I've found that I have to force HTTP 1.0 responses to get all versions of
MSIE clients to get them to work reliably, especially during long running
CGI responses.
I use this line in my SSL virtual host section which seems to be doing the
trick so far:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive
Give openssh/openssl a try, if you have a compiler, it will probably work:
http://www.openssh.com/
You'll want to download the portable release from here:
http://www.openssh.com/portable.html
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
You need to use the apxs tool to build the mod_jrun module like this:
/path-to-apache/bin/apxs -c /path-to-jrun/connectors/apache/src/*.c
It should place mod_jrun.so in /path-to-apache/libexec/mod_jrun.so.
Then modify your httpd.conf file as usual.
This has been working great for me on
I've run across a conflict between the mod_ssl FAQ
and the configuration which the distribution seems to actually
install. The FAQ recommends the following as a workaround for
problems with MSIE:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
However, the configuration
The difference of course is that the former hits *all* MSIE browsers,
including recent ones which seem to get along fine without the
workaround. Also, closing the connection each time, as mandated in
the FAQ, has a considerable performance cost, to the point that one
site which I'm involved
Hi,
Just to confirm, we are also seeing the same issues with 56-bit MSIE 5 and
Apache 1.3.12, mod_ssl 2.6.4 and openssl 0.9.5a. As far as I can tell, it
only affects 56-bit MSIE 5. No SSL pages log at all. There are no messages
in the logs. Does anyone know of a workaround which won't affect
Hi,
I'm seeing messages like this in our ssl_error_log:
[Fri Jun 30 22:20:42 2000] [error] mod_ssl: SSL handshake failed (server
www.ourserver.com:443, client xxx.xxx.xxx.xxx) (OpenSSL library error
follows)
[Fri Jun 30 22:20:42 2000] [error] OpenSSL: error:14094412:SSL
om: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Monday, July 03, 2000 11:56 AM
To: [EMAIL PROTECTED]
Subject: Confirmed: MSIE 5 56-bit does not work with latest
Apache/mod_ssl/openssl
Hi,
Just to confirm, we are also seeing the same issues with 56-bit MSIE 5 and
Apa
Hi,
I've noticed that on my version of openssl (0.9.5a, compiled on IRIX 6.5),
EXP56 does not match the expected 56 bit ciphers that EXPORT56 does.
openssl ciphers -v EXP56
openssl ciphers -v EXPORT56
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1
export
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum
Sent: Monday, July 10, 2000 7:03 AM
On Mon, Jul 10, 2000 at 04:58:37PM +1000, [EMAIL PROTECTED] wrote:
Anyone seen this with mod_ssl 2.6.5 and apache 1.3.12? Web server
non-responsive,
check the box and one
Remember that when you do a "apachectl startssl", it adds the
argument -DSSL. So if you do a "httpd -DSSL -l", you should see ssl in
there.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Diana Moreland
Sent: Tuesday, July 11, 2000 8:07 AM
Strange, what version of Apache are you using? (httpd -v)
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Diana Moreland
Sent: Tuesday, July 11, 2000 10:45 AM
To: [EMAIL PROTECTED]
Subject: Re: SSL configuration with Apache
Thanks for
Do this:
chmod 755 /django/opt/apache_1.3.12/logs/ssl_mutex*
Or even better, shutdown Apache, delete all the ssl_mutex* files, and
restart.
The ssl_mutex files should be automatically created with the right
permissions.
Don't do a chmod -R +x apache_1.3.12, it's not a good idea.
-Dave
]]On Behalf Of callen
Sent: Tuesday, July 11, 2000 12:38 PM
To: [EMAIL PROTECTED]
Subject: Re: SSLMutex
David Rees wrote:
Or even better, shutdown Apache, delete all the ssl_mutex* files, and
restart.
-Dave
David thanks,
I did what you advised with shutting down and restarting:
Before
On Wed, Jul 12, 2000 at 12:41:38AM -0700, [EMAIL PROTECTED] wrote:
Since the doc still has reference to php3 , I'm curious as to the steps to
configure the subject line's configuration. I tried running mod_ssl first,
then php4, then compilation of apache, but that didn't work. Any Ideas?
What versions of IE (4.0, 5.0 5.01, 5.5?) and security levels (40-bit,
56-bit, 128bit?) are affected besides 5.5? All of them? What version of
mod_ssl and openssl are you running?
Are you also runing the line:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
in your
What versions of IE (4.0, 5.0 5.01, 5.5?) and security levels (40-bit,
56-bit, 128bit?) are affected besides 5.5? All of them? What
version of
mod_ssl and openssl are you running?
ie 5.0, 5.01, 5.5 both 56-bit and 128-bit have been testedc
openssl version 0.9.5a
modssl 2.6.6-1.3.12
I stand corrected, I have downoaded the source for 2.6.5 but have not
installed it yet.
I currently have the rpm of 2.6.2 for mod_ssl
OK, If you want to avoid compiling yourself, get the rpm for mod_ssl 2.6.5
and install that, first. Then we'll start the trouble shooting process
again.
On Fri, Jul 14, 2000 at 07:28:12PM -0600, Jeff Gelina wrote:
Do you know where that rpm is, there is no rpm at www.rpm.org nor can i
find anything at www.modssl.org. Is there even one?
You didn't look very hard, did you? :-)
http://www.modssl.org/contrib/
-Dave
In addition to the mod_ssl-2.6.5-1.i386.rpm, you also need the
openssl-0.9.5a-1.i586.rpm. You probably also want to get the apache rpm
from the same location.
-Dave
On Sat, Jul 15, 2000 at 12:06:15PM -0600, Jeff Gelina wrote:
man i am embarrased one level down, I was thinking contriubution
On Sat, Jul 15, 2000 at 06:57:02PM -0600, Jeff Gelina wrote:
Ok, I have done as you have requested (it was a pain in the butt) you will
see the new page at http://minnesota.coinfotech.com but you will not be
able to access the https with any ie browser. Netscape will see it just
fine.
On Sun, Jul 16, 2000 at 12:05:08PM -0500, Steve Petty wrote:
We are running SSL on Apache 1.3.12 with tomcat, openssl and mod_ssl (on
solaris boxes). We have load balanced for the optimum number of
connections and all is working fine.
However, after the user finishes, departs the last
On Sun, Jul 16, 2000 at 12:02:32PM -0600, Jeff Gelina wrote:
David,
Here you go:
http://www.coinfotech.com/httpdconf.htm
I apprciate the help you have given me so far, thanks
P.S. could you please send me a copy of your httpd.conf file (I am by no
means an expert and would
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum
Sent: Monday, July 17, 2000 9:11 AM
On Mon, Jul 17, 2000 at 09:16:28AM -0600, Jeff Gelina wrote:
SP would be a good idea except that this is Linux 6.2.
I'm about to install a new
On Tue, Jul 18, 2000 at 01:10:12PM +0100, Stuart Gall wrote:
It all works just fine with Netscape, however with IE5 5.01 and 5.01SP1
it is very unreliable.
Most of the time when I enter the URL I get
"DNS Error or server unreachable"
After several refreshes it prompts for the
On Wed, Jul 19, 2000 at 12:24:01PM +0100, Edward Thomas wrote:
Dear All,
I am running a site based around mod_ssl 2.6.5, open ssl 0.9.5a and Apache
1.3.12 using a Thawte "Super Certificate" (designed to allow new browsers to
use 128 bit encryption outside the USA).
The problem is that,
Hmmm, looks like an entry for the FAQ!
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Diana Moreland
Sent: Wednesday, July 19, 2000 10:00 AM
To: [EMAIL PROTECTED]
Subject: Re: SSLMutex error
Thanks for everybody's help. I finally got
Judging by the problems you, Jeff Gelina and others have had with using RPMs
to install mod_ssl, I can't say that I recommend it! It seems that the most
reliable way to get mod_ssl running is to compile entirely from source.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
Hmmm, I'm seeing occasional messages like:
[Wed Jul 19 11:57:35 2000] [notice] child pid 237216 exit signal Abort (6)
[Wed Jul 19 14:39:28 2000] [notice] child pid 231042 exit signal Bus error
(10)
We mostly see Bus errors, and not that frequent. This is on IRIX 6.5
running with mod_ssl as a
On Wed, Jul 19, 2000 at 01:00:08PM -0400, Diana Moreland wrote:
Thanks for everybody's help. I finally got it fixed. Here's what I did (for anybody
else that might run in to this.) I tried to change the ownership of the logs
directory
to the nobody user but it would not change. I looked
On Thu, Jul 20, 2000 at 10:07:20AM +0200, Mads Toftum wrote:
On Wed, Jul 19, 2000 at 10:52:36AM -0700, David Rees wrote:
Hmmm, I'm seeing occasional messages like:
[Wed Jul 19 11:57:35 2000] [notice] child pid 237216 exit signal Abort (6)
[Wed Jul 19 14:39:28 2000] [notice] child pid
Shouldn't be a problem. When building apache, just specify a
different --prefix.
Don't know about the wildcard certs, though.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of callen
Sent: Thursday, July 20, 2000 12:44 PM
To: [EMAIL
On Thu, Jul 20, 2000 at 08:44:49AM -0700, David Rees wrote:
On Thu, Jul 20, 2000 at 10:07:20AM +0200, Mads Toftum wrote:
On Wed, Jul 19, 2000 at 10:52:36AM -0700, David Rees wrote:
Hmmm, I'm seeing occasional messages like:
[Wed Jul 19 11:57:35 2000] [notice] child pid 237216 exit
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum
Sent: Tuesday, July 25, 2000 10:24 AM
On Tue, Jul 25, 2000 at 09:20:33AM -0700, David Rees wrote:
To follow up on my own message, I tested mod_ssl loaded statically into
Apache, and I still get bus errors so
Well, I used apxs to compile the JRun module, I'll have to check to make
sure that it adds the -DEAPI flag. The bus errors only happen
occasionally,
so I suspect it's a subtle problem.
Apxs usually does it right - /path/to/apache/bin/apxs -q CFLAGS
will tell you.
Trying without JRun
Interesting, I found the same behavior when compiling mod_ssl statically
into apache. Loading mod_ssl as a DSO would not core dump when doing a
graceful. I did not get a stack trace. Here's the Apache configuration I
used:
./configure --prefix=/usr/local/apache --enable-module=ssl
OK, I recompiled with -g and have now got a backtrace:
0 SSL_CTX_ctrl(0x0, 0x20, 0xf, 0x0, 0xc, 0x101a8768, 0x10208384, 0x1)
["/local/home/drees/temp2/openssl-0.9.5a/ssl/ssl_lib.c":860, 0x100ec950]
1 ssl_init_ConfigureServer(s = 0x10207380, p = 0x101d58f8, sc =
0x10226140)
I have it set to alert. I am trying to to -HUP or -USR1 the truss'ed
apache, but nothing gets to it. When I run apache without Truss, it's fine
(well, crashes on both -HUP and -USR1).
Well, if anyone knows what could be causing this, don't hesitate to post.
I am running Solaris 2.7 (Apache
Take a look at the patch I just
posted a minute ago, it takes care of your concerns (which were mine as
well)
-Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Cliff WoolleySent: Wednesday, July 26, 2000 3:12
PMTo: [EMAIL
To reply to my own message,
I've tested this with mod_ssl loaded statically and as a DSO, it works
great. No more core dumps when built statically and the memory leak is just
about fixed. There's still a small memory leak somewhere, the httpd
processes still grow a bit after many (hundreds)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Cliff Woolley
Sent: Wednesday, July 26, 2000 3:49 PM
The problem appears to be that (at least in the case of static linking)
SSL_CTX_new() is returning NULL in ssl_engine_init.c lines 530 or 532, and
then
release of mod_ssl. I've also included some of the original discussion
below.
Thanks,
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Wednesday, July 26, 2000 3:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [BugDB] Segfault on graceful
Even though it does still say HTTP/1.1, I've found that it behaves like a
HTTP/1.0 response.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Simon Weijgers
Sent: Thursday, July 27, 2000 1:46 PM
To: [EMAIL PROTECTED]
Subject: MSIE problems /
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ralf S. Engelschall
On Thu, Jul 27, 2000, Cliff Woolley wrote:
From what I can tell, but it may be a completely unrelated memory
leak, I'm
not sure. Either way, it's pretty damn small, and not
That should be a:
/var/lib/apache/bin/httpd/ -DSSL
Notice the missing '-'. That should fix things up.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Raymond
Sent: Thursday, July 27, 2000 8:21 PM
To: [EMAIL PROTECTED]
Subject: starting
On Wed, Jul 26, 2000 at 11:17:14AM +0200, Hugues Pisapia wrote:
And sometimes (well, more often with MSIE than with Mozilla :), apache gets
Segmentation faults. It seems that it comes from openssl or modssl as i tried
many configurations. Apache gets SEGVs only when the virtual host with
On Fri, Jul 28, 2000 at 01:27:32PM +0800, Raymond wrote:
thanks for the reply david but that did not work also. any other suggestions.
Can you make your config file available somewhere so we can take a look at
it? I've most often found that config file problems are the most frequent
cause of
No one has had good luck when using RPMs to install mod_ssl. I'm afraid that
recompiling Apache from scratch is the way to go.
What's the problem with the RPMs?
I roll them, and if you got a RPM specific porblem,
I'll be happy to look at it.
Maybe if everyone used the RPMs you rolled
On Fri, Jul 28, 2000 at 11:06:19AM +0200, GOMEZ Henri wrote:
What. The apache-mod_ssl RPM is one of the easier RPM to install.
Many Redhat users have switched from Apache-SSL to Apache-mod_ssl
since it's a plugin replacement of standard Redhat apache.
If you haven't succeed in
On Sat, Jul 29, 2000 at 08:16:45PM +0200, Mads Toftum wrote:
I can't say that I've tried any of the rpm's (but then I've always
preferred to build stuff from scratch ;-)
I'm sure you're right when you say that the rpm's are easy to use,
but I think we've seen a growing number of problems
Please refer to the FAQ:
http://www.modssl.org/docs/2.6/ssl_faq.html#ToC48
In short, adding the lines:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Simon Weijgers
I'm getting spurious SSL handshake interrupts with MSIE (alot with msie4
(i tried 4.72.3110.4 and 4.72.3612.1713) and sometimes with MSIE
5.00.2614.3500. But this is old news. What I discovered today is that if I
I have recently rebuilt our build of apache 1.3.12 with
mod_ssl-2.6.5-1.3.12 , and both the HUP and USR1 signals cause a
complete
termination of httpd. Syslog catches the following:
That is the same story as we've seen a lot about over the last week
with graceful restarts. See
I don't know enough to help them (which is obvious
or I wouldnt be writing this) other than do what I did, reinstall everything
from the tar balls and never use an rpm again. .
Jeff Gelina
ISP Colorado Information Technologies
- Original Message -----
From: David Rees [EMAIL PROTECT
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ralf S. Engelschall
Sent: Monday, August 07, 2000 4:59 AM
I'm currently rather busy (with things where others force me to
give them high
priority), but the patch will be included this week and will
Yes. But Ralf said about the topic: "But I'm still not convinced whether
we
just need the surrounding #ifdef SHARED_MODULE ... #endif stuff. I really
have
to look deeper to make sure we solve the problem the correct way and not
introduce a new problem (perhaps a new memory leak)."
So
I want to answer http(s) requests for 3 URLs from this server:
https://ecom.mydom.com/
http://pik1.mydom.com/
http://pik2.mydom.com/
Q: will name-based virtual hosting support this, or do I need to use an
IP-based virtual host for the https?
You will only run into problems when trying to
I can succesfully compile and run OpenSSL 0.9.5, Apache 1.3.12
with mod_perl
1.24, and mod_ssl 2.6.5-1.3.12 (As you can see... all of these
are the last
releases of every packet). Though when trying to establish a
secured connection
from Netscape 4.08 under Windows NT the handshake fails.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Deidy Rosales
Sent: Monday, August 07, 2000 10:29 AM
Hi,
Thanks for responding so quikly!
I did read the FAQ you sent me to... and I don't think it
applies to my problem
cause my browser is not
Self-generated.. running actually the test certificate (make certificate)
that
comes with apache 1.3.12.
Have you tried with a more recent version (4.74) of Netscape? Is this
Netscape 4.08 on Windows that you're using?
-Dave
Self-generated.. running actually the test certificate (make
certificate)
that comes with apache 1.3.12.
Have you tried with a more recent version (4.74) of Netscape? Is this
Netscape 4.08 on Windows that you're using?
Well, with Netscape 4.7 the problem continues, but everything
The error message is
/opt/JRun/connectors/apache/sparc-solaris/mod_jrun.so is crashed
with EAPI. Before installing SSL, the apache can start with JRun.
What's the problem???
Besides, when I check the apache log file, I find msg like
"Failed to generate temporary 512 bit RSA private key".
Q: will name-based virtual hosting support this, or do I need
to use an
IP-based virtual host for the https?
IP-based. See http://www.modssl.org/docs/2.6/ssl_faq.html#vhosts
That's what I thought... it might be clearer to the average bear if a
note like "but see the following for
CPU's are averaging about 50% load are not maxing out, so
there's plenty of
headroom there.
The logs show no signs of any errors.
Hmmm. Haven't tried mod_status. I'll take a look and see
what it tells me.
NT wouldn't be my first choice either but *nix isn't a
corp.
On Sat, Aug 12, 2000 at 06:08:09PM +0200, Mads Toftum wrote:
There's always the changes file:
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/CHANGES
Yes, but I wasn't sure if it was up to date or not. It looks like all the
major issues have made it in, I was just wondering if any other
On Sat, Aug 12, 2000 at 10:42:56PM +0200, Ralf S. Engelschall wrote:
The two major bugfixes went in. The changes entries are also always appended
to my ANNOUNCE postings. The new features from my development queue
(alternative Stronghold 3 round robin shared memory cache, LDAP support, etc),
Can
you specify an exact version of IE which this occurs at? How many bit
encryption browser and certificate are you using?
Are
you using the specified IE workarounds listed on the FAQ? It sounds like
you're running into the MSIE keep-alive bug.
-Dave
-Original Message-From:
actually i have configured it using ip-based virtual host because i am
aware of that part in the FAQ. using your example as a pattern, i
got that
error message. then i tried to define my NameVirtualHost using
the ports to
be used and it seems to work fine now.
NameVirtualHost
I wouldn't worry about it. As the hint says, someone probably pressed stop
in their browser. I see these messages on my servers as well.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Penny Rand
Sent: Wednesday, August 16, 2000 4:40 PM
To:
This is fixed in mod_ssl 2.6.6.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, August 31, 2000 4:44 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [BugDB] Staticly linked mod_ssl on Linux core dumps on
If you've tried adding the two lines below, and this does not help, the next
thing to check is your installation itself.
What version of apache/mod_ssl/openssl are you running? Did you build from
tarballs or install from RPMs?
I've found that the two lines below fix all problems with all
I installed from RPM,
Versions used,
Apache 1.3.12
OpenSSL 0.9.5a
mod_ssl 2.6.5
I am thinking about re-downloading the rpm's from other sites (other than
mod_ssl I assume it is legit) and see if that helps.
Where did you download the original rpms? Downloading the RPMs from the
On Mon, Sep 11, 2000 at 04:18:36PM +0200, Ralf S. Engelschall wrote:
You are trying to build and ancient version (2.1) of mod_ssl against OpenSSL.
Forget this, even if it works after some fiddling. As I said in the other
threads, please start from scratch with Apache 1.2.12, mod_ssl 2.6.6
I see
this same thing (occasional segmentation faults) on Irix 6.5.x running Apache
1.3.12 / mod_ssl 2.6.6. I've seen this behavior since mod_ssl 2.6.4, but
haven't tested earlier versions than that.
I've
tried different ssl session caches (none, dbm, shm) and building mod_ssl
statically
On Thu, Sep 14, 2000 at 09:51:23AM +0200, Ralf S. Engelschall wrote:
As it looks, all of you who have seen segfaults, have them on Solaris. Let me
suggest you to re-build Apache+mod_ssl+OpenSSL as a static program (no DSOs at
all)? Because the brain-dead "load modules twice" approach of
On Thu, Sep 14, 2000 at 04:17:51PM -0700, Jackson Ching wrote:
I have successfully compiled the openssl already, but i am confuse on what
parameters i should place in the compilation of modssl. I'm using RedHat Linux 6.2,
Apache 1.3.12 (RPM version), JServ 1.1.2 (RPM version), openssl
You're
going to have to recompile the jserv module to remove this
warning.
-Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of [EMAIL PROTECTED]Sent: Tuesday, September
26, 2000 2:44 PMTo: [EMAIL PROTECTED]Subject:
-DEAPI errors
hi,
. all of the other modules have this error as well. All of the
modules are compiled with the the -DEAPI flag on the compilers command
line
- Original Message -
From:
David Rees
To: [EMAIL PROTECTED]
Sent: Tuesday, September 26, 2000 3:15
PM
Are
you sure the modules being compiled with -DEAPI are the ones being loaded by
Apache?
-Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of [EMAIL PROTECTED]Sent: Tuesday, September
26, 2000 3:32 PMTo: [EMAIL PROTECTED]Subject: Re:
I finally found some time to get a debugger on the apache processes, and do
some load testing until one of the children sigbussed. It seems that
leaving the debugger on caused most of them to sigbus, and eventually some
children started showing sigsegv in another section of code.
I haven't had
--Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Wednesday, October 04, 2000 2:59 PM
To: [EMAIL PROTECTED]
Subject: Stack trace of SIGBUS on IRIX
I finally found some time to get a debugger on the apache
processes, and do
some load tes
Hi Jeff,
The latest version of apache/mod_ssl/openssl is what you want to be using.
This means apache-1.3.12, mod_ssl 0.9.6 and openssl 0.9.5a or 0.9.6.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Mayzurk
Sent: Wednesday, October 04,
My guess is that the SIGBUS is probably something that happens because
you've got it running under the debugger. The SIGSEGV more looks like
the real problem here - I'm no expert at reading debugger output ;-) but
it looks like the problem is in adding entries to the session cache, when
I've been trying to get JServ and mod_ssl running at the same
time. I can get
one or the other working, not both together.
It there a way to create a Makefile that includes both packages
so I only have
to compile one time?
You need to do is to build mod_ssl first as a DSO. Then go ahead
Thanks, but if you note my original message, I said we're locked into
Apache 1.3.3 because of a third party module. Or, in other words, we
can't upgrade to Apache 1.3.12 and mod_ssl 2.6.x.
Ah, sorry, I did not see that.
We're observing large memory leaks with mod_ssl 2.0.15. So my questions
Ah, sorry - I didn't take the time to read through your earlier
messages ;-)
But then this seems to be more or less outside mod_ssl (unless this is
specifically an eapi thingy - I don't have my source tree handy) ... have
you seen the same problems when running without -DSSL ?
I have not
2 questions:
- once I have installed everything
(apache/mod_ssl)
with a specific key/certificate, can I change the
key/certificate
without having to reconfigure and reinstall everything?
Most definately. It's definable in a couple of configuration options in
httpd.conf.
-
Rick,
The mod_ssl instructions work very well.
Here are the exact steps (which assume you are using bash, mostly from the
INSTALL document in the mod_ssl package) I use to install:
$ gzip -d -c apache_1.3.12.tar.gz | tar xvf -
$ gzip -d -c mod_ssl_2.6.6-1.3.12.tar.gz | tar xvf -
$ gzip -d -c
According to Geoff's tests, it both increases performance and provides
a more robust and efficient session cache. But I've no numbers at hand,
although I know that Geoff has numbers (actually graphs). Geoff, can you
make your benchmarking details for c2shm available to the people?
That would
So, everything went fine, I now have Apache1.3.12 with mod_ssl
2.6.6-1.3.12
and openssl 0.9.6 and mm 1.1.3 running on my caldera OpenLinux 2.3. I also
built mod_jserv, and everything just went smoothly.
But when I come to the last step, configuring ApacheJServ like this:
root@caldera
Are you sure that the file /usr/local/JSDK2.0/lib/jsdk.jar exists and that
your java executable is /usr/local/jdk/bin/java? What does `which java`
say?
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Hiendl Elke
I wrote it like this:
#
LOL!
I'm finding this guy more funny than anything! :-)
-Dave
Hi--you'll continue to get these messages until you cease your take-over
of MY SITE.
snip
__
Apache Interface to OpenSSL (mod_ssl)
Ah, another interesting day on the mod_ssl list. :-)
Good to see that most people are taking this lightheartedly.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Michael T. Babcock
Sent: Wednesday, October 11, 2000 10:54 AM
"[EMAIL
On Wed, Oct 11, 2000 at 04:34:40PM -0400, Aaron Beveridge wrote:
Some users are having problems connecting to the server I just set up. I am
using Apache_1.3.12, mod_ssl-2.6.6-1.3.12, rsaref-2.0, and openssl-0.9.6 on
a RedHat 6.2 system. They are getting a "Server not found" error. I have
Do you have stack traces from these sigbus errors? If you set the
CoreDumpDirectory parameter in your httpd.conf to a directory that your
httpd processes can write you, then you can run a debugger on the core and
get a stack trace.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
I see those SSL handshake messages all the time, but I suspect that it's
actually because people are pressing stop on their browsers. :-)
If people are seeing "page cannot be displayed" messages occasionaly, this
sounds like the keep-alive problem with MSIE. Do you have the following in
your
I'll see if I can verify this on my IRIX machines here. We've been running
apache_1.3.12/mod_ssl 2.6.6 with good results so far, and was planning on
testing the latest release in the next two weeks.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf
Looking at your error a little closer, it looks like a configuration error.
I did not have any problems compiling running mod_ssl 2.7.0-1.3.14 over
here:
[Sat Oct 14 06:14:04 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.0
OpenSSL/0.9.6 configured -- resuming normal operations
This is on
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Friday, October 13, 2000 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: apache-1.3.14 fails to start with modssl-2.7.0 on IRIX65
Looking at your error a little closer, it looks like a
configuration error
326mS[ 0] : exit(1)
Hmm, where's that : coming from?!?!
See if I can find that in the apache source.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Friday, October 13, 2000 10:31 AM
To: [EMAIL PROTECTED]
Sub
1 - 100 of 279 matches
Mail list logo
