le under heavy load.
>
> We really do need to get Ralf to add the check for SSLSessionCache under
> the FAQ for IO errors with MSIE browsers.
/bin/done -- for mod_ssl 2.8.1.
Ralf S. Engelschall
[
Sorry for the short delay, but here it finally is: mod_ssl 2.8.1 for
Apache 1.3.19. The corresponding CHANGES entries are appended below.
Grab it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
On Thu, Mar 01, 2001, ModSSL user wrote:
> Just to know when mod_ssl 2.8.1 for apache 1.3.19 will be
> available ?
Now ;)
Ralf S. Engelschall
[EMAIL PRO
tegrate parts of the
posted Win32 patches). So, don't be unhappy that I personally cannot
respond, because we have other really great guys here who do an even
better job in answering questions than I ever would be able to do.
Yours,
Ralf S. Engelschall
e
> 269
> .
> BEGIN not safe after errors--compilation aborted at configure.bat line 283.
> C:\apdev\modssl>
Ops, I forgot a complete line to add to configure.bat.
Now fixed in CVS. The next CVS snapshot will have it fixed.
od_ssl-2.8.0-1.3.17.tar.gz can only be used with Apache
1.3.17. But if you want to use Apache 1.3.19 you now should use
mod_ssl-2.8.1-1.3.19.tar.gz. It is already available.
Ralf S. Engelschall
[EMA
fixed in CVS. The next CVS snapshot will have it fixed.
>
> Even with that, there are still 2 bugs that prevent it from compiling on Win32.
> I attach a diff file.
Thanks for your feedback. I've comitted your additional patches to
(means: an unpolished 70% percent solution). And I also know
that someone (not necessarily me) will again find this not satisfactory.
What approach then is used to change this we all still don't know...
Ralf S. Engelschall
nt page (http://www.modssl.org/) still
> links to the 2.6 version of the FAQ, Ralf, can you update the link?
Ops, good catch. Fixed.
Ralf S. Engelschall
[EMAIL PROTECTED
mod_ssl-2.6.6-1.3.12
Yes.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
o, there are no glibc bug workarounds in mod_ssl.
I'm sure your glibc is broken.
Ralf S. Engelschall
[EMAIL PROTECTED]
All text around the PEM data is just for information. It not parsed by
mod_ssl/OpenSSL. It is there just for human reading.
> I wonder how I can create such a format for my CA cert.
> Do you have an idea?
$ openssl x509 -text -noout -in
't show anything.
By default you cannot adjust any parameters. But look at the CHANGES
file, there is experimental support for SSLProxy directives which
can help you.
Ralf S. Engelschall
[EMAIL PR
->value->data, xsne->value->length+1);
> (*cppCN)[xsne->value->length] = NUL;
> +#ifdef CHARSET_EBCDIC
> + ascii2ebcdic(*cppCN, *cppCN, strlen(*cppCN));
> +#endif
> return TRUE;
> }
> }
C
it
clearly says what the problem is. Make sure the module which implements
"LoadModule" is present. In your case, this is mod_so and can be enabled
with --enable-module=so on the APACI command line while building Apache.
Ralf S. Engelschall
.8.2. Hopefully it will
not blow away our legs.... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to Open
is ignored. If I remove the SSLRequireSSL directive then it works fine.
I think I found the reason. mod_ssl's auth handler returned OK instead
of DECLINE and so mod_auth was no longer called from the Apache module
dispatching code. Should be fixed for mod_ssl 2.8.2. Thanks for your
feedba
/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.2 (03-Mar-2001 to 30-Mar-2001)
*) Moved the Shared
l, so the scanner never uses stdin to
read the input data.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
> Any idea?
You connect with HTTPS to a port where only HTTP is spoken.
Check your server configuration, it's certainly a configure error.
Ralf S. Engelschall
[EMAIL PROTECTED]
ld remain SSL_EXPERIMENTAL until we have no first
release version of OpenSSL available with this functionality.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engels
that mod_ssl caused such problems.
What does the error logfile say?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
ally, I may be there
> Ralf - so you can unequivocably blame me if the shmcb blows off any legs.
Ok, then I'll try to add another slide, dedicated to the session caching
variants
Ralf S. Engelschall
engines) {
+ENGINE_load_builtin_engines();
+loaded_engines = TRUE;
+}
+#endif
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
return err;
if (strcEQ(arg, "builtin")) {
Ralf S. Engelschall
l.org/docs/apachecon2001/ and at least watch the
presentation's slide-set.
cu@ApacheCon!
Ralf S. Engelschall
[EMAIL PROTECTED]
www.
t's a typo. "exclusion" is the word. Now fixed for 2.8.3
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Tue, Apr 03, 2001, Ralf S. Engelschall wrote:
> I'm now leaving for attending ApacheCon 2001 in Santa Clara, CA.
> For the modssl-user's who also attend ApacheCon: freel free to
> share our interest by visiting our talk W24 on Wednesday evening.
> For those of us
as no
> "#ifdef".
>
> What gives? Why do this twice?
This should be already gone with 2.8.2.
I guess you are looking at an older version, right?
Please use the latest one.
Ralf S. Engelschall
0.9.4 or 0.9.4 with this mod_ssl
version. Or (what I strongly recommend) use the current Apache 1.3.12 and
mod_ssl 2.6.4 version.
Ralf S. Engelschall
[EMAIL PROTECTED]
nes of mod_ssl.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to Op
ecking for
shared memory maximum segment size... 64MB (soft limit)" so it certainly
is not a problem in general with Solaris 2.8.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
Now available: mod_ssl 2.8.3 for Apache 1.3.19.
Just the usual amount of cleanups and bugfixes
(see CHANGES entries below).
Grab it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
the pass-phrase from your private key.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Inter
ipped SDBM on all Linux platforms. Can you
figure out why the "$OS" based check in src/modules/ssl/libssl.module
does not apply for your platform?
Ralf S. Engelschall
ll those postings are
relayed through the [EMAIL PROTECTED] account. Unfortunately I'm such
horrible busy with all the open source projects I'm involved in that I
only can walk though this mailbox once per week and approve all non-spam
mail manually.
As you should now, our Apache 1.3.20 is available since yesterday.
So here is the corresponding mod_ssl 2.8.4. The CHANGES entries are
appended below.
Fetch mod_ssl 2.8.4 from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S
.
I plan to provide an upgraded mod_ssl version for 1.3.22 on Monday or
Tuesday.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.5 (20-May-2001 to 16-Oct-2001)
*) Upgraded to Apache 1.3.22
*) Fixed check whether server certif
nce over the attached PR text and visit our
project site at http://www.openpkg.org/. Thanks for listening and...
happy packaging! Oh, and we have also packaged OpenSSL and Apache+modssl
in OpenPKG, of course ;)
Yours,
Ralf S. Engelschall
Apache 2.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Use
y fault. The rsync cronjob was broken which updated the CVS copy
from my master machine. Now fixed.
For Apache 1.3.23: Expect an mod_ssl update for 1.3.23 within the next
days.
Ralf S. Engelschall
[EMA
On Mon, Jan 28, 2002, Ralf S. Engelschall wrote:
> > [...]
> > And, the mod_ssl I get from CVS is for 1.3.20, which is *less* than the
> > one that is downloadable already built for 1.3.22, shooting holes in my
> > initial theory that going to the CVS was even
In article <[EMAIL PROTECTED]> you wrote:
> When is planned the final release ?
For today.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engels
mod_ssl 2.8.6 for Apache 1.3.23 is now available.
The corresponding CHANGES entries are appended.
You can fetch it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
rite seems to be the only alternative I've seen so far. If I'm
> wrong, let me know...
Either you have to put the RedirectMatch only into the of
the HTTP-only virtual server or (in case you do it globally) you have to
use a RewriteRule with a RewriteCond which checks th
o.
No, the server certificate is also important and required for the secure
exchange of the crytography parameters of SSL/TLS. Without this, the
client and server would not be able to securely exchange the necessary
symmetric encryption parameters.
R
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002)
*) Support for the latest OpenSSL 0.9.7 snapshots.
*) Fixed potential buffer
In article <[EMAIL PROTECTED]> you wrote:
> Just wanted to know if there's a mod_ssl version for apache 1.3.24?
> Since the current version will not compile with apache 1.3.24.
Will be released within the next 48 hours.
Ra
for remembering me.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.mods
://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.8 (23-Feb-2002 to 27-Mar-2002)
*) Upgraded to Apache 1.3.24
ess,
support related questions might be rejected if the question cannot be
answered in a reasonable short time.
Thanks for your understanding.
Yours,
Ralf S. Engelschall
_ssl will be on its way shortly, but was
> looking for something in the meantime to close up any possible problems.
mod_ssl 2.8.9 will be released within a few hours. Just be patient, please.
Ralf S. Engelschall
On demand by the release of Apache 1.3.26 I've made available
mod_ssl 2.8.9. The details are appended below.
Fetch it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engels
Another bugfixing round in the maintainance of mod_ssl 2.8 for Apache 1.3.
Fetch it and upgrade from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
ource/
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002)
*) Upgraded to Apache 1.3.27.
*) Fixed internal error handling for CRL verific
Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Ralf S. Engelschall
Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Ralf S. Engelschall
Just for your information: the Apache mod_ssl project environment was
migrated to a new location. In case of any problems, contact me.
Ralf S. Engelschall
[EMAIL PROTECTED
On Sun, Dec 15, 2002, Mads Toftum wrote:
> On Sun, Dec 15, 2002 at 09:41:11AM +0100, Ralf S. Engelschall wrote:
> > Just for your information: the Apache mod_ssl project environment was
> > migrated to a new location. In case of any problems, contact me.
> >
> It seems t
in
>> forgetting to synchronize the website. Now fixed. Thanks for the hint.
>
> does this imply there are to be no more apache 1.3 developement or version
> updates, thus modssl is now moving entirely into the source for apache
> 2.0?
Err.
_DEBUG. But ordinary permission problems
> should definitely NOT trigger an abort().
There are more abort()s, but not from me (EAPI), of course.
I usually use abort() only in special situations...
dering
> if this is normal or not.
As their [info] tag cleary indicate, they are just informal messages about the
stage into which mod_ssl is. They are normal, yes. Real problems are never
reported with [info], they are either [error] or [warn]. Your problems are
definetely not related to the
that the posted Win32-pass-phrase-dialog patch worked as expected...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
7;s Apache-SSL and not mod_ssl.
So you should start browsing on http://www.apache-ssl.org/
for documentation.
Ralf S. Engelschall
[EMAIL PROTECTED]
. But read the README.Patents document in the mod_ssl
distribution for a few hints...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
red properly?
Compare your httpd.conf with httpd.conf-dist as provided by mod_ssl. The
contained SSL configuration works fine. Take over this one.
Ralf S. Engelschall
[EMA
On Fri, Oct 08, 1999, Ralf S. Engelschall wrote:
> [..]
> > That said, if you blindly type in the password, the server
> > starts no problem, so it's easy to make it workable,
> > if a little ugly.
> >
> > If I manage to produce a shippable patch, I'l
ix=/beaker/yzc/apache --enable-module=most --enable-module=so
Ah, here is your problem. Because mod_ssl is not present, you've
to enable EAPI manually, of course. Use --enable-rule=EAPI here, too.
Ralf S. Engelschall
ssions will be considered; no product-specific
sales or marketing sessions, please. Course material will be made
available to the public after the Conference.
Ken Coar
ApacheCon 2000 Chair
=
> certificate, or is it true for a VeriSign certificate also? if
> so, what CA cert is it that we should add?
For GIDs you should use the newer SSLCertificateChain directive to configure
the whole CA chain, including the intermediate CA Versign uses. The browser
has to know
SSL_EXPERIMENTAL to get POST working correctly. If you already
have the experimental code enabled, I've currently no clue why it doesn't
work.
Ralf S. Engelschall
et has a timing problem. Or mod_jserv or
whatever you're using...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
I'm busy with moving this week, please take the chance and fetch the
latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should
be very stable. Please give feedback whether it works fine or fails horrible
until Friday.
Thanks.
27;s a definete thumbs up from here.
Ah, sounds good. Thanks for the feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
On Tue, Oct 19, 1999, Mike Klinkert wrote:
> On Tue, 19 Oct 1999, Ralf S. Engelschall wrote:
>
> > So, while I'm busy with moving this week, please take the chance and fetch the
> > latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should
> >
onfigured v2.4.5...
Yes, as you can see MM is present only in the first variant.
If you do it manually you've to use EAPI_MM=../mm-1.0.9 there, too.
And BTW, please use a more recent MM version.
art of EAPI and for EAPI you've to
recompile Apache. So, yes, for MM you've to recompile Apache.
Ralf S. Engelschall
[EMAIL PROTECTED]
er else unusual situations
occured. So I guess 2.4.6 is ready to be kicked out the next days.
Ralf S. Engelschall
[EMAIL PROTECTED]
ent myself and it worked fine with the latest mod_ssl snapshot.
So please start over with these newer versions.
Ralf S. Engelschall
[EMAIL PROTECTED]
d_ssl. At least we've
not changed anything related to the CN handling, except that the server
received a few additional warnings messages for the logfile if it detects some
inconsistencies. So I think you should check your certs and browser cert
caches instead.
t this situation. And it says that you need to enable
experimental stuff to make it running.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
"
>
> So it's seeing a request for "%" from https, but not http ?
> Hints appreciated.
As the FAQ explains, such errors usually indicate that you're speaking HTTPS
to a port where HTTP is spoken only. Make sure "SSLEngine on&
it to be a
very stable version which successfully passed all my tests. The corresponding
CHANGES entries for this new version are appended.
As always, you can grab it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S
visual c++ enterprise?
Anyone should work, I think.
Although I'm not an expert in M$ products...
Ralf S. Engelschall
[EMAIL PROTECTED]
Public Primary Certification Authority - G2
Verisign Class 4 Public Primary Certification Authority - G2
Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA
Ralf S. Engelschall
[
.4.6 (or at least 2.4.5)?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
tiplexed
I/O, of course. Just use some of these servers if you don't need special
Apache features. Whether these servers support SSL is a different questions...
Ralf S. Engelschall
e
> also made sure to test the new dll.
> [...]
DLL? Win32? Ok, then it's clear that you might have problems.
I assumed you're testing under Unix. I never tried this on Win32.
Ralf S. Engelschall
d, Raven or some of those Apache servers.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Inte
ng as you at least select not a too
| esoteric server (then you might not get the cert/key in PEM or DER format).
| Just select Stronghold, Raven or some of those Apache servers.
The same is true independent whether you buy a standard cert or a SGC.
e segfault occurs either still inside
OpenSSL's SSL_accept() or directly after this call inside mod_ssl. The problem
is just that SSL_accept() calls internally a lot of code inside OpenSSL, so
this is not easy to debug. You should start by compiling OpenSSL with "-g
-ggdb3
least it would be useful for you to give us a few
more details _WHAT_ exactly is the problem. If it's a compile-time problem we
usually help you (or at least give you a few hints) if we at least see the
error messages.
ad of
> deploying Stronghold we actually run modssl/apache? Would this
> be legal?
50% of the people say this is not legal and the other 50% say it's in the gray
area. So you've to decide yourself what to do ;) At least you cannot expect an
official OK for this approach from RS
y in
third-party libraries which are used by the modules.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
a "bug" in mod_perl. Doug tries hard to make it
stable and has certainly eleminated the real "bugs". But the problems mod_perl
has under DSO are IMHO related to internals in the Perl library itself (which
Doug cannot solve directly).
account of Majordomo and waits until I approve it
manually once per day. This handling is to prevent any spam mails on
modssl-users.
Ralf S. Engelschall
[EMAIL PROTECTED]
detected such a larger
growth of mod_ssl for the last month. So I've to conclude that at least some
interesting evolution for mod_ssl currently takes place ;)
Yours,
Ralf S. Engelschall
7;t say anything about
the problem. Try "SSLLogLevel trace" to see more details about the situation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
's a good time for you to upgrade
your installations to the latest and most stable version now.
Fetch it now from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
at the mod_ssl edge. Then
it's already either an issue of OpenSSL or even with your key itself.
Same for the certificates: Check whether OpenSSL can read them
correctly with "openssl x509 -noout -text -in ", first.
Ralf S
1 - 100 of 1522 matches
Mail list logo