Your actual message issue notwithstanding, the versions you're running are not just old, they've got security flaws and vulnerabilities well documented at both CERT, apache.org, and openssl.org.
http://www.cert.org/advisories/CA-2002-27.html (Linux, Apache, OpenSSL, mod_ssl) http://www.cert.org/advisories/CA-2002-23.html (OpenSSL) http://www.cert.org/advisories/CA-2002-17.html (Apache) If you've got support preventing *you* from upgrading, *DEMAND* they be updated to reduce your security risks, vulnerability, and liability. If your support contract won't do that, you don't have support and you should upgrade to current anyway. Respectfully, -dsp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roberto Hoyle Sent: Tuesday, August 19, 2003 1:56 PM To: [EMAIL PROTECTED] Subject: CRL updating with mod_ssl I'm trying to understand when a CRL list gets read by Apache. I have cases of it being read when a new CRL is placed in the directory and the "make" is run, and cases when it does not get read under identical circumstances. The only reliable way that I have to make sure that the CRL gets updated is by restarting the server. Is this supposed to be the case? I'm confused that it works sometimes and doesn't work on others. Right now, I'm running 1.3.19 with mod_ssl 2.8.1 (yes, I know that they are old, but I am not able to update them for support reasons...). We have the SSLCARevocationPath directive set to the proper location, and a script that downloads a new CRL every evening and runs the make. The script does not kick the server. Our CRLs expire in seven days, but get published every evening. Should I just stop worrying and learn to love restarting Apache? Thanks, r. -- Roberto Hoyle PKI Lab Programmer Dartmouth College ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
