date:20020403

Re: Creating client certificates ?

2002-04-03 Thread Mads Toftum


On Thu, Apr 04, 2002 at 01:43:05AM +0200, [EMAIL PROTECTED] wrote:
> My question is: How can I create client (!) certificates for
>  client authentication to the server and not
>  server certificates ?!

There is a nice example script called cca.sh in the mod_ssl tarball -
as pkg.contrib/cca.sh or availabe online via cvsweb:

http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.contrib/cca.sh?rev=1.6

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
  -- "The Hitchhiker's Guide to the Galaxy"
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Problems with Client authentication and access control

2002-04-03 Thread haldor


Hello.

I have successfuly done Client Authentication using client certificates with 
apache-openssl-modssl. 

SSLVerifyClient  none

SSLVerifyClient  require
SSLVerifyDepth   5
#SSLCACertificateFile conf/ssl.crt/ca.crt
#SSLCACertificatePath conf/ssl.crt
SSLOptions   +FakeBasicAuth
SSLRequireSSL
SSLRequire   %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." and \
 %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}


The definition of SSLCACertificateFile and SSLCACertificatePath are above in 
the httpd.conf file. 
When i try to connect to https:/www.xxx.xx/secure the server asks for the 
certificate, validates it and show index.html in the secure directory. 
Everything seem to work fine.

But when i do a http://www.xxx.xx/secure I can still see the index.html. 
According to my understanding the index.html in the secure directory should not 
be shown. Can anyone help me with this? Is there anything more i should do to 
prevent access from http on the secure directory?

Thanx 
Haldor Husby.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Creating client certificates ?

2002-04-03 Thread jmos

[EMAIL PROTECTED] wrote:
> 
> Hello modssl users !
> 
> I managed to set up an ssl aware web server.
> Although I searched the web and also the list
> archive I haven't been able to create a client
> certificate which is signed by my own CA for
> client authentication.
> 
> Could someone describe the process of creating
> such a certificate in detail ?

Thank you Owen for your answer but you misunderstood
my question.
And you Maik misunderstood my question, too.
I, of course, read the FAQ and all the other available docs
but they say nothing about creating client (!) certificates !
The process of creating a server certificate is sufficiently
documented in the FAQ and it was no problem for me to
create it.

My question is: How can I create client (!) certificates for
 client authentication to the server and not
 server certificates ?!

Anyone ?

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

WebLogic 5.1 sp11 mod_wl_ssl.so for Apache 1.3.12/mod_ssl 2.6.6 breaks SSL

2002-04-03 Thread Sean Staats


We've just upgraded from service pack 8 to service pack 11 on our WL servers
and installed the sp11 mod_wl_ssl.so on our Apache servers.
Unfortunately, any attempts to access an SSL page that must get proxied to
the Weblogic layer results in a HTTP 404 response while an SSL request for a
static HTML page works fine. The interesting thing is the sp8 mod_wl_ssl.so
works just fine - so that is what we are using. However, I want to resolve
the issue with the sp11 mod_wl_ssl.so.
Here is our configuration:
All servers: SPARC/Solaris 8 with latest patch updates
Apache servers: Apache 1.3.12 with mod_ssl 2.6.6
WebLogic servers: WL 5.1 service pack 11
[03/Apr/2002 16:58:42 04816] [info]  Server: Apache/1.3.12, Interface:
mod_ssl/2.6.6, Library: OpenSSL/0.9.6c
[03/Apr/2002 16:58:42 04816] [info]  Init: 1st startup round (still not
detached)
[03/Apr/2002 16:58:42 04816] [info]  Init: Initializing OpenSSL library
[03/Apr/2002 16:58:42 04816] [info]  Init: Loading certificate & private key
of SSL-aware server www.questia.com:443
[03/Apr/2002 16:58:42 04816] [info]  Init: Requesting pass phrase from
dialog filter program (/u01/app/apache/bin/SSLpassword)
[03/Apr/2002 16:58:42 04816] [trace] Init: (www.questia.com:443) encrypted
RSA private key - pass phrase requested
[03/Apr/2002 16:58:42 04816] [info]  Init: Wiped out the queried pass
phrases from memory
[03/Apr/2002 16:58:42 04816] [info]  Init: Seeding PRNG with 136 bytes of
entropy
[03/Apr/2002 16:58:42 04816] [info]  Init: Generating temporary RSA private
keys (512/1024 bits)
[03/Apr/2002 16:58:44 04816] [info]  Init: Configuring temporary DH
parameters (512/1024 bits)
[03/Apr/2002 16:58:51 04827] [info]  Init: 2nd startup round (already
detached)
[03/Apr/2002 16:58:51 04827] [info]  Init: Reinitializing OpenSSL library
[03/Apr/2002 16:58:51 04827] [trace] Inter-Process Session Cache (DBM)
Expiry: old: 0, new: 0, removed: 0
[03/Apr/2002 16:58:51 04827] [info]  Init: Seeding PRNG with 136 bytes of
entropy
[03/Apr/2002 16:58:51 04827] [info]  Init: Configuring temporary RSA private
keys (512/1024 bits)
[03/Apr/2002 16:58:51 04827] [info]  Init: Configuring temporary DH
parameters (512/1024 bits)
[03/Apr/2002 16:58:51 04827] [info]  Init: Initializing (virtual) servers
for SSL
[03/Apr/2002 16:58:51 04827] [info]  Init: Configuring server
www.questia.com:443 for SSL protocol
[03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring
permitted SSL ciphers
[ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring
RSA server certificate
[03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring
RSA server private key
[03/Apr/2002 16:59:08 04849] [info]  Connection to child 13 established
(server www.questia.com:443, client 10.1.0.55)
[03/Apr/2002 16:59:08 04849] [info]  Seeding PRNG with 1160 bytes of entropy
[03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Handshake: start
[03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: before/accept
initialization
[03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 11/11 bytes from
BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows)
+-+
| : 80 4c 01 03 00 00 33 00-00 00 10 .L3  |
+-+
[03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 67/67 bytes from
BIO#0008ADA8 [mem: 000C89E3] (BIO dump follows)
+-+
| : 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03   |
| 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00  ...@..d..b.. |
| 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12   |
| 0030: 00 00 63 9d 06 0a c0 65-3b 74 73 a4 06 ef ef 08  ..ce;ts. |
| 0040: eb d7 fa ...  |
+-+
[03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 read client hello
A
[03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write server hello
A
[03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write certificate
A
[03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write server done
A
[03/Apr/2002 16:59:08 04849] [debug] OpenSSL: write 835/835 bytes to
BIO#0008ADA8 [mem: 000D6A00] (BIO dump follows)
+-+
| : 16 03 00 00 4a 02 00 00-46 03 00 3c ab 89 3c e6  J...F..<..<. |
| 0010: ee 49 7c 19 b0 2e 79 a0-b7 55 1c f8 8e 74 34 0d  .I|...y..U...t4. |
| 0020: cb 23 1e d1 6d 38 9f 0b-fa 50 a8 20 33 41 0e ab  .#..m8...P. 3A.. |
| 0030: 9b c0 3f 1d 7c 9d 5e 7f-c4 ba 1f 4e 05 61 34 13  ..?.|.^N.a4. |
| 0040: e6 8c 10

Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Danalien


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


BINGO! :), that was it! There you have the solution : )

Some, put this in INSTALL.Win32 or in an error FAQ:

"Check and delete any other/older ssleay32.dll & libleay32.dll 
that exist in:
1] winnt\system32
2] or any other path that exist in your %path%-varable.
Simply remove the path from %path%-variable, or remove it from there.

Because other/older complied dll's in tandem with newer may cause an 182 (minor) error,
while starting up apache."


maybe it is cygwin that puts it there ( in winnt\system32) or I did? a llonng looong 
time ago
and forgot about it : ) *hehe*


thanks, kristjan!



>in Apache conf file you shoul add both, first
>LoadModule ssl_module modules/mod_ssl.so
>and an somewhere after that
>AddModule mod_ssl.c
>
>but I think this error also reports when someone forget to copy the files
>ssleay32.dll and libeay32.dll to WINNT\System32
>
>did you do it?
>
>- Original Message -
>From: "Danalien" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, April 03, 2002 4:51 PM
>Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
>
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hi,
>>
>> I need some help, i patch, complie, and everything according to:
>>  http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32
>>
>> all goes fine fine, only get a few warnings (during the apache complie)
>>
>> I then go to the httpd.conf  (%my_apache_ssl_root%/conf)
>>
>> and put this in:
>>
>> LoadModule ssl_module modules/mod_ssl.so
>>
>>
>> and I get (this) when i do apache -t :
>>
>> C:\Program Files\Apache_SSL>apache -t
>> Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf:
>> Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server:
>(182)
>> Note the errors or messages above, and press the  key to exit.  26...
>> C:\Program Files\Apache_SSL>
>>
>> *thinking* *thinking*...
>>
>> ... then I just do a little test.
>>
>> remove the previos loadModule by puting a # infront (lite this):
>>
>> #LoadModule ssl_module modules/mod_ssl.so
>>
>>
>> and add:
>>
>> AddModule mod_ssl.c
>>
>>
>> and get :
>>
>> C:\Program Files\Apache_SSL>apache -t
>> Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf:
>> Cannot add module via name 'mod_ssl.c': not in list of loaded modules
>> Note the errors or messages above, and press the  key to exit.  23...
>> C:\Program Files\Apache_SSL>
>>
>>
>> and do a apache -l
>> where I get this:
>>
>> Compiled-in modules:
>>   http_core.c
>>   mod_so.c
>>   mod_mime.c
>>   mod_access.c
>>   mod_auth.c
>>   mod_negotiation.c
>>   mod_include.c
>>   mod_autoindex.c
>>   mod_dir.c
>>   mod_cgi.c
>>   mod_userdir.c
>>   mod_alias.c
>>   mod_env.c
>>   mod_log_config.c
>>   mod_asis.c
>>   mod_imap.c
>>   mod_actions.c
>>   mod_setenvif.c
>>   mod_isapi.c
>>
>>
>> and my suspicions were correct, "where are/is the SSL - module(s)?" cause
>it ain't in
>> the compiled apache :)
>>
>> If some could explain/help me how to meld this SSL module into apache, it
>would be great :)
>> thanks.
>>
>>
>>
>>
>>
>>
>> //   with regards
>> //   ID ::  danalien  ::  <[EMAIL PROTECTED]>
>>
>> PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109
>>
>> -BEGIN PGP SIGNATURE-
>> Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and
>its affiliated companies.
>>
>> iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7
>> DmQQDW2F53itoAyTwCj7zlEj
>> =hTM+
>> -END PGP SIGNATURE-
>>
>>
>> __
>> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>> User Support Mailing List  [EMAIL PROTECTED]
>> Automated List Manager[EMAIL PROTECTED]
>>
>>
>
>
>__
>Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>User Support Mailing List  [EMAIL PROTECTED]
>Automated List Manager[EMAIL PROTECTED]





//   with regards
//   ID ::  danalien  ::  <[EMAIL PROTECTED]>

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its 
affiliated companies.

iQA/AwUBPKtotx6FoQlEaqKIEQIX3wCgyU0jTRFr7QDy33yCfqNi6MN+SDsAoIFh
fHG20gxts/XK/YItoLuC0Q8I
=1hCU
-END PGP SIGNATURE-


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Danalien


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


nope, I have no attributes on it/them.

>At least on Windows NT, the .so file can not be read-only, or you get a 
>similar error.
>
>Is it possible that your file is read-only?
>
>Jay
>
> > -Original Message-
> > From: Danalien [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, April 03, 2002 9:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
> >
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> >
> > Japp, allready put it here.
> >
> >
> >
> >
> > >Can you go to c:/program files/apache_ssl/modules and see
> > the mod_ssl.so
> > >file?
> > >
> > >Your second test seems logical since the module wasn't loaded in the
> > >LoadModule section.
> > >
> > >Eric
> > >
> > >-Original Message-
> > >From: Danalien [mailto:[EMAIL PROTECTED]]
> > >Sent: Wednesday, April 03, 2002 8:52 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
> > >
> > >
> > >Hi,
> > >
> > >I need some help, i patch, complie, and everything according to:
> > >
> > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32
> > >
> > >all goes fine fine, only get a few warnings (during the
> > apache complie)
> > >
> > >I then go to the httpd.conf  (%my_apache_ssl_root%/conf)
> > >
> > >and put this in:
> > >
> > >LoadModule ssl_module modules/mod_ssl.so
> > >
> > >
> > >and I get (this) when i do apache -t :
> > >
> > >C:\Program Files\Apache_SSL>apache -t
> > >Syntax error on line 62 of c:/program
> > files/apache_ssl/conf/httpd.conf:
> > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so
> > into server:
> > >(182)
> > >Note the errors or messages above, and press the  key
> > to exit.  26...
> > >C:\Program Files\Apache_SSL>
> > >
> > >*thinking* *thinking*...
> > >
> > >... then I just do a little test.
> > >
> > >remove the previos loadModule by puting a # infront (lite this):
> > >
> > >#LoadModule ssl_module modules/mod_ssl.so
> > >
> > >
> > >and add:
> > >
> > >AddModule mod_ssl.c
> > >
> > >
> > >and get :
> > >
> > >C:\Program Files\Apache_SSL>apache -t
> > >Syntax error on line 110 of c:/program
> > files/apache_ssl/conf/httpd.conf:
> > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules
> > >Note the errors or messages above, and press the  key
> > to exit.  23...
> > >C:\Program Files\Apache_SSL>
> > >
> > >
> > >and do a apache -l
> > >where I get this:
> > >
> > >Compiled-in modules:
> > >  http_core.c
> > >  mod_so.c
> > >  mod_mime.c
> > >  mod_access.c
> > >  mod_auth.c
> > >  mod_negotiation.c
> > >  mod_include.c
> > >  mod_autoindex.c
> > >  mod_dir.c
> > >  mod_cgi.c
> > >  mod_userdir.c
> > >  mod_alias.c
> > >  mod_env.c
> > >  mod_log_config.c
> > >  mod_asis.c
> > >  mod_imap.c
> > >  mod_actions.c
> > >  mod_setenvif.c
> > >  mod_isapi.c
> > >
> > >
> > >and my suspicions were correct, "where are/is the SSL -
> > module(s)?" cause it
> > >ain't in
> > >the compiled apache :)
> > >
> > >If some could explain/help me how to meld this SSL module
> > into apache, it
> > >would be great :)
> > >thanks.
> > >
> > >
> > >
> > >
> > >
> > >
> > >//   with regards
> > >//   ID ::  danalien  ::  <[EMAIL PROTECTED]>
> > >
> > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109
> > >
> > >
> > >_
> > _
> > >Apache Interface to OpenSSL (mod_ssl)
>www.modssl.org
> >User Support Mailing List  [EMAIL PROTECTED]
> >Automated List Manager[EMAIL PROTECTED]
> >
> >__
> >Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> >User Support Mailing List  [EMAIL PROTECTED]
> >Automated List Manager[EMAIL PROTECTED]
>
>
>
>
>
>//   with regards
>//   ID ::  danalien  ::  <[EMAIL PROTECTED]>
>
>PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109
>
>At least on Windows NT, the .so file can not be read-only, or you get a 
>similar error.
>
>Is it possible that your file is read-only?
>
>Jay
>
> > -Original Message-
> > From: Danalien [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, April 03, 2002 9:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
> >
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> >
> > Japp, allready put it here.
> >
> >
> >
> >
> > >Can you go to c:/program files/apache_ssl/modules and see
> > the mod_ssl.so
> > >file?
> > >
> > >Your second test seems logical since the module wasn't loaded in the
> > >LoadModule section.
> > >
> > >Eric
> > >
> > >-Original Message-
> > >From: Danalien [mailto:[EMAIL PROTECTED]]
> > >Sent: Wednesday, April 03, 2002 8:52 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
> > >
> > >
> >

RE: SSL cache issue

2002-04-03 Thread David Marshall


Shiraz,

Fundamentally, the url's resolve the same. With JSP some URLs resolve at the
Browser, and some URL's resolve on the JSP server.

However, just like someone can "hardcode" HTTP into the HREF for static
content, so can JSP developers generate HTTP references dynamically when
thay might need to generate HTTPS. A lot depends on how the JSP is coded and
how the JSP/Servlet engine is connected to Apache. For example, I've seen
one installation where mod_proxy was used to switch from https in apache to
redirect http to a jsp server. Since this was using a RESIN JSP engine
getting this installation switched to using mod_caucho instead of mod_proxy
resolved the JSP logic that was trying to detect HTTP/HTTPS protocol.

In your example Page A has a link to dynamic.jsp. If possible, you should
use your browser to "view" source on the output of dynamic.jsp. In reviewing
the source at the browser any "HTTP" links will cause a security warning
message. In addition, I have found it necessary to review the actual JSP
source. Some JSP's will resolve URLs on the server and get page not found
errors on the server. An example could be Server side URL reference with
HTTP that needs to be HTTPS.

David

-Original Message-
From: Shiraz Esat [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 2:03 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SSL cache issue


David and others,

Why would a JSP (or PHP, or any dynamically created page) resolve their URL 
differently from a 'static' page?
If page A, static.html, has a hyperlink to page B, another_static.html, no 
probs occur.

BUT, if page A has a link to dynamic.jsp (as a GET: 
href=dynamic.jsp?some_id=12), *sometimes* a page not found error appears 
(or a security warning message).

Sorry for my ignorance,
Shiraz

-Original Message-
From:   David Marshall [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, April 02, 2002 7:38 PM
To: '[EMAIL PROTECTED]'
Subject:RE: SSL cache issue

Make sure that the "JSPs" in question are resolving their url's with the
right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to
GET/POST with HTTP when they need to use HTTPS. Since you are using Apache
and RESIN. I would assume that you are using the mod_caucho plug-in for
Apache.

David Marshall

-Original Message-
From: Shiraz Esat [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 1:10 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SSL cache issue


Terry,

If anyone passes you a solution, can you please pass it on to me as well, 
as
I have the same problem :(

[Only difference, though, is that I'm using PHP generated pages]

Thanks in advance
Shiraz

-Original Message-
From:   Terry Ziemniak [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, March 29, 2002 9:31 PM
To: '[EMAIL PROTECTED]'
Subject:SSL cache issue

I am getting 'page not found errors' the first time I access certain JSP
pages (though there are others that always work).  If I refresh the page
displays correctly.

Notes:
1.  This only happens over HTTPS, never over HTTP
2.  Netscape (v 4.2) displayed the error "Data Missing.  This document
resulted from a POST operation and has expired from the cache.  If you wish
you can repost the form data to create the document by pressing the reload
button."
3.  Apache's access.log seems to validate point 2.  The last line before
an error is a POST.  The retry shows a POST followed shortly by anther GET
and POST of the same JSP.
4.  I have not yet been able to exactly describe 'First time'.  General
rule of them, if I repeat the process within 15 minutes it seems OK.  If I
wait an hour it should fail.  Though quantifying that has not been my
highest priority.
5.  I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and
Resin 1.2.8.

Any help would be appreciated.

Terry Ziemniak

 << File: ATT2.htm >>
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Kristijan Cafuta RIP


in Apache conf file you shoul add both, first
LoadModule ssl_module modules/mod_ssl.so
and an somewhere after that
AddModule mod_ssl.c

but I think this error also reports when someone forget to copy the files
ssleay32.dll and libeay32.dll to WINNT\System32

did you do it?

- Original Message -
From: "Danalien" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 4:51 PM
Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> I need some help, i patch, complie, and everything according to:
>  http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32
>
> all goes fine fine, only get a few warnings (during the apache complie)
>
> I then go to the httpd.conf  (%my_apache_ssl_root%/conf)
>
> and put this in:
>
> LoadModule ssl_module modules/mod_ssl.so
>
>
> and I get (this) when i do apache -t :
>
> C:\Program Files\Apache_SSL>apache -t
> Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf:
> Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server:
(182)
> Note the errors or messages above, and press the  key to exit.  26...
> C:\Program Files\Apache_SSL>
>
> *thinking* *thinking*...
>
> ... then I just do a little test.
>
> remove the previos loadModule by puting a # infront (lite this):
>
> #LoadModule ssl_module modules/mod_ssl.so
>
>
> and add:
>
> AddModule mod_ssl.c
>
>
> and get :
>
> C:\Program Files\Apache_SSL>apache -t
> Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf:
> Cannot add module via name 'mod_ssl.c': not in list of loaded modules
> Note the errors or messages above, and press the  key to exit.  23...
> C:\Program Files\Apache_SSL>
>
>
> and do a apache -l
> where I get this:
>
> Compiled-in modules:
>   http_core.c
>   mod_so.c
>   mod_mime.c
>   mod_access.c
>   mod_auth.c
>   mod_negotiation.c
>   mod_include.c
>   mod_autoindex.c
>   mod_dir.c
>   mod_cgi.c
>   mod_userdir.c
>   mod_alias.c
>   mod_env.c
>   mod_log_config.c
>   mod_asis.c
>   mod_imap.c
>   mod_actions.c
>   mod_setenvif.c
>   mod_isapi.c
>
>
> and my suspicions were correct, "where are/is the SSL - module(s)?" cause
it ain't in
> the compiled apache :)
>
> If some could explain/help me how to meld this SSL module into apache, it
would be great :)
> thanks.
>
>
>
>
>
>
> //   with regards
> //   ID ::  danalien  ::  <[EMAIL PROTECTED]>
>
> PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109
>
> -BEGIN PGP SIGNATURE-
> Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and
its affiliated companies.
>
> iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7
> DmQQDW2F53itoAyTwCj7zlEj
> =hTM+
> -END PGP SIGNATURE-
>
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
>
>


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: SSL cache issue

2002-04-03 Thread Jeremy Walton


Yes I've had this problem.  One make sure a generate your OWN
certificate and not one that comes with OpenSSL or distributions and add
this to your SSL VirtualHost

SSLProtocol -all +SSLv2

This should get rid of this problem.  As I'm guessing that you have have
had the same problem I have.  This seemed to have fixed the problem.  I
think there is a problem with IE and OpenSSL using SSLv3 with an
uncertified SSL certificate.  Let me know if this has fixed your
problem.

Jeremy Walton
DICE Corporation

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Shiraz Esat
Sent: Wednesday, April 03, 2002 4:50 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SSL cache issue


Jeremy et al,

Server-side: Linux, Apache 1.3.20, mod_ssl 2.8.4, OpenSSL 0.9.6b, PHP 
4.1.2.
Client-side: Win2000, IE5.5.
Surely this is a server-side problem? Or, at least, surely there must be
a 
'fix' server-side? After all, do we need to tell all site-visitors to
fix 
their browsers?

Thanks in advance,
Shiraz

-Original Message-
From:   Jeremy Walton [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, April 02, 2002 10:00 PM
To: [EMAIL PROTECTED]
Subject:RE: SSL cache issue

Actually I've had this problem.  I may have the solution for you if you
can tell me what OS your running the client from and what browser.

Jeremy Walton
DICE Corporation

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Shiraz Esat
Sent: Tuesday, April 02, 2002 4:10 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SSL cache issue


Terry,

If anyone passes you a solution, can you please pass it on to me as
well, as I have the same problem :(

[Only difference, though, is that I'm using PHP generated pages]

Thanks in advance
Shiraz

-Original Message-
From:   Terry Ziemniak [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, March 29, 2002 9:31 PM
To: '[EMAIL PROTECTED]'
Subject:SSL cache issue

I am getting 'page not found errors' the first time I access certain JSP
pages (though there are others that always work).  If I refresh the page
displays correctly.

Notes:
1.  This only happens over HTTPS, never over HTTP
2.  Netscape (v 4.2) displayed the error "Data Missing.  This
document
resulted from a POST operation and has expired from the cache.  If you
wish you can repost the form data to create the document by pressing the
reload button."
3.  Apache's access.log seems to validate point 2.  The last line
before
an error is a POST.  The retry shows a POST followed shortly by anther
GET and POST of the same JSP.
4.  I have not yet been able to exactly describe 'First time'.
General
rule of them, if I repeat the process within 15 minutes it seems OK.  If
I wait an hour it should fail.  Though quantifying that has not been my
highest priority.
5.  I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32
and
Resin 1.2.8.

Any help would be appreciated.

Terry Ziemniak

 << File: ATT2.htm >>
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Jay Burgess


At least on Windows NT, the .so file can not be read-only, or you get a 
similar error.

Is it possible that your file is read-only?

Jay

 > -Original Message-
 > From: Danalien [mailto:[EMAIL PROTECTED]]
 > Sent: Wednesday, April 03, 2002 9:18 AM
 > To: [EMAIL PROTECTED]
 > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
 >
 >
 > -BEGIN PGP SIGNED MESSAGE-
 > Hash: SHA1
 >
 >
 > Japp, allready put it here.
 >
 >
 >
 >
 > >Can you go to c:/program files/apache_ssl/modules and see
 > the mod_ssl.so
 > >file?
 > >
 > >Your second test seems logical since the module wasn't loaded in the
 > >LoadModule section.
 > >
 > >Eric
 > >
 > >-Original Message-
 > >From: Danalien [mailto:[EMAIL PROTECTED]]
 > >Sent: Wednesday, April 03, 2002 8:52 AM
 > >To: [EMAIL PROTECTED]
 > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
 > >
 > >
 > >Hi,
 > >
 > >I need some help, i patch, complie, and everything according to:
 > >
 > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32
 > >
 > >all goes fine fine, only get a few warnings (during the
 > apache complie)
 > >
 > >I then go to the httpd.conf  (%my_apache_ssl_root%/conf)
 > >
 > >and put this in:
 > >
 > >LoadModule ssl_module modules/mod_ssl.so
 > >
 > >
 > >and I get (this) when i do apache -t :
 > >
 > >C:\Program Files\Apache_SSL>apache -t
 > >Syntax error on line 62 of c:/program
 > files/apache_ssl/conf/httpd.conf:
 > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so
 > into server:
 > >(182)
 > >Note the errors or messages above, and press the  key
 > to exit.  26...
 > >C:\Program Files\Apache_SSL>
 > >
 > >*thinking* *thinking*...
 > >
 > >... then I just do a little test.
 > >
 > >remove the previos loadModule by puting a # infront (lite this):
 > >
 > >#LoadModule ssl_module modules/mod_ssl.so
 > >
 > >
 > >and add:
 > >
 > >AddModule mod_ssl.c
 > >
 > >
 > >and get :
 > >
 > >C:\Program Files\Apache_SSL>apache -t
 > >Syntax error on line 110 of c:/program
 > files/apache_ssl/conf/httpd.conf:
 > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules
 > >Note the errors or messages above, and press the  key
 > to exit.  23...
 > >C:\Program Files\Apache_SSL>
 > >
 > >
 > >and do a apache -l
 > >where I get this:
 > >
 > >Compiled-in modules:
 > >  http_core.c
 > >  mod_so.c
 > >  mod_mime.c
 > >  mod_access.c
 > >  mod_auth.c
 > >  mod_negotiation.c
 > >  mod_include.c
 > >  mod_autoindex.c
 > >  mod_dir.c
 > >  mod_cgi.c
 > >  mod_userdir.c
 > >  mod_alias.c
 > >  mod_env.c
 > >  mod_log_config.c
 > >  mod_asis.c
 > >  mod_imap.c
 > >  mod_actions.c
 > >  mod_setenvif.c
 > >  mod_isapi.c
 > >
 > >
 > >and my suspicions were correct, "where are/is the SSL -
 > module(s)?" cause it
 > >ain't in
 > >the compiled apache :)
 > >
 > >If some could explain/help me how to meld this SSL module
 > into apache, it
 > >would be great :)
 > >thanks.
 > >
 > >
 > >
 > >
 > >
 > >
 > >//   with regards
 > >//   ID ::  danalien  ::  <[EMAIL PROTECTED]>
 > >
 > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109
 > >
 > >
 > >_
 > _
 > >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
 >User Support Mailing List  [EMAIL PROTECTED]
 >Automated List Manager[EMAIL PROTECTED]
 >
 >__
 >Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 >User Support Mailing List  [EMAIL PROTECTED]
 >Automated List Manager[EMAIL PROTECTED]





//   with regards
//   ID ::  danalien  ::  <[EMAIL PROTECTED]>

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and 
its affiliated companies.

iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY
o1SRuk++dFNMuY/7MNbsgYT5
=Z7o4
-END PGP SIGNATURE-

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: SSL cache issue

2002-04-03 Thread Shiraz Esat


David and others,

Why would a JSP (or PHP, or any dynamically created page) resolve their URL 
differently from a 'static' page?
If page A, static.html, has a hyperlink to page B, another_static.html, no 
probs occur.

BUT, if page A has a link to dynamic.jsp (as a GET: 
href=dynamic.jsp?some_id=12), *sometimes* a page not found error appears 
(or a security warning message).

Sorry for my ignorance,
Shiraz

-Original Message-
From:   David Marshall [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, April 02, 2002 7:38 PM
To: '[EMAIL PROTECTED]'
Subject:RE: SSL cache issue

Make sure that the "JSPs" in question are resolving their url's with the
right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to
GET/POST with HTTP when they need to use HTTPS. Since you are using Apache
and RESIN. I would assume that you are using the mod_caucho plug-in for
Apache.

David Marshall

-Original Message-
From: Shiraz Esat [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 1:10 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SSL cache issue


Terry,

If anyone passes you a solution, can you please pass it on to me as well, 
as
I have the same problem :(

[Only difference, though, is that I'm using PHP generated pages]

Thanks in advance
Shiraz

-Original Message-
From:   Terry Ziemniak [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, March 29, 2002 9:31 PM
To: '[EMAIL PROTECTED]'
Subject:SSL cache issue

I am getting 'page not found errors' the first time I access certain JSP
pages (though there are others that always work).  If I refresh the page
displays correctly.

Notes:
1.  This only happens over HTTPS, never over HTTP
2.  Netscape (v 4.2) displayed the error "Data Missing.  This document
resulted from a POST operation and has expired from the cache.  If you wish
you can repost the form data to create the document by pressing the reload
button."
3.  Apache's access.log seems to validate point 2.  The last line before
an error is a POST.  The retry shows a POST followed shortly by anther GET
and POST of the same JSP.
4.  I have not yet been able to exactly describe 'First time'.  General
rule of them, if I repeat the process within 15 minutes it seems OK.  If I
wait an hour it should fail.  Though quantifying that has not been my
highest priority.
5.  I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and
Resin 1.2.8.

Any help would be appreciated.

Terry Ziemniak

 << File: ATT2.htm >>
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: SSL cache issue

2002-04-03 Thread Shiraz Esat


Jeremy et al,

Server-side: Linux, Apache 1.3.20, mod_ssl 2.8.4, OpenSSL 0.9.6b, PHP 
4.1.2.
Client-side: Win2000, IE5.5.
Surely this is a server-side problem? Or, at least, surely there must be a 
'fix' server-side? After all, do we need to tell all site-visitors to fix 
their browsers?

Thanks in advance,
Shiraz

-Original Message-
From:   Jeremy Walton [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, April 02, 2002 10:00 PM
To: [EMAIL PROTECTED]
Subject:RE: SSL cache issue

Actually I've had this problem.  I may have the solution for you if you
can tell me what OS your running the client from and what browser.

Jeremy Walton
DICE Corporation

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Shiraz Esat
Sent: Tuesday, April 02, 2002 4:10 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SSL cache issue


Terry,

If anyone passes you a solution, can you please pass it on to me as
well, as I have the same problem :(

[Only difference, though, is that I'm using PHP generated pages]

Thanks in advance
Shiraz

-Original Message-
From:   Terry Ziemniak [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, March 29, 2002 9:31 PM
To: '[EMAIL PROTECTED]'
Subject:SSL cache issue

I am getting 'page not found errors' the first time I access certain JSP
pages (though there are others that always work).  If I refresh the page
displays correctly.

Notes:
1.  This only happens over HTTPS, never over HTTP
2.  Netscape (v 4.2) displayed the error "Data Missing.  This
document
resulted from a POST operation and has expired from the cache.  If you
wish you can repost the form data to create the document by pressing the
reload button."
3.  Apache's access.log seems to validate point 2.  The last line
before
an error is a POST.  The retry shows a POST followed shortly by anther
GET and POST of the same JSP.
4.  I have not yet been able to exactly describe 'First time'.
General
rule of them, if I repeat the process within 15 minutes it seems OK.  If
I wait an hour it should fail.  Though quantifying that has not been my
highest priority.
5.  I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32
and
Resin 1.2.8.

Any help would be appreciated.

Terry Ziemniak

 << File: ATT2.htm >>
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

AW: Creating client certificates ?

2002-04-03 Thread Hertha, Maik (Hartmann + Hertha)


you are not right. there are lot of resources.
you should look here: http://www.modssl.org/docs/2.8/ssl_faq.html


mit freundlichem Gruß /
best regards

Maik Hertha

-- h+h
EBSP Anwenderbetreuung, +49 5361 9-74950
Volkswagen AG / Brieffach 1721 / D-38436 Wolfsburg
http://ebsp.wob.vw.de  
[EMAIL PROTECTED]
--
hartmann+hertha
it (beratung / entwicklung / support)
http://www.hartmann-hertha.de
[EMAIL PROTECTED]
-- h+h

> -Ursprüngliche Nachricht-
> Von:  [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Gesendet am:  Mittwoch, 3. April 2002 03:56
> An:   [EMAIL PROTECTED]
> Betreff:  Creating client certificates ?
> 
> Hello modssl users !
> 
> I managed to set up an ssl aware web server.
> Although I searched the web and also the list
> archive I haven't been able to create a client
> certificate which is signed by my own CA for
> client authentication.
> 
> Could someone describe the process of creating
> such a certificate in detail ?
> 
> I know it is possible with openssl but as I said
> before I wasn't able to figure out how.
> 
> Please help !
> 
> -- 
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows

2002-04-03 Thread Hassan S


Thanks for your suggestion Andrew, but that doesn't help me ! My application
should support Windows also. So, there is no way for me other than fixing
this problem.

Any other suggestions/experiences please?

Thanks
Hassan

Andrew Lietzow wrote:

> Dear Hassan,
> RE:>>Windows 2000
> Not to be smart or anything but why are you trying to run a server based
> application on a desktop operating system?   Since PC's are so cheap and
> Linux is so cheap, why not invest in a machine that will do what you want it
> to do without having to pull out all of your hair?
>
> RE:>>> "The instruction at "0x6ff90e08" referenced memory at "0x72676f76".
> The memory could not be read."
> This tells very little about the problem.  Oh, I suppose the authors of
> these programs might be able to figure out what instruction is in that
> memory location at the exact time that your programs fail, but this is
> typical of Desktop O/S's.  They give you a bomb and then hope you can figure
> it out.
>
> RE:>>This has become a critical issue for me!
> If that were true, you would already be running this on Linux...   Well,
> maybe that's a bit strong but I am serious that source code type
> applications are more compatible with source code type O/S's.  Do you have a
> vested interest in running this on Windows 2000?  Is that a must do for you?
> IMHO, whatever is holding you back from installing this application onto
> Linux, you might as well deal with it and then move on ... RedHat, SuSE,
> Caldera, Mandrake... just do it!
>
> Andrew Lietzow
> The ACL Group, Inc.
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Danalien


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Japp, allready put it here.




>Can you go to c:/program files/apache_ssl/modules and see the mod_ssl.so
>file?
>
>Your second test seems logical since the module wasn't loaded in the
>LoadModule section.
>
>Eric
>
>-Original Message-
>From: Danalien [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, April 03, 2002 8:52 AM
>To: [EMAIL PROTECTED]
>Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
>
>
>Hi,
>
>I need some help, i patch, complie, and everything according to:
> http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32
>
>all goes fine fine, only get a few warnings (during the apache complie)
>
>I then go to the httpd.conf  (%my_apache_ssl_root%/conf)
>
>and put this in:
>
>LoadModule ssl_module modules/mod_ssl.so
>
>
>and I get (this) when i do apache -t :
>
>C:\Program Files\Apache_SSL>apache -t
>Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf:
>Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server:
>(182)
>Note the errors or messages above, and press the  key to exit.  26...
>C:\Program Files\Apache_SSL>
>
>*thinking* *thinking*...
>
>... then I just do a little test.
>
>remove the previos loadModule by puting a # infront (lite this):
>
>#LoadModule ssl_module modules/mod_ssl.so
>
>
>and add:
>
>AddModule mod_ssl.c
>
>
>and get :
>
>C:\Program Files\Apache_SSL>apache -t
>Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf:
>Cannot add module via name 'mod_ssl.c': not in list of loaded modules
>Note the errors or messages above, and press the  key to exit.  23...
>C:\Program Files\Apache_SSL>
>
>
>and do a apache -l
>where I get this:
>
>Compiled-in modules:
>  http_core.c
>  mod_so.c
>  mod_mime.c
>  mod_access.c
>  mod_auth.c
>  mod_negotiation.c
>  mod_include.c
>  mod_autoindex.c
>  mod_dir.c
>  mod_cgi.c
>  mod_userdir.c
>  mod_alias.c
>  mod_env.c
>  mod_log_config.c
>  mod_asis.c
>  mod_imap.c
>  mod_actions.c
>  mod_setenvif.c
>  mod_isapi.c
>
>
>and my suspicions were correct, "where are/is the SSL - module(s)?" cause it
>ain't in
>the compiled apache :)
>
>If some could explain/help me how to meld this SSL module into apache, it
>would be great :)
>thanks.
>
>
>
>
>
>
>//   with regards
>//   ID ::  danalien  ::  <[EMAIL PROTECTED]>
>
>PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109
>
>
>__
>Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>User Support Mailing List  [EMAIL PROTECTED]
>Automated List Manager[EMAIL PROTECTED]
>
>__
>Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>User Support Mailing List  [EMAIL PROTECTED]
>Automated List Manager[EMAIL PROTECTED]





//   with regards
//   ID ::  danalien  ::  <[EMAIL PROTECTED]>

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its 
affiliated companies.

iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY
o1SRuk++dFNMuY/7MNbsgYT5
=Z7o4
-END PGP SIGNATURE-


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Ladner, Eric (Eric.Ladner)



Can you go to c:/program files/apache_ssl/modules and see the mod_ssl.so
file?

Your second test seems logical since the module wasn't loaded in the
LoadModule section.

Eric

-Original Message-
From: Danalien [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 8:52 AM
To: [EMAIL PROTECTED]
Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I need some help, i patch, complie, and everything according to:
 http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32

all goes fine fine, only get a few warnings (during the apache complie)

I then go to the httpd.conf  (%my_apache_ssl_root%/conf)

and put this in:

LoadModule ssl_module modules/mod_ssl.so


and I get (this) when i do apache -t :

C:\Program Files\Apache_SSL>apache -t
Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf:
Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server:
(182)
Note the errors or messages above, and press the  key to exit.  26...
C:\Program Files\Apache_SSL>

*thinking* *thinking*...

... then I just do a little test.

remove the previos loadModule by puting a # infront (lite this):

#LoadModule ssl_module modules/mod_ssl.so


and add:

AddModule mod_ssl.c


and get :

C:\Program Files\Apache_SSL>apache -t
Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf:
Cannot add module via name 'mod_ssl.c': not in list of loaded modules
Note the errors or messages above, and press the  key to exit.  23...
C:\Program Files\Apache_SSL>


and do a apache -l
where I get this:

Compiled-in modules:
  http_core.c
  mod_so.c
  mod_mime.c
  mod_access.c
  mod_auth.c
  mod_negotiation.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_userdir.c
  mod_alias.c
  mod_env.c
  mod_log_config.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_setenvif.c
  mod_isapi.c


and my suspicions were correct, "where are/is the SSL - module(s)?" cause it
ain't in
the compiled apache :)

If some could explain/help me how to meld this SSL module into apache, it
would be great :)
thanks.






//   with regards
//   ID ::  danalien  ::  <[EMAIL PROTECTED]>

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its
affiliated companies.

iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7
DmQQDW2F53itoAyTwCj7zlEj
=hTM+
-END PGP SIGNATURE-


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows

2002-04-03 Thread Andrew Lietzow


Dear Hassan,
RE:>>Windows 2000
Not to be smart or anything but why are you trying to run a server based
application on a desktop operating system?   Since PC's are so cheap and
Linux is so cheap, why not invest in a machine that will do what you want it
to do without having to pull out all of your hair?

RE:>>> "The instruction at "0x6ff90e08" referenced memory at "0x72676f76".
The memory could not be read."
This tells very little about the problem.  Oh, I suppose the authors of
these programs might be able to figure out what instruction is in that
memory location at the exact time that your programs fail, but this is
typical of Desktop O/S's.  They give you a bomb and then hope you can figure
it out.

RE:>>This has become a critical issue for me!
If that were true, you would already be running this on Linux...   Well,
maybe that's a bit strong but I am serious that source code type
applications are more compatible with source code type O/S's.  Do you have a
vested interest in running this on Windows 2000?  Is that a must do for you?
IMHO, whatever is holding you back from installing this application onto
Linux, you might as well deal with it and then move on ... RedHat, SuSE,
Caldera, Mandrake... just do it!

Andrew Lietzow
The ACL Group, Inc.



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

2002-04-03 Thread Danalien


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I need some help, i patch, complie, and everything according to:
 http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32

all goes fine fine, only get a few warnings (during the apache complie)

I then go to the httpd.conf  (%my_apache_ssl_root%/conf)

and put this in:

LoadModule ssl_module modules/mod_ssl.so


and I get (this) when i do apache -t :

C:\Program Files\Apache_SSL>apache -t
Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf:
Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182)
Note the errors or messages above, and press the  key to exit.  26...
C:\Program Files\Apache_SSL>

*thinking* *thinking*...

... then I just do a little test.

remove the previos loadModule by puting a # infront (lite this):

#LoadModule ssl_module modules/mod_ssl.so


and add:

AddModule mod_ssl.c


and get :

C:\Program Files\Apache_SSL>apache -t
Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf:
Cannot add module via name 'mod_ssl.c': not in list of loaded modules
Note the errors or messages above, and press the  key to exit.  23...
C:\Program Files\Apache_SSL>


and do a apache -l
where I get this:

Compiled-in modules:
  http_core.c
  mod_so.c
  mod_mime.c
  mod_access.c
  mod_auth.c
  mod_negotiation.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_userdir.c
  mod_alias.c
  mod_env.c
  mod_log_config.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_setenvif.c
  mod_isapi.c


and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in
the compiled apache :)

If some could explain/help me how to meld this SSL module into apache, it would be 
great :)
thanks.






//   with regards
//   ID ::  danalien  ::  <[EMAIL PROTECTED]>

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its 
affiliated companies.

iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7
DmQQDW2F53itoAyTwCj7zlEj
=hTM+
-END PGP SIGNATURE-


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Nowhere talks about RPMS installation. Is it possible?

2002-04-03 Thread Andrew Lietzow


Dear Sergie Mayordomo,

RE:>>> Is it normal that when I try  $apachectl startssl , or $httpd -SSLD
it don't works at all ?
---
In your apache home directory, e.g. /usr/local/apache, you have a few
important directories (they are probably ALL important but we're only going
to talk about three).

1) In the conf directory, do you have an httpd.conf?  If not, then it's
probably in your /etc/httpd directory.  Either way, load this datafile into
a text editor and examine all of your SSL statements.  Make sure SSL is set
up correctly.  What does correctly mean?  Set up so that it works.

2) In your bin directory, you have apachectl.  Execute <./apachectl
configtest> (there is a dot in front of the slash).  Does that run cleanly.
3) In the logs directory, you have the access_log and the error_log.  What,
if anything, about your problem shows up in these two files?  Are there any
clues that you can discover that might help?

Provide more infomation and maybe you can get it going.  The programs work
but you are still learning how to work the programs.  It might take a little
while.  This is a "non-trivial" application.

As for the RPM's I am sure thousands of people have made them work...

Good Luck!

Andrew Lietzow
The ACL Group, Inc.

- Original Message -
From: "Sergi Mayordomo" <[EMAIL PROTECTED]>
To: "modssl" <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 5:41 AM
Subject: Nowhere talks about RPMS installation. Is it possible?


> Hi,
>
> I have:  -apache-1.3.22-2.i386.rpm,  mod_ssl-2.8.5-4.i386.rpm. under
> Redhat 7.2
> I have php-4.0.6-12.i386.rpm too.
> Is it normal that when I try  $apachectl startssl , or $httpd -SSLD it
> don't works at all ?
> the previous commands aren't recognized for apache.
>
> Do you know if any RPM version would work correctly ??
>
> Thanks.
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Nowhere talks about RPMS installation. Is it possible?

2002-04-03 Thread Owen Boyle

Sergi Mayordomo wrote:
> 
> Hi,
> 
> I have:  -apache-1.3.22-2.i386.rpm,  mod_ssl-2.8.5-4.i386.rpm. under
> Redhat 7.2
> I have php-4.0.6-12.i386.rpm too.
> Is it normal that when I try  $apachectl startssl , or $httpd -SSLD it
> don't works at all ?
> the previous commands aren't recognized for apache.
> 
> Do you know if any RPM version would work correctly ??

I don't know much about the RPM environment (I usually "use the source,
Luke") but I doubt very much that getting a mod_ssl aware apache is as
simple as rpm -i on the packages above...

For one thing, the standard apache cannot load mod_ssl like a normal
module, the apache API has to be extended to allow mod_ssl access to the
openssl library. This means an apache recompile with mod_ssl... Did you
do something like this?

In any case, you can check the status of your apache binary by doing
"httpd -l" which will list the compiled in modules - do you see mod_ssl? 

If you are using DSO, do you get an error about the LoadModule directive
or any SSL directives in the config?

What do you see in the error_log when you try to start apache like this?
What SSL directives do you have in the config?
Do you have an SSL virtualhost defined?

Rgds,

Owen Boyle.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Nowhere talks about RPMS installation. Is it possible?

2002-04-03 Thread Sergi Mayordomo


Hi,

I have:  -apache-1.3.22-2.i386.rpm,  mod_ssl-2.8.5-4.i386.rpm. under
Redhat 7.2
I have php-4.0.6-12.i386.rpm too.
Is it normal that when I try  $apachectl startssl , or $httpd -SSLD it
don't works at all ?
the previous commands aren't recognized for apache.

Do you know if any RPM version would work correctly ??

Thanks.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows

2002-04-03 Thread Hassan S


Hi,

   I have a situation where I have to redirect from a HTTP to a HTTPS
connection
via a servlet. That is I send a HTTP GET request to a servlet which in
reply sends
a redirect to a web page with the URL protocol changed to HTTPS.

Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I
upgraded
to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is
crashing
with a error message like

"The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The
memory
could not be read."

If I click Cancel to debug using VC++ it shows an invalid memory access
in ApacheCore.dll.

My platform config is

Windows 2000
MS VC++ 6.0 (SP5)
OpenSSL 0.9.6c (built using MASM optimizations).

Please let me know where the problem is, or maybe where I should look to
try and
debug this. This has become a critical issue for me!

Regards,
Hassan.


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Creating client certificates ?

Problems with Client authentication and access control

Re: Creating client certificates ?

WebLogic 5.1 sp11 mod_wl_ssl.so for Apache 1.3.12/mod_ssl 2.6.6 breaks SSL

Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

RE: SSL cache issue

Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

RE: SSL cache issue

RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

RE: SSL cache issue

RE: SSL cache issue

AW: Creating client certificates ?

Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows

RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows

apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)

Re: Nowhere talks about RPMS installation. Is it possible?

Re: Nowhere talks about RPMS installation. Is it possible?

Nowhere talks about RPMS installation. Is it possible?

ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows

22 matches

Site Navigation

Mail list logo

Footer information