client authentication is either on or off globally. I can't
seem to isolate it at the virtual host level.
Exactly.
Take a look at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts,
use a different IP for your second host and it will work.
Greetings from
--- Joe Orton [EMAIL PROTECTED] wrote:
On Tue, May 31, 2005 at 05:10:27AM -0700, Bibhash Roy wrote:
I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
The apache rpm is httpd-2.0.52-9.ent
...
2.
When I add a ssl-enabled virtual-host, I get the following error on restart:
Here follows a simple full server SSL setup for reference.
--
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
Hi Daniel,
I have the SSL setup already as you have mentioned
except these two lines.
SSLVerifyClient require
SSLVerifyDepth 1
And moreover this erros I'm seeing in only one server.
In all other servers, this works perfectly fine.
Do I need to look for any machine specific things,
that could
On Tue, May 31, 2005 at 05:10:27AM -0700, Bibhash Roy wrote:
I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
The apache rpm is httpd-2.0.52-9.ent
...
2.
When I add a ssl-enabled virtual-host, I get the following error on restart:
[EMAIL PROTECTED] ~]# /etc/init.d/httpd restart
Title: Message
What
version of Apache and mod_ssl are you using? Are you trying to compile it in
static or are you using DSO? Need more details.
If
your unclear about the above, read this for a quick overview (if you haven't
already) http://www.modssl.org/docs/2.8/ssl_overview.html
Hopefully stratech has you on the bench right now so ya get paid to go
back and read the dcs you obviously avoided for a quickie fix here
smile.
Did you complie with all hte proper settings for ssl? is this 1.3.x or
2.0.x? there are differences, slightly in how one enables ssl in each.
Do you
Thanks for the info.
I was able to get a clean build from the apache and openssl source
distributions last
night.
The apache site contains the following page which describes pretty well how to
build the
openssl, and apache with mod_ssl directly from the source if you have the
microsoft
Lucky you!.
I compiled 2.0.47 on my own it was rather cumber i have to download flex,
bison etc.
Compiling openssl was rather straight forward with using the perl script. I
set an environment variable in MS C++ 6.0 IDE. I am sorry I forgot it which
variable I used.
Regard
Richard
Thanks for
On Wed, Jan 26, 2005 at 02:15:37AM -0800, ColinB wrote:
What is the relationship between mod_ssl for Apache 1 and Apache 2 ?
The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the
two versions are not the same module.
Why doesn't www.modssl.org say that it is for both Apache 1
I think I know the answer to this but what the heck...
I run apachectl -l and get...
core.c
worker.c
http_core.c
mod_so.c
No mod_ssl . This is Apache 2.0.39. Is there a way to get mod_ssl
installed on this server outside of re-installing Apache?
Thanks,
Tony Andrews
- Original Message
Hello Bob.
#4 0x08072d00 in ap_hook_call (
hook=0xfe00 Address 0xfe00 out of bounds) at ap_hook.c:382
^^^ problem here too?
I don't know about this one
Using strace -p pid I get:
read(3,
Using lsof -n -p pid I get
If you are running Apache2, mod_ssl is probably there. You can run
httpd -l
in your apache bin dir for a list of compiled in modules.
The ssl.conf file is an include that gets read and added into the
httpd.conf file if apache is started with SSL enabled. It contains
all the setting that are
On Monday 24 January 2005 11:53 pm, Bob Tanner wrote:
Have the folling:
apache-1.3.33
libapache-mod-ssl-2.8.22
kernel-2.4.26-1-686-smp
Having a problem where https connections just won't die. Over time the
process table files and box crawls or falls to its knees.
Installed debugging
Title: RE: Domain Name Mismatch
Just a follow-up incase anyone was interested in my problem. I contacted Verisign and we came to the conclusion that the web browser was complaining due to an alternate CN that was added to the certificate. The Verisign employee told me
You can try something like ...
# Get SSL variables into subprocess...
my $subr = $r-lookup_uri( $r-uri() );
# Get serial and issuer
my $serial =
$subr-subprocess_env('SSL_CLIENT_M_SERIAL') || ;
my $issuer_slashes =
$subr-subprocess_env('SSL_CLIENT_I_DN') || ;
Hope that works.
On Fri, Jan 14, 2005 at 04:48:09PM -0500, Jason Kaskel wrote:
This is technically both a mod_perl and mod_ssl question. Maybe I
should harass their mailing list too.
I have a PerlAccessHandler that needs to access certificate
information. According to what I've read the environment isn't
Title: Domain Name Mismatch
what is your ServerName in apache/ssl .conf file
?
-i-
- Original Message -
From:
Haskell,
Scott (MLPRO SF)
To: modssl-users@modssl.org
Sent: Friday, January 14, 2005 11:17
AM
Subject: Domain Name Mismatch
Greetings All,
I think this could have to do with the size your socket send buffer is.
This buffer is the number of bytes the network can support without beeing
acknoledged from remote side. If your buffer is small, your software will
have to wait more times untill all that (few) bytes are acknoledged from
On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote:
On Sat, 25 Dec 2004, Adolfo Bello wrote:
I heartily agree.
Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(
This bug was opened on 2002-09-06
did you use a real certificate?
if you used a test certificate did you install the test certificate
authority?
I'm sure you know that test certificates don't work with the CA's that
come preinstalled in most browsers.
Theory is when you know something, but it doesn't work.
Practice is when
PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of P Larkin Waters
Sent: Tuesday, January 04, 2005 6:11 AM
To: modssl-users@modssl.org
Subject: Re: Client Certificates (Help!)
did you use a real certificate?
if you used a test certificate did you install the test certificate
authority?
I'm sure
Hi Mike,
Thanks for the information. You've provided more information than most
posters, including corroboration that the server is reading the
configuration file.
Unfortunately, as best I can tell, you haven't indicated what exactly isn't
working.
Is it that when you visit the DocumentRoot,
On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote:
$ openssl s_client -connect def.con.ca:443
CONNECTED(0003)
24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
That's usually what happens if the server is
a form
into Bugzilla I get an error to the effect that POST is not allowed, and
this appears in the Apache logs:
[Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with
POST
method not supported!\nhint: try SSLOptions +OptRenegotiate
I tried the fix recommended in the log
On Sat, 25 Dec 2004, Adolfo Bello wrote:
It just doesn't work in Apache 2.0.x.
Use Apache 1.3.x.
That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it. :-/
--Cliff
__
On Sat, 2004-12-25 at 21:53 -0500, Cliff Woolley wrote:
On Sat, 25 Dec 2004, Adolfo Bello wrote:
It just doesn't work in Apache 2.0.x.
Use Apache 1.3.x.
That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it. :-/
--Cliff
I heartily
On Sat, 25 Dec 2004, Adolfo Bello wrote:
I heartily agree.
Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(
This bug was opened on 2002-09-06
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
Usually the trick to getting something
On Sat, 2004-12-25 at 22:52 -0500, Cliff Woolley wrote:
On Sat, 25 Dec 2004, Adolfo Bello wrote:
I heartily agree.
Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(
This bug was opened on 2002-09-06
On Wednesday 22 December 2004 02:29, David T. Ashley wrote:
Hi,
Does anyone have any good URLs or instructions about how to create client
certificates for browsers so that only browsers with the certificate can
connect to the server (or view certain directories on the server)?
Try this:
the output files
to make sure they have a newer timestamp, then make won't try to
regenerate.
I re-extracted the tarballs from scratch, rinse, repeat.
Used touch to ensure that timestamp on ssl_expr_scan.l was 15:18 today,
timestamps on *.c, *.h were 15:19 today.
Same problem.
Clean up, configure
Fixed it - using the sytem linker (/usr/ccs/bin/ld) instead of the GNU
linker now works.
Summary of fixes required to build 64-bit modssl-2.8.22 on Solaris 9 SPARC:
- CC=gcc -m64
- Remove the flex command from
apache-1.3.33/src/modules/ssl/Makefile before running make
-
Hi,
I thought that you must to put into your SSLCACertificateFile the RootCA and
Issuing SubCA-2 certificates (both in PEM) and modify your SSLVerifyDepth to
1.
It works in my servers.
bye
Juan Angel Martin Gomez
AC Camerfirma
Tel. +34 920252750 Fax +34 920252732
http://www.camerfirma.com
On Fri, Dec 17, 2004 at 12:59:42AM +, Steve Parker wrote:
Summary:
It seems from http://forum.sun.com/thread.jspa?threadID=18986tstart=15
that this was a problem with 2.8.17, fixed in 2.8.18 with a sed command
on line 244 of apache-1.3.33/src/modules/ssl/Makefile:
242:
Fitzner Daniel wrote:
Hello guys,
I have following pki-environment:
RootCA
| |
Issuing SubCA-1 Issuing SubCA-2
| |
UserCert-A UserCert-B
I want to make
.
Practice is when something works, but you don't know why.
Programmers combine theory and practice:
Nothing works and they don't know why.
--Unknown
- Original Message -
From: Tim Howell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 28, 2004 10:17 AM
Subject: Re: mod_ssl
On Fri, Nov 05, 2004 at 05:07:06PM -0700, Kory Wheatley wrote:
I have a project where I need to setup an Apache secure server. I have
an Apache non secure server already on my workstation. I don't want the
Apache secure server to run under the same daemon service, so I've
downloaded a
On Tue, Nov 02, 2004, Hans Werner Strube wrote:
When compiling modssl (at least 2.8.17 to 2.8.22, have overlooked this
earlier), there are many warnings:
./ssl_util_ssl.h, line 90: warning: macro redefined: OPENSSL_free
My openssl version is 0.9.6m (the latest 0.9.6 release), defining
in
I've also seen this problem. Haven't had the time to
find a proper solution. However I lowered the server
timeout to around 15 seconds, not ideal but keeps the
site going.
Hopefully someone has a better solution.
Regards
Matt
--- [EMAIL PROTECTED] wrote:
Hello,
We have a problem with
On Thu, 28 Oct 2004 09:42:53 -0700, Tim Howell
[EMAIL PROTECTED] wrote:
I've just installed a VeriSign 128 bit certificate on a server running
Apache 2.0.50 with mod_ssl. Connecting to the server over https works
fine from all of the Windows clients I've tried (Win2K using both IE 6
and
Bernd,
It appears that the updated package is already released.
From what I can tell, it has been up for a few hours
now.
http://www.modssl.org/source/mod_ssl-2.8.21-1.3.32.tar.gz
Cheers!
Drew J. Como Phone: 631-434-6600
Systems
and found the same comment in ssl_engine_io.c regarding the
problem: this has not been re-implemented for Apache 2.
Will the solution be developed? If so, is there any time frame for this
re-implementation to be released?
It looks like it'll have to be done in 2.0 like it is in 1.3, which
. However, I just took a look at Apache 2.1
code and found the same comment in ssl_engine_io.c regarding the
problem: this has not been re-implemented for Apache 2.
Will the solution be developed? If so, is there any time frame for this
re-implementation to be released?
It looks like
David T. Ashley wrote:
Hi,
Is there a way to load Apache and Internet Explorer with keys so that a
private tunnel is created automatically?
What I'm looking for is an arrangement where only a user who has keys that
I've given him can use a browser to connect to my server on Port 443.
(I'm aware of
Hi,
I haven't used authz_ldap in a while but I believe the
following config should work. Also you should see
mod_so.c listed for a httpd -l.
./httpd -l
Compiled-in modules:
http_core.c
mod_so.c
openssl:
CC=$(CC) ./config shared no-idea
modssl:
./configure \
On Thu, Sep 02, 2004 at 09:20:45AM -0700, Philip Lavine wrote:
[SNIP]
SSL_connect:SSLv2/v3 write client hello A
read from 080AED40 [080B5270] (7 bytes = 7 (0x7))
- 0a 3c 3f 78 6d 6c .?xml
^
You
I wish it was that easy, however I do have that statement in my ssl.conf
virtual host directives.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mads Toftum
Sent: Thursday, September 02, 2004 12:43 PM
To: [EMAIL PROTECTED]
Subject: Re: SSL not working
-Original Message-
From: Barry Smoke [mailto:[EMAIL PROTECTED]
Sent: Freitag, 27. August 2004 17:25
To: [EMAIL PROTECTED]
Subject: Re: 1
these e-mails look strange,
virus?
Of course.
The spammer is submitting the mails to mail.modssl.org with the From
field spoofed to [EMAIL
Alex Milanovic wrote:
Hi All,
I want to configure Apache to verify client certificates. What I am not sure
about is whether Apache verifies the fully qualified domain name (FQDN) of
each client as well. If it does, where is this behavior explained? For
example, does it use the client IP address
these e-mails look strange,
virus?
Rse wrote:
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager
- Original Message -
From: Don Woodward
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, August 09, 2004 14:44
Subject: Possible virus infected user
Modssl list owner and [EMAIL PROTECTED]:
Please check [EMAIL PROTECTED] - I have received several
dozen e-mail's
Nice :)
Apache 2 protocol modules should allow you to do this without having to
patch the server (using filters), as in Apache 2 HTTP is just another
protocol module that can be inserted or removed.
In Apache 2 mod_ssl itself is implemented as a filter
On Mon, Jul 26, 2004 at 06:22:55PM +0200,
In article [EMAIL PROTECTED] you wrote:
Ralf S. Engelschall wrote:
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for
Sorry I am away on annual leave.
Please contact OLSU if urgent, otherwise i will get back
to you as soon as possible on my return on the 2nd August 2004.
__
Apache Interface to OpenSSL (mod_ssl)
Ralf S. Engelschall wrote:
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl 2.8.20 the following patch. Thanks for your
On Tue, Jul 20, 2004 at 06:19:13PM +0200, Juergen Weigert wrote:
On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall wrote:
On Fri, Jul 16, 2004, Joe Orton wrote:
[...] I think it's portable to assume time_t is a long...
[...]
I'd appreciate
assert(sizof(time_t) ==
I would prefer either:
#if ...
#error ...
#endif
or
if( ... ) {
log some easy to understand error
exit(1)
}
--- Juergen Weigert [EMAIL PROTECTED] wrote:
On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall
wrote:
On Fri, Jul 16, 2004, Joe Orton wrote:
[...] I think it's portable
On Fri, Jul 16, 2004, Joe Orton wrote:
I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc. I think it's portable to
assume time_t is a long...
[...]
Yes, although they are not security related, they could crash the
server,
On Sat, Jul 17, 2004 at 08:57:09AM +0200, Ralf S. Engelschall wrote:
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl
I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc. I think it's portable to
assume time_t is a long...
--- ./ssl_engine_io.c.warnings 2002-02-23 18:45:45.0 +
+++ ./ssl_engine_io.c 2004-07-16 22:02:32.0
Hi Mariom
I did some change to the config related to M$IE 6.0.
I increased the KeepAliveTimeout to 360.
I removed the general rule for M$IE and SSL and set it to
SetEnvIf User-Agent .*MSIE.* ssl-unclean-shutdown
SetEnvIf User-Agent .*MSIE 5.*ssl-unclean-shutdown nokeepalive
Thanks, Sven, for your answer, but i miss some important informations...
- the server is only a frontend for Catalina (jsp container), the HTML
is dynamically generated, and only images are static and managed by apache
- the audience for this site is not under my control and then i cannot
force
Someone know were I can find apache2-mod_ssl 2.50 ?
Thanks
Fulvio
Yahoo! Companion - Scarica gratis la toolbar di Ricerca di Yahoo!
http://companion.yahoo.it
You dont need the hash link for the
SSLCACertificateFile just put the real filename in.
Also are you using a root and intermediate cert, then
add SSLVerifyDepth 2.
Upgrading may be a good idea but I have Apache/2.0.48
(Unix) mod_ssl/2.0.48 OpenSSL/0.9.7c running with
client cert auth. But then
--- Fulvio LAZ [EMAIL PROTECTED] wrote:
Dear Sirs
I write to ask for a little help about a problem
with Apache configuration.
My system is: Apache-AdvancedExtranetServer/2.0.48
(Mandrake Linux/6mdk) mod_ssl/2.0.48
OpenSSL/0.9.7c PHP/4.3.4
I want read client distinguished name into
First of all does it work if you comment the
SSLVerifyClient require
directive out. Also do you get a core file and can
you do a backtrace in gdb (with lib info)?
Regards
Matt
Dear Matt, thanks for your reply
If I set SSLVerifyClient optional (or comment it) apache work but client
501 - 600 of 9305 matches
Mail list logo