OpenSA 1.0.0 problems + fixes

[Christophe Warland]

Hi there, Here is my feedback about the 1.0.0 installation. I am no opensa expert, so my comments are just worth what they are worth: some psycho user comments. My primary interest was to obtain a DN from within a Tomcat servlet in a virtual-host system. And here is a list of small problems I got on my NT 4 SP5 to achieve this. -------------------------------------------------------------------- 1. apachemodulessl.dll loading problem -------------------------------------------------------------------- When starting "apache -D SSL" after the install, I got an error window "Apache.exe - Ordinal Not Found" with the text: [The ordinal 1182 could not be located in the dynamic link library LIBEAY32.dll] I tried many things to solve that, like including OpenSSL\bin in my path, but without success. I finally edited the default file "Apache\conf\httpd.conf" and changed the line #192 from LoadModule ssl_module modules/apachemodulessl.dll into LoadModule ssl_module modules\\apachemodulessl.dll and I cut and pasted the *.dll from OpenSSL\bin into Apache\modules. This solved the issue. Don't ask me why. I don't care. I am just a user. -------------------------------------------------------------------- 2. SSL engine crashing with Netscape Client -------------------------------------------------------------------- Then I got a stability problem. My HTTPS server seems to be working fine, but I regularly got a OleMainThreadWndName:Apache.exe - Application Error" window with the text: [The instruction at "0x10030778" referenced memory at "0x000000004". The memory could not be read.] This ususally happens when revisiting a previous link or refreshing the content of a page with a Netscape browser. NS 4.73. It seems the ssl engine dies, which is pretty annoying because I need to type in the secret key's password before it restarts. But I got some interesting findings: - it seems the problem doesn't occur when (re)loading images. - the problem appears frequently when reloading an html file qualified by an URL ending with a "/", like index.html being reached through https://localhost/ (don't forget to Shift-Reload if you want to try it). - https://localhost/index.html always works fine - and https://localhost/manual/images/ works fine as well, but there is no "index.html" file involved in this case. I know that a solution is to use IE as a client, but I hate that fix, both for technical reasons (this is a sever-side problem after all) and religious belief (I try to boycott the use of M$ products as much as I can). I also reverted to NS 4.70 as suggested by Jim A (http://www.mail-archive.com/opensa-users@opensa.org/msg00225.html), but it didn't help. My current fix is to change line #238 of httpd.conf from DirectoryIndex index.html index.shtml to DirectoryIndex dlkahsl709898143.html dlkahsl709898143.shtml It is not very likely that one of my hosted users will create a file like that in this directory ;-). This is a tempory fix which forbids me the use of pre-written HTML index, but I can live with that for the moment. The most annoying thing is of course the fact that https://my.ip.address now shows the content of my directory, not anymore my Web Site home page. If someone comes with a better hack, I'll be glad to hear it.   -------------------------------------------------------------------- 3. Getting the SSL Certificate in a Tomcat servlet -------------------------------------------------------------------- After trying every attribute name and ApacheModuleJServ module (1.0,1.1,1.1.1 and1.1.2), I came to the conclusion the Tomcat does not support X509 certificate yet. This is a big problem for me because after all those efforts I will have to switch to Netscape Enterprise Server and their servlet engine. Getting the DN inside the servlet is a mandatory requirement for my project. I'll try to compile a snapshot from the Jakarta CVS tomorrow, but I have simply lost faith.   Christophe   -------------------------------------------------------------------- Christophe Warland                   S1 Corporation R&T Engineer                         Technology Center [EMAIL PROTECTED]            705 Westech Drive Phone: +1 678 421-4015               Norcross, GA 30092 Fax:   +1 253 399-5709               U.S.A. --------------------------------------------------------------------    "If you're looney enough to run a file of unknown origin  with a .vbs extension, that would be referred to as Darwinism."        -- a Slashdot user, June 2000 Darwin Awards: http://www.darwinawards.com Slashdot info: http://google.com/search?q=slashdot VBS in action: http://google.com/search?q=vbs&btnI=I'm_feeling_lucky