[ANNOUNCE] mod_ssl 2.8.13
Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it from the following locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003) *) Always enforce RSA blinding on RSA private keys in order to be resistent to timing attacks. *) Added timeout also to the pre-sucking of the trailing data in POST request handling. *) Correctly shutdown shared memory pools on fork+exec situations. *) Bugfix SSL client certificate verification: OpenSSL was not informed with SSL_set_verify_result(ssl, X509_V_OK) in case mod_ssl forced the verification to be ok. *) Consistently use OPENSSL_free() instead of plain free() to deallocate memory chunks allocated inside OpenSSL. *) Fixed various memory leaks related to X509 certificates. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: securing one area of a vhost in apache 2
So, bottom line, it is not possible to have a virtual host accessible via
http and require SSL for a part of it. Is that correct?
It's not really logical to want to segment out SSL-using and non-SSL-using
sections of a site within the server config; do this on the site itself in
the code. Here is what is commonly done, where I work anyway.
In your apache config, specify the use of SSL for the entire site. The
certificate applies to the entire site anyway, since a certificate applies
to anything that falls under the fully qualified domain name (FQDN) on the
certificate.
In the ***code*** of your site, hardcode the URL for the sections that
security to include https -- this sort of hardcoding (ie, using an
absolute path for the links instead of a relative one) is not bad form
since the URL should only be accessed using the FQDN anyway (ie, along as
the value on the certificate doesn't change, neither would the single
correct URL).
In the links that lead *out* of the secured area of the site, use absolute
links that specify http rather than https.
Also in the code, if anyone tries to access those sections without SSL,
rewrite the URL in their browser so that it includes the https.
And finally, also in the code, for any sections that don't require SSL (and
where you don't want the performance impact on needless SSL traffic), test
to see if the URL entered by the user includes https -- if it does,
rewrite it to remove the s.
This works well for us and it pretty straight-forward to implement.
Regards,
S.
---
Shawn Syms | Team Lead, Systems Administration
Infinet Communications | [EMAIL PROTECTED]
---
-Original Message-
From: Nick Tonkin [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 27, 2003 3:58 PM
To: R. DuFresne
Cc: [EMAIL PROTECTED]
Subject: Re: securing one area of a vhost in apache 2
On Thu, 27 Feb 2003, R. DuFresne wrote:
You gave this site it's own IP address yes?
No. It is using NameVirtualHost.
Virtual hosting with non-ssl works in a 'software' aware mode, while
virtual hosting with ssl is more 'hardware' in nature requireing specifici
IP addressing to function properly.
Hmm. I must have missed this in the docos. Rechecking ...
Hm. Well, I see that I was on the wrong track with How can I authenticate
my clients for a particular URL based on certificates but still allow
arbitrary clients to access the remaining parts of the server? ... that
appears on closer inspection to deal with certificate-wielding clients ...
Hm.
So, bottom line, it is not possible to have a virtual host accessible via
http and require SSL for a part of it. Is that correct?
Thanks,
- nick
--
~
Nick Tonkin {|8^)
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
shmcb access violation with openssl 0.9.6i
Hello All, I've been able to consistantly reproduce a GPF on Apache service shutdown using Openssl 0.9.6i, and Apache 2.0.44. Swapping to an older version of Openssl (0.9.6g) resolved the GPF. To reproduce, simply download and build OpenSSL 0.9.6i and Apache 2.0.44. Be sure to configure ssl to use the shmcb ssl session caching. Launch apache as a service and browse to the server using SSL. Then try to stop the apache service. During shutdown, Apache will GPF. Oddly, if you don't browse to the webserver using SSL, Apache will not GPF on shutdown. If it helps, the call stack looks as follows: NTDLL! 77f51baa() NTDLL! 77f7561d() apr_file_write(apr_file_t * 0x005e91c8, const void * 0x0006dd6c, unsigned int * 0x0006dd58) line 316 apr_file_puts(const char * 0x0006dd6c, apr_file_t * 0x005e91c8) line 441 log_error_core(const char * 0x6fd1d948, int 117, int 4, int 720006, const server_rec * 0x00602700, const request_rec * 0x, apr_pool_t * 0x, const char * 0x6fd1d924, char * 0x0006fdd0) line 543 ap_log_error(const char * 0x6fd1d948, int 117, int 4, int 720006, const server_rec * 0x00602700, const char * 0x6fd1d924) line 561 + 37 bytes ssl_mutex_on(server_rec * 0x00602700) line 118 + 28 bytes ssl_scache_shmcb_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, int 32) line 476 + 9 bytes ssl_scache_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, int 32) line 158 + 17 bytes ssl_callback_DelSessionCacheEntry(ssl_ctx_st * 0x00645240, ssl_session_st * 0x00689d90) line 1722 + 17 bytes timeout(ssl_session_st * 0x00689d90, timeout_param_st * 0x0006fe6c) line 602 + 18 bytes lh_doall_arg(lhash_st * 0x006453d0, void (void)* 0x1001a516 timeout(ssl_session_st *, timeout_param_st *), void * 0x0006fe6c) line 290 + 13 bytes SSL_CTX_flush_sessions(ssl_ctx_st * 0x00645240, long 0) line 619 + 18 bytes SSL_CTX_free(ssl_ctx_st * 0x00645240) line 1259 + 11 bytes ssl_init_ctx_cleanup(modssl_ctx_t * 0x0064ef68) line 1197 + 21 bytes ssl_init_ctx_cleanup_server(modssl_ctx_t * 0x0064ef68) line 1213 + 9 bytes ssl_init_ModuleKill(void * 0x0030c458) line 1249 + 12 bytes run_cleanups(cleanup_t * * 0x0030a5d0) line 1976 + 13 bytes apr_pool_destroy(apr_pool_t * 0x0030a5c0) line 755 + 12 bytes apr_pool_destroy(apr_pool_t * 0x00308588) line 752 + 12 bytes destroy_and_exit_process(process_rec * 0x00308618, int 0) line 247 main(int 3, const char * const * 0x003024a8) line 658 + 11 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e814c7() The error in log_error_core is: [Mon Mar 03 12:43:04 2003] [warn] (OS 6)The handle is invalid. : Failed to acquire global mutex lock. Is this a known issue? Is there something that I'm missing? Other than changing from DBM to SHMCB, I have stock conf files. Thanks in Advance, Edward Wong Connectivity Software Engineer Hewlett-Packard Company __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl.so??????
Hello: I am working with Microsoft Web Servers from quite a while but opted to go with Apache Web Servers because of it's stability and growing demands. I am trying to configure mod_ssl on WindowsNT4 Server runningApache. I have placed all the files where they belong exactly but I am getting this error message: CANNOT LOAD APACHE/MODULES/MOD_SSL.SO - I have learnt that DLL's are gone crazy which I placed under winnt\system32\ if so pleaseassist how can this glitch be rectified. Kind Regards, Mohsin mailto:[EMAIL PROTECTED] __ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. tracedata.GIF Description: Binary data mcse.gif Description: Binary data mcsa.gif Description: Binary data Blank Bkgrd.gif Description: Binary data
SSLMutex
When I try to start the Apache Server it gives an error: SSLMutex cannot occur within the Virtual Host section. Please advise. It is NT4 Server running. Mohsin mailto:[EMAIL PROTECTED] __ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. tracedata.GIF Description: Binary data mcse.gif Description: Binary data mcsa.gif Description: Binary data Blank Bkgrd.gif Description: Binary data
undefined symbol: X509_free
Having searched through the archive, I could not find a solution to the above error. This error only occurs when I build mod_ssl as dynamic linked module. When I have done is - download zlib-1.1.4 source and build it --shared --prefix=/usr - download openssl-0.9.7a source and build it - download httpd-2.0.44 source and build it ./configure --enable-ssl=shared -with-ssl=/usr/local/ssl My OS is Red Hat 7.2.
Re: stop apache/mod_ssl binding to all IP's.
Yes, I do have one other Listen directive...the Listen my.ip:80 for http, and yes, it is outside all virtual host directives, because as far as I am aware, they have to be. I tried placing them inside virt host directives and I got a config error. I have no BindAddress directives at all, and one Port directive at Port 80. terry R. DuFresne wrote: it sounds like perhaps yer http.conf files have perhaps more then one listen directive, perhaps outside the virtual Host directives. Might try grepping the file for listen and see what comes up. or, better yet, egrepping for bind|listen|etc... thanks, Ron DuFresne On Fri, 7 Mar 2003, Terry Kerr wrote: Mark, Thanks for you suggestion, but whenever I try to put Listen my.ip.address:443 (with the correct ip address ;-) My http or https server does start at all on any port. The log error I get is [crit] (98)Address already in use: make_sock: could not bind to address 203.89.254.243 port 443 But I don't get a similar error for port 80, so I don't know why it also doesn't start. I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address defined. I have tried many different combinations of name based and ip based virtual hosting, but https always binds to all IP's. As soon as I put the Listen ip.address:443, I get the log error above and no servers start. terry Mark Boddington wrote: Hi Terry, Perhaps your directives are being overridden in a IfDefine SSL or IfModule SSL block ? Listen IP:Port does work, works for me. Do you have the following in your config ? Listen my.ip.address:443 ... NameVirtualHost my.ip.address:443 ... VirtualHost my.ip.address:443 ... /VirtualHost Cheers, Mark On Thu, 6 Mar 2003, Terry Kerr wrote: Hi, I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system. The system has two IP's, and I only wish for apache to start on ports 80 and 443 on one of those IPs. I am using named based virtual hosting for many sites on the system for http, and have just one virtual host setup for https on port 443. The problem that I am having is that I cannot stop mod_ssl from binding to port 443 on both the IP's on my system. I have tried every possible combination of Listen, BindAddress, and Port, and have managed to prevent http from starting on all IP's, but https still starts on all IPs. Is there any way to stop this? ddD Will I need to start two seperate servers, one serving http only, and one serving https only? If I was to do this, I may as well go back to using apache-ssl which is the default installation on debian anyway. Thanks in advance terry -- Terry Kerr ([EMAIL PROTECTED]) Adroit Internet Solutions (www.adroit.net) Phone: +61 3 9563 4461 Fax: +61 3 9563 3856 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Terry Kerr ([EMAIL PROTECTED]) Adroit Internet Solutions (www.adroit.net) Phone: +61 3 9563 4461 Fax: +61 3 9563 3856 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ssl on win2000
Does SSL work on a win2000, apache(1.3.xx or 2.xx - precompiled binary) and php(4.3.x) system? If yes, is there someone who can tell what to do for installing it and make it work? I need a httpds for win2000. Thank you. John M.
Re: Help on Apache 2.0.43 + SSL installation
On Wed, 12 Mar 2003, Cliff Woolley wrote: I'm cc:ing the users list so that the response is in the archives in case anyone else has a similar problem. On Sat, 8 Mar 2003, Kitty Ko wrote: How are you? I read accross one of your email replay on the binding shared libraries with OpenSSL on the interent, and that's how I got your email address. I have encounter problems while installing SSL + APACHE. I am wondering if you can give me some hits. I have successfully completed installing Tomcat 4.0.6 + Apache 2.0.43 on the Unix box. Buy I can't have SSL installed. FYI. I build apache and open ssl form source. After I extracted the openssl-0.9.7, I did the following: # cd openssl-0.9.7 # ./config --prefix=/depot/ssl/install --openssldir=/depot/ssl/install/openssl # make However, once I get into make build-shared, i got the following errors: ld:fetal: relocations remain against allocatable but non-writable sections colletc2: ld returned 1 exit status make: ***[do-solars-shared] Error 1 My questions are: 1. how to fix this compile error Hmmm... well honestly I'm not all that familiar with linker problems on Solaris. I have heard a number of people report problems getting the shared library build of openssl to work on Solaris, though that's about as much insight as I can offer. The option to use both a static openssl and a static mod_ssl remains, of course, and at this point sounds like your best option. 2. how do i know if I compiled mod_ssl statically or dynamicelly? httpd -l will list all the statically-compiled modules. I build the apache by the following command: # ./configure --with-layout=Apache --prefix=/depot/apache2 --enable-mods-shared=most --enable-ssl=shared ^^^ ...though this right here tells me you've built it as shared, since that's what that means. :) --Cliff For the openssl compile (with gcc) use: ./config --prefix=path shared threads no-idea '-fPIC' Then build Apache 2.x: ./configure --with-layout=Apache --prefix=/depot/apache2 \ --enable-mods-shared=most \ --with-ssl=path \ --enable-ssl=shared make ; make install Note when using gcc on Solaris you may run across a dependency on libgcc.a (__floatdisf, --floatdidf,...). Set SH_LDFLAGS=`gcc -print-libgcc-file-name` ; ./configure... This shlould be all you need. Note: Use the linker (ld) in /usr/ccs/bin Mon aƩroglisseur est plein d'anguilles John P. Dodge Boeing Shared Services __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
httpsd doesn't start
Hi All, I saw a couple of references to this problem in the archives, but none of the solutions there solved my problem. I am running: Red Hat 7.3 Apache 2.0.44 OpenSSL 0.9.7 1) I have a pretty vanilla httpd.conf running only one site and I am trying to set up a secure virtual site in /apache2/htdocs/secureSite/ . 2) I created my key and self-signed cert in /apache2/conf/ . 3) I configured apache2/conf/ssl.conf to point to the correct key and cert and with the correct path to the directory that I want to serve documents from I stop httpd and run apachectl startssl with no complaints, but only httpd starts, not httpsd, and nothing gets logged. I have no idea how to track down what has gone wrong. Can anyone offer any suggestions where to look? Sorry if this is not enough information if you tell me what else you need, I am happy to provide it to you. Thanks, Mike
Apache 2.x SSL failing -- no listening sockets available, shutting down
Hello, I have attempted several times on 2 platforms to install and run Apache SSL. Linux PPC and Linux Redhat8.0 This is the build source -- httpd-2.0.44.tar.gz I followed various ./configuration options and here are the last tried: configured by ./configure, generated by GNU Autoconf 2.54, with options \'from config.status : '--prefix=/opt/apache' '--enable-mods-shared=most' '--enable-ssl=shared'\ I started apache on port 443, normal style. Infact, if failed as soon as I added I wondered, of course, if some mod_ssl package is requried in the mod structure, but found no documentation for Apache 2.x to that effect anywhere I looked. == Errors == ../bin/apachectl start no listening sockets available, shutting down Unable to open logs I asked on the generic apache users list, no answer. I am actually getting pretty concerned. This is a secure server, it doesn't work and nobody seems to care. Many, many operations depend on this. = CXN, Inc. Contact: [EMAIL PROTECTED] President, The Linux Society http://groups.yahoo.com/group/linux-society linux society distro - http://www.thinman.com/eLSD/readme ThinMan is a registered trademark of CXN, Inc __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
problem building mod_ssl with apache2.0.44 openssl 0.9.6 solaris9
Hi, I've seen a couple of articles where people have had problems with the above, can anyone suggest a version of ssl that works ok, I used the ssl package from the sun freeware site and installed via pkgadd, built apache from source with gcc. config command, ./configure --prefix=blah --enable-ssl -with-ssl /usr/local/ssl I'm getting the same vhost.c line 232 error as others. Thanks in advance, Martin Evans -- The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter. Visit us at www.ing.com -- 01 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Installation Woes
Hi,
I have attached a build script I use to make Apache 1.3.27 with SSL.
Maybe this will be useful.
Regards,
Stuart
---
[EMAIL PROTECTED] wrote:
Rick,
been fighting with it myself today, I'm using Solaris but if you run httpd
-l it will tell you what modules were compiled into your build, if mod_ssl
isn't there you'll either have to rebuild with mod_ssl or load the module
dynamically.
-Original Message-
From: Rick Root [mailto:[EMAIL PROTECTED]
Sent: Friday, March 14, 2003 3:46 PM
To: [EMAIL PROTECTED]
Subject: Installation Woes
Hi folks.. I'm a newbie here, installing Apache and OpenSSL and mod_ssl
from source on my RedHat 7.3 (I uninstalled the RPMS)
Call me stupid, but I must be missing something...
The installation instructions are pretty straightforward but I have one
major problem - the httpd.conf doesn't include ANY ssl configuration
options after it's installed.
So of course, SSL doesn't work.
The instructions seem to assume that the SSL configuration options will
be there. This left me really confused.
I ripped out some code from another httpd.conf but now I've got it
responding to SSL on port 80 as well as 443.
What I'm looking for is BASIC instructions on how to configure apache to
use SSL (and maybe someone can tell me why it's not IN the instructions
in the first place). I've looked in the FAQ and the reference guide but
I haven't had any luck yet.
Downloaded everything today - apache 1.3.27, open_ssl 0.9.7a, and
mod_ssl 2.8.12
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
--
The information in this Internet email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this Internet email by anyone else
is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it, is prohibited and may be
unlawful. When addressed to our clients any opinions or advice contained in this
Internet email are subject to the terms and conditions expressed in any applicable
governing ING terms of business or client engagement letter.
Visit us at www.ing.com
--
01
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
--
Stuart V Cook BSc. (Hons)
Senior Software Consultant - Micromuse Ltd.
90 Putney Bridge Rd, London. SW18 1DA. UK
Office: +44-(0)20-8875 9500 x734
Mobile: +44-(0)7771 816 472
#!/bin/sh
if [ $# -lt 1 ]; then
echo Usage:
echo \t$0 arch
exit 1
fi
if [ -n $2 ]; then
ROOTPATH=$2
fi
if [ -n $ROOTPATH} ]; then
MASTER_PATH=${ROOTPATH}/master/apache_1.3.27
BUILD_PATH=${ROOTPATH}/${1}/apache
OPENSSL_PATH=${ROOTPATH}/openssl-engine-0.9.6g
# MM_PATH=${ROOTPATH}/mm-1.2.1
MOD_SSL_PATH=${ROOTPATH}/mod_ssl-2.8.12-1.3.27
else
echo ERROR: Please specify root path to files.
exit 1
fi
# Build Open Secure Socket Layer
cd $OPENSSL_PATH
echo Changed to directory `pwd`
echo Configuring OpenSSL...
echo Executing \sh config no-idea no-threads\
RES=`sh config no-idea no-threads 21`
if [ $? -gt 0 ]; then
echo Failed to configure OpenSSL becauase:\n$RES | more
exit 1
fi
echo Cleaning up any previous builds...
echo Executing \make clean\
RES=`make clean 21`
echo Making OpenSSL...
echo Executing \make\
RES=`make 21`
if [ $? -gt 0 ]; then
echo Failed to make OpenSSL because:\n$RES | more
exit 3
fi
#
# Build Shared Memory Library
#
# cd $MM_PATH
# echo Changed to directory `pwd`
# echo Configuring Shared Memory Library...
# echo Executing \./configure --disable-shared\
# RES=`./configure --disable-shared 21`
# if [ $? -gt 0 ]; then
# echo Failed to configure Shared Memory Library becauase:\n$RES | more
# exit 1
# fi
# echo Cleaning up any previous builds...
# echo Executing \make clean\
# RES=`make clean 21`
# echo Making Shared Memory Library...
# echo Executing \make\
# RES=`make 21`
# if [ $? -gt 0 ]; then
# echo Failed to make Shared Memory Library because:\n$RES | more
# exit 3
# fi
# Configure Secure Socket Library Module
Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.7a + ubsec engine questions
Hi, Currently I'm setting up a Broadcom 5820 accelerator on company's web server. Everything seem to work. I compiled mod_ssl with enabled experimental code, when I start the apache the module for the broadcom card gets used. When I do requests to the apache, the statistic program of broadcom card show that the card is used. Everything seems fine. But I stress test the apache and to my surprise the result doesn't look good at all: 27 hits/sec without broadcom card 28 hits/sec with broadcom card (ubsec engine). So I suppose something in my config is wrong or the card is unusable. So I'm asking for help if someone has ever made apache working with ubsec engine and similar card and does he have similar results. And if someone has better results what he did in order to achieve them. Here is my setup: Slackware Linux 8.1 Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.7a bcm 1.81 driver Regards Kostadin Galabov System Administrator Netclime Inc. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: httpsd doesn't start
I was in your exact boat yesterday, (except I use RH 8), and my problem turned out to be that the default, out-of-the-box ssl.conf file has ssl logging to logs/whateverLogFile, and I don't have a logs subdirectory where I keep my ssl.conf. I commented out all the logging lines (and hopefully everything will work when I replace them with the real paths to the real logs) and it started up right away with /usr/sbin/httpd -k start -DSSL. I wish it would have complained about this everytime I tried to start it up rather than just returning a prompt as if everything was fine... HTHE -Original Message-From: Mike Burkhouse [mailto:[EMAIL PROTECTED]Sent: Thursday, March 13, 2003 11:42 AMTo: [EMAIL PROTECTED]Subject: httpsd doesn't start Hi All, I saw a couple of references to this problem in the archives, but none of the solutions there solved my problem. I am running: Red Hat 7.3 Apache 2.0.44 OpenSSL 0.9.7 1) I have a pretty vanilla httpd.conf running only one site and I am trying to set up a secure virtual site in /apache2/htdocs/secureSite/ . 2) I created my key and self-signed cert in /apache2/conf/ . 3) I configured apache2/conf/ssl.conf to point to the correct key and cert and with the correct path to the directory that I want to serve documents from I stop httpd and run apachectl startssl with no complaints, but only httpd starts, not httpsd, and nothing gets logged. I have no idea how to track down what has gone wrong. Can anyone offer any suggestions where to look? Sorry if this is not enough information - if you tell me what else you need, I am happy to provide it to you. Thanks, Mike
Re: httpsd doesn't start
On Thu, 13 Mar 2003, Mike Burkhouse wrote: I stop httpd and run apachectl startssl with no complaints, but only httpd starts, not httpsd, and nothing gets logged. I have no idea how to track down what has gone wrong. Can anyone offer any suggestions where to look? There's no such thing as httpsd under Apache 2.0.x. That's an Apache-SSL-ism, and Apache2 uses mod_ssl. HTTP and HTTPS are served by the same daemon process(es). --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.x SSL failing -- no listening sockets available, shutting down
Hello, I have attempted several times on 2 platforms to install and run Apache SSL. Linux PPC and Linux Redhat8.0 [...] I wondered, of course, if some mod_ssl package is requried in the mod structure, but found no documentation for Apache 2.x to that effect anywhere I looked. Take a look at http://www.apacheworld.org/ty24/, in the secure server chapter for detailed instructions on how to get Apache 2 working with SSL Cheers Daniel __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
