On Wed, Oct 07, 1998, Alan Spicer wrote:
>[..]
> I have installed SSLeay-0.9.0b and mod_ssl-2.0.10-1.3.1 for
> Apache 1.3.1. I installed per INSTALL instructions and the
> installation went just fine. I however get nothing with
> Netscape Communicator 4.05 except the certificate warning
> boxes. After that there is a timeout of about 3-minutes and
> then Netscape pops up "Document contains no data".
3 minutes? Hmmm... sounds like a typical DNS timeout.
>[...]
> s_client ...
> after several minutes tells: read:errno=0
> Apache error_log tells: connect: Connection timed out
But this sounds more like a network problem.
> When I pipe the output of s_client to less so that I can view all
> of it, there is verify errors such as:
>
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> verify error:num=21:unable to verify the first certificate
This is harmless, just because s_client cannot verify
the server certificate. It has nothing to do with your
network problems, IMO.
>[...]
> Funny thing, I installed from the exact same tar.gz's at home
> on another RedHat Linux box with an older kernel, and the
> same exact version web server (ok I upgraded to 1.3.1 ;-)
> and Lo-and-Behold the one here at home works! I can get the
> SSL lock via my local ethernet and I have had someone else
> test via the Internet where it worked also.
This means that it's a local problem on this particular other Linux box.
Because you said its a RH 5.0 box and I already know of reports for strange
problems under RH 5.0 related to Apache and mod_ssl I conclude that RH 5.0 is
your problem here, too. But we do not know, of course.
>[...]
> If I can get a response from the author, I will at his
> convenience provide any information that is needed to debug
> this problem, including if necessary - access to the machine
> via secure shell.
Yes, without tracing the code you cannot find the root
of your problems. I recommend you the following:
1. Try to find out wheter there are 5.0 updates related to kernel and libc
from RedHat which perhaps solve your problems. Because other RH 5.0 users
reported similar problems for Apache recently, the chance is high that
there is something broken under RH 5.0. Especially the glibc2 stuff causes
problems. After people have downgraded to libc5 Apache worked for them.
Perhaps this is the case for you, too.
2. After 1.) failed you can create an "rse" account on your box,
reachable via SSH. Then when I find time I can spent an hour to trace the
code. This way we at least know at which corner the problem is.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
