On Sun, 6 Jan 2002, R. DuFresne wrote:
> I'd remove the mailman CGI scripts, they have some security issues that
> have been covered on the Bugtraq list.
I really don't think that this is a very helpful comment because it's a
non-sequitur; first off it doesn't solve David's problem, and second of
all, you should provide some context for that statement. MailMan < 2.0.8
suffers from cross-site-scripting security problems which have been fixed
in the latest release, if those are the security issues you are referring
to. Even so, what if David is running MailMan on an intranet where the CSS
bugs won't be exploited? Then these security issues are not relevant to
him.
- Julian
> On Sun, 6 Jan 2002, David Gibbs wrote:
>
> > Folks:
> >
> > I'm having a problem getting mod_ssl to work in my Apache server running
> > Mailman CGI programs.
> >
> > I'm running RedHat 7.2, with Apache/1.3.22 & mod_ssl 2.8.4.
> >
> > I have self-signed the certificates and the system seems to work fine when
> > using Netscape.
> >
> > For some reason, however, when I try to access the exact same pages with
> > Internet Explorer (5.5), none of the cgi input is accepted ... it's just
> > ignored.
> >
> > The mailman interface uses POST to submit the data to the server.
> >
> > I'm using the following SSL dirctives...
> >
> > SSLEngine on
> > SSLCertificateFile /etc/httpd/conf/ssl.crt/lists.crt
> > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lists.key
> > CustomLog /var/log/httpd/mailman/ssl_request_log "%t %h
> > %{SSL_PROTOCOL}x
> > %{SSL_CIPHER}x \"%r\" %b"
> > ScriptAlias /cgi-bin/ /home/mailman/cgi-bin/
> > SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> > +StrictRequire
> >
> > Any suggestions?
> >
> > Thanks!
> >
> > david
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
