At 11:12 AM 10/7/98 +0200, you wrote:
>On Wed, Oct 07, 1998, Alan Spicer wrote:
>
>>[..]
>> I have installed SSLeay-0.9.0b and mod_ssl-2.0.10-1.3.1 for
>> Apache 1.3.1. I installed per INSTALL instructions and the
>> installation went just fine. I however get nothing with
>> Netscape Communicator 4.05 except the certificate warning
>> boxes. After that there is a timeout of about 3-minutes and
>> then Netscape pops up "Document contains no data".
>
>3 minutes? Hmmm... sounds like a typical DNS timeout.
>
>>[...]
>> s_client ...
>> after several minutes tells: read:errno=0
>> Apache error_log tells: connect: Connection timed out
>
>But this sounds more like a network problem.
>
>> When I pipe the output of s_client to less so that I can view all
>> of it, there is verify errors such as:
>>
>> verify error:num=20:unable to get local issuer certificate
>> verify return:1
>> verify error:num=21:unable to verify the first certificate
>
>This is harmless, just because s_client cannot verify
>the server certificate. It has nothing to do with your
>network problems, IMO.
>
>>[...]
>> Funny thing, I installed from the exact same tar.gz's at home
>> on another RedHat Linux box with an older kernel, and the
>> same exact version web server (ok I upgraded to 1.3.1 ;-)
>> and Lo-and-Behold the one here at home works! I can get the
>> SSL lock via my local ethernet and I have had someone else
>> test via the Internet where it worked also.
>
>This means that it's a local problem on this particular other Linux box.
>Because you said its a RH 5.0 box and I already know of reports for strange
>problems under RH 5.0 related to Apache and mod_ssl I conclude that RH 5.0 is
>your problem here, too. But we do not know, of course.
>
>>[...]
>> If I can get a response from the author, I will at his
>> convenience provide any information that is needed to debug
>> this problem, including if necessary - access to the machine
>> via secure shell.
>
>Yes, without tracing the code you cannot find the root
>of your problems. I recommend you the following:
>
>1. Try to find out wheter there are 5.0 updates related to kernel and libc
> from RedHat which perhaps solve your problems. Because other RH 5.0 users
> reported similar problems for Apache recently, the chance is high that
> there is something broken under RH 5.0. Especially the glibc2 stuff causes
> problems. After people have downgraded to libc5 Apache worked for them.
> Perhaps this is the case for you, too.
>
>2. After 1.) failed you can create an "rse" account on your box,
> reachable via SSH. Then when I find time I can spent an hour to trace the
> code. This way we at least know at which corner the problem is.
>
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
* Wow. Tell me again how to tell what C Library I have? I remember recently
installing some software that had to be downloaded depending on which libc.
I want to compare which libc the local "working" mod_ssl has as compared to
the remote 2 machines that currently won't work with mod_ssl. I'm a little
leary about changing libc's on these two remote production machines. I don't
want to break anything else that is currently working.
It's funny ... I'd think my local machine, running a Cyrix clone Pentium would
be the problem one ;-) I had to recently install a patch so that GCC could
compile 'C' programs at all. It was specific to problems with Cyrix 6x86's and
GCC. Anyway I think all three have the same type of glibc, but I want to
confirm that. Funny now the Cyrix is the one that WORKS and not the true blue
Intel Pentium's ;-)
All three machines were originally installed from the same RedHat 5.0 CD from
Macmillan Computer Publishing.
---
Alan Spicer ([EMAIL PROTECTED])
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
