>-----Original Message-----
>From: Dave Paris [mailto:[EMAIL PROTECTED]
>
> snip...  You claim to  
>have spent two MONTHS trying to find what I found in under 10 
>SECONDS.

Er... the difference is that you recognised the problem immediately
because you have seen it before. So you knew exactly what to type into
Google.

If you put yourself in Ian's shoes, he was using the NBVH mechanism for
ages and became very familiar with it. He then tried to extend it to
SSL, which is a reasonable thing to do, and then was suprised that it
didn't work. It is not blindingly obvious, a priori, what the problem
is. In that case, it is not so obvious what to type into Google - you
might not necessarily realise that the problem is to do with NBVH,
especially if that is not the only thing you changed.

I am making this comment because I followed a very similar route to Ian
in discovering this SSL limitation. In my case, I was tasked by my boss,
who is a competent programmer, to "set up some NBVHs under SSL". It
never occurred to me that my boss could have handed me an impossible
task and I spent weeks trying to get it to work. In the end, it was this
mailing list which enlightened me.

Since then, I've tried to help out on the list, initially by explaining
this issue whenever it came up but lately (since others also now do this
quite ably), by chipping in whenever some bright spark reckons that he's
found a workaround (it's a bit like debunking perpetual motion machine
designs). Usually, he's forgotten about authentication and is using the
same cert in all VHs...

Anyway, the point I'm making is that the original poster is obviously a
seasoned hacker (he uses openssl from the command line!) and as such
should be welcome on this list and congratulated for using mod_ssl... So
could we be a bit friendlier please?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 





>That doesn't make me one bit of a better person than you... it just  
>says that my mind works in a way that is different from yours.  I'd  
>wager there are certain tasks you accomplish quite easily that would  
>take me some effort.  It's the way us humans seem to be designed.
>
>Every once in awhile, it's a good thing to look at who we are 
>and what  
>we're good at and then review what we've chosen to do in life. 
> Doing a  
>job that meshes well with how you think can be all the difference  
>between looking forward to an rewarding day at the office and 
>a bruised  
>forehead from repeatedly smashing your head against a wall in  
>self-frustration.  [ of course, I'm omitting the forehead bruising  
>caused by external influences like PHBs ;-) ]   As for the 
>tone of your  
>note .. life's tough, grab a helmet.
>
>Kind Regards,
>-dsp
>
>On Thursday, Aug 21, 2003, at 00:05 US/Eastern, Ian Newlands wrote:
>
>> If I hadn't already exhausted resources I would not have made this  
>> post in the first place.  I have tried 3 different versions 
>of apache,  
>> searched through previous postings, used search engines etc. 
>bought 2  
>> books on apache and have been attempting to get this going 
>for almost  
>> 2 months now.
>>
>> I'm glad you're amused by my frustration here.
>>
>> If there is anyone out there that is willing to submit a serious  
>> response to this I would appreciate it greatly.
>>
>> Regards,
>>
>> Ian Newlands
>>
>>
>> ----- Original Message -----
>> From: "Dave Paris" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Cc: "Ian Newlands" <[EMAIL PROTECTED]>
>> Sent: Thursday, August 21, 2003 11:58 AM
>> Subject: Re: virtual hosting
>>
>>
>>> geeze.  is it that time of the month already for this question?   
>>> seems like it was just yesterday when it was asked last .. 
>maybe I'm  
>>> just thinking of the other 100,000 times it was asked.
>>>
>>> in all seriousness, this dead horse has been beaten so many 
>times on  
>>> this list there isn't even a carcass left to hit at this point.   
>>> please go dig through the mail list archives to see why name-based  
>>> virtual hosts don't work with SSL.
>>>
>>> yes, that's a flippant answer.  no, you're not likely to 
>get a reply  
>>> any more serious.
>>>
>>> -dsp
>>>
>>> On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
>>>
>>> > I am currently running about 15 virtual hosts using name 
>based on  
>>> port > 80, and 1 virtual host using SSL.
>>> >
>>> > My SSL host is currently working with the following:
>>> >
>>> >    <VirtualHost _default_:443>
>>> >
>>> > However I want to change this to the IP based hosting for this  
>>> host, > allowing me to then add more SSL based virtual 
>hosts on this  
>>> setup, so > I tried changing this to the following:
>>> >
>>> >    <VirtualHost 203.xxx.xxx.xxx:443>
>>> >
>>> > By doing this my SSL virtual host stops working altogether.
>>> >
>>> > I try the following to debug it on a remote machine:
>>> >
>>> >    # openssl s_client -connect 203.xxx.xxx.xxx:443
>>> >    CONNECTED(00000003)
>>> >    27604:error:140770FC:SSL 
>routines:SSL23_GET_SERVER_HELLO:unknown  
>>> > protocol:s23_clnt.c:475:
>>> >
>>> > I do the exact same thing on the local machine and it 
>responds with  
>>> a > valid SSL response.
>>> >
>>> > Can anyone suggest might be wrong here?
>>> >
>>> > Regards,
>>> >
>>> > Ian Newlands
>>> >
>>> > _________________________________________________________________
>>> > Hotmail is now available on Australian mobile phones. Go to  >  
>>> http://ninemsn.com.au/mobilecentral/signup.asp
>>> >
>>> >  
>>> 
>______________________________________________________________________
>>> > Apache Interface to OpenSSL (mod_ssl)                    
>>> www.modssl.org
>>> > User Support Mailing List                       
>>> [EMAIL PROTECTED]
>>> > Automated List Manager                             
>>> [EMAIL PROTECTED]
>>> >
>>>
>>>
>>>
>>
>> _________________________________________________________________
>> Hot chart ringtones and polyphonics. Go to   
>> http://ninemsn.com.au/mobilemania/default.asp
>>
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      [EMAIL PROTECTED]
>Automated List Manager                            [EMAIL PROTECTED]
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
  • Re: Boyle Owen
    • Re: Götz Babin-Ebell

Reply via email to