RE: [opensa-users] OpenSA 1.0.0 beta 2 - https connection hangs?

Steve Thu, 02 Nov 2000 17:03:16 -0800
Jerrad,

Yes, it hangs FOREVER... roughly equivalent to the
length of time
I get sick of waiting... which is getting much shorter
 ;-(
I have yet to get an SSL connection, and killing
Apache takes
just as long...

I'm running OpenSA on Windows 98 SE, but have a
dual-boot setup for
Redhat Linux 7.0... and have Apache/mod_ssl/OpenSSL
running just fine.
I'll have to check and see how I've got that setup. I
don't even
recall making certs/keys etc. I think it uses the
SnakeOil ones by
default... a RedHat RPM... just install and GO!!
I just prefer using HomeSite for coding, and since
there isn't a
Linux version, I figured I'd get the same
configuration running on
Windows.... no more file copying.... guess I figured
wrong!
=======================================================================
Anyway, with LogLevel set to debug, not a single error
message.
The trace output is new, but doesn't indicate any
problems:
=======================================================================
[trace] Init: (localhost:443) Creating new SSL context
(protocols:
              SSLv2, SSLv3, TLSv1)
[trace] Init: (localhost:443) Configuring permitted
SSL ciphers              
[ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[trace] Init: (localhost:443) Configuring RSA server
certificate
=======================================================================
The last line of the "engine.log" was:
=======================================================================
[info]  Connection to child 4 established
        (server localhost:443, client 127.0.0.1)

and in the Apache "error.log", the ONLY error listed,
was when I
issued shutdown Apache (and waited, and waited):
=======================================================================
[error] forcing termination of child #0 (handle 356)
interrupted...
followed by exactly 97 lines of:
    Apache server interrupted...
    Apache server interrupted...
=======================================================================
I thought it was odd that the child processes (4 vs.
0) were different,
but I'm probably just tilting at windmills ;-)

There was no indication of any problems in Dr. Watson
(Win98 version?).

Since this is the first time I've used OpenSA, I'm
wondering if there
is ANY version in which SSL actually works... maybe
0.20 (listed as
the latest stable version)?

I've got enough "Beta" testing of my own to do,
without spending what
seems like hours making changes in an attempt to get
an SSL connection.

But I digress... if I ever get this working... I'll be
sure to let
you know *exactly* how I did it!

Thanks Jerrad!!

Steve


--- Jerrad Pierce <[EMAIL PROTECTED]>
wrote:
> steve does it hang *indefintiely*? What OS are you
> running?
> I've been having issues running on win2k.
> 
> Two things to try and gather more info
>       set LogLevel to debug
>       Enable visual notification in Dr. Watson
> 
> >-----Original Message-----
> >From: Steve [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, November 02, 2000 12:03 PM
> >To: [EMAIL PROTECTED]
> >Cc: [EMAIL PROTECTED]
> >Subject: [opensa-users] OpenSA 1.0.0 beta 2 - https
> connection hangs?
> >
> >
> >
> >Hello,
> >
> >I recently installed the newly released OpenSA Beta
> 1.0.0b2
> >so I could do offline PHP development work running
> localhost.
> >
> >STEP 1: Installed a Private Key (see below)
> >
> >STEP 2: Set up httpd.conf (see below)
> >
> >STEP 3: Start Apache....
> >     "C:\Program Files\OpenSA\Apache\Apache.exe" -D SSL
> >
> >     Server localhost:443 (RSA)
> >     Enter pass phrase: 
> >     Ok: Pass Phrase Dialog successful.
> >
> >     This prompt was issued TWICE.... I know you were
> wondering!
> >
> >     http://localhost/   Works fine.
> >
> >     https://localhost/  HANGS, and HANGS and HANGS!!
> >
> >STEP 4: Shutdown Apache and viewed the engine.log
> (see below).
> >
> >I should mention here that the shortcut to Stop
> Apache:
> >"C:\Program Files\OpenSA\Apache\Apache.exe" -k
> shutdown
> >rarely seems to work when running in SSL, but
> otherwise works fine.
> >Same deal with CTRL-C.... no effect?
> >
> >Anyway, thought the private key/passphrase thing
> could be an issue,
> >so I started over and generated an RSA private key
> (genrsa) that is
> >unencrypted by leaving out the "-des3" option:
> >
> >     OpenSSL> genrsa -out test.key 1024
> >
> >No more password prompts..... but
> https://localhost/ still hangs! 
> >
> >I have a hunch this an issue with localhost vs. a
> domain name
> >(www.whatever.com) in both httpd.conf and the
> certificate?
> >
> >Or should I have stayed clear of the Beta....
> >
> >Can anybody shed any light on this?
> >
> >Regards,
> >
> >Steve
> >
> >
>
>=======================================================================
> >STEP 1: Installed a Private Key - localhost
>
>=======================================================================
> >
> >This was from Chapter 20 of the Wrox Press book:
> >Professional PHP Programming
> >
>
http://www.wrox.com/Consumer/Store/Books/2963/29632006.htm
> >
> >First, fired up the OpenSSL command line tool:
> >
> >     C:\Program Files\OpenSA\OpenSSL\bin\openssl.exe
> >
> >1. Generate an RSA private key (genrsa) that is
> >   triple DES (des3) encrypted and 1024 bits:
> >
> >     OpenSSL> genrsa -des3 -out test.key 1024
> >
> >2. Create a certificate request file (CSR):
> >
> >     OpenSSL> req -new -key test.key -out test.csr
> >
> >     Note: Used Common Name: localhost(?)
> >
> >3. Once the CSR (test.csr) has been generated, we
> can sign it ourselves
> >   to create a temporary certificate (test.crt) for
> the private key
> >   (test.key) we generated earlier:
> >
> >     OpenSSL> req -x509 -key test.key -in test.csr -out
> test.crt
> >
> >
> >Copied the 3 files from: C:\Program
> Files\OpenSA\OpenSSL\bin\
> >
> >(1) "test.crt"  into  C:\Program
> Files\OpenSA\Apache\conf\ssl.crt\
> >(2) "test.csr"  into  C:\Program
> Files\OpenSA\Apache\conf\ssl.csr\
> >(3) "test.key"  into  C:\Program
> Files\OpenSA\Apache\conf\ssl.key\
> >
>
>=======================================================================
> >STEP 2: My httpd.conf - Virtual Hosts - Snipped out
> all the comments
>
>=======================================================================
> >
> >### Section 3: Virtual Hosts
> >
> ><IfDefine SSL>
> >AddType application/x-x509-ca-cert .crt
> >AddType application/x-pkcs7-crl    .crl
> ></IfDefine>
> >
> ><IfModule mod_ssl.c>
> >SSLPassPhraseDialog  builtin
> >SSLSessionCache         dbm:logs/ssl/scache
> >SSLSessionCacheTimeout  300
> >SSLMutex sem
> >SSLRandomSeed startup builtin
> >SSLRandomSeed connect builtin
> >SSLLog      logs/ssl/engine.log
> >SSLLogLevel info
> ></IfModule>
> >
> >
> ><IfDefine SSL>
> >
> ><VirtualHost _default_:443>
> >
> >#  General setup for the virtual host
> >DocumentRoot "C:/PROGRA~1/OPENSA/APACHE/HTDOCS"
> >ServerName localhost
> >ServerAdmin [EMAIL PROTECTED]
> >ErrorLog logs/ssl/error.log
> >TransferLog logs/ssl/access.log
> >
> >SSLEngine on
> >
> >SSLCipherSuite
>
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> >SSLCertificateFile
> "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.crt/test.crt"
> >
> >SSLCertificateKeyFile
> "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.key/test.key"
> >
> >SSLOptions +FakeBasicAuth +ExportCertData
> +CompatEnvVars +StrictRequire
> >
> ><Files ~ "\.(cgi|shtml)$">
> >    SSLOptions +StdEnvVars
> ></Files>
> >
> ><Directory "C:/PROGRA~1/OPENSA/APACHE/cgi-bin">
> >    SSLOptions +StdEnvVars
> ></Directory>
> >
> >SetEnvIf User-Agent ".*MSIE.*" nokeepalive
> ssl-unclean-shutdown
> >
> >CustomLog logs/ssl/ssl_request_log \
> >          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
> \"%r\" %b"
> >
> ></VirtualHost>                                  
> ></IfDefine>
> >
>
>=======================================================================
> >STEP 4:   C:\Program
> Files\OpenSA\Apache\logs\ssl\engine.log
>
>=======================================================================
> >
> >[info]  Server: OpenSA/1.0.0 / Apache/1.3.14,
> Interface: mod_ssl/2.7.2,
> >Library: OpenSSL/0.9.6
> >[warn]  You are using mod_ssl under Win32. This
> combination is *NOT*
> >officially supported. Use it at your own risk!
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
>From homework help to love advice, Yahoo! Experts has your answer.
http://experts.yahoo.com/

--
This is The OpenSA Project's mailing list. For more information,
please visit the project's web site at http://www.opensa.org

To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
RE: [opensa-users] OpenSA 1.0.0 beta 2 - https connection hangs?

Reply via email to
