You're error logs/traces match up with what I see... I tested .20 and unfortunately the results were the same as with the other versions (my earlier comparison chart post today). As in SSL works, but the server faults a lot. Even with the SSL module disabled. Have you tried that? The only thing I can think of is that all the distributions have some hooks in the core and these are the problem. (Since I encounter the same problems even w/o SSL loaded) >I've got enough "Beta" testing of my own to do, >without spending what Who doesn't? :-P >-----Original Message----- >From: Steve [mailto:[EMAIL PROTECTED]] >Sent: Thursday, November 02, 2000 8:12 PM >To: [EMAIL PROTECTED] >Subject: RE: [opensa-users] OpenSA 1.0.0 beta 2 - https connection >hangs? > > >Jerrad, > >Yes, it hangs FOREVER... roughly equivalent to the >length of time >I get sick of waiting... which is getting much shorter > ;-( >I have yet to get an SSL connection, and killing >Apache takes >just as long... > >I'm running OpenSA on Windows 98 SE, but have a >dual-boot setup for >Redhat Linux 7.0... and have Apache/mod_ssl/OpenSSL >running just fine. >I'll have to check and see how I've got that setup. I >don't even >recall making certs/keys etc. I think it uses the >SnakeOil ones by >default... a RedHat RPM... just install and GO!! >I just prefer using HomeSite for coding, and since >there isn't a >Linux version, I figured I'd get the same >configuration running on >Windows.... no more file copying.... guess I figured >wrong! >======================================================================= >Anyway, with LogLevel set to debug, not a single error >message. >The trace output is new, but doesn't indicate any >problems: >======================================================================= >[trace] Init: (localhost:443) Creating new SSL context >(protocols: > SSLv2, SSLv3, TLSv1) >[trace] Init: (localhost:443) Configuring permitted >SSL ciphers >[ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] >[trace] Init: (localhost:443) Configuring RSA server >certificate >======================================================================= >The last line of the "engine.log" was: >======================================================================= >[info] Connection to child 4 established > (server localhost:443, client 127.0.0.1) > >and in the Apache "error.log", the ONLY error listed, >was when I >issued shutdown Apache (and waited, and waited): >======================================================================= >[error] forcing termination of child #0 (handle 356) >interrupted... >followed by exactly 97 lines of: > Apache server interrupted... > Apache server interrupted... >======================================================================= >I thought it was odd that the child processes (4 vs. >0) were different, >but I'm probably just tilting at windmills ;-) > >There was no indication of any problems in Dr. Watson >(Win98 version?). > >Since this is the first time I've used OpenSA, I'm >wondering if there >is ANY version in which SSL actually works... maybe >0.20 (listed as >the latest stable version)? > >I've got enough "Beta" testing of my own to do, >without spending what >seems like hours making changes in an attempt to get >an SSL connection. > >But I digress... if I ever get this working... I'll be >sure to let >you know *exactly* how I did it! > >Thanks Jerrad!! > >Steve > > >--- Jerrad Pierce <[EMAIL PROTECTED]> >wrote: >> steve does it hang *indefintiely*? What OS are you >> running? >> I've been having issues running on win2k. >> >> Two things to try and gather more info >> set LogLevel to debug >> Enable visual notification in Dr. Watson >> >> >-----Original Message----- >> >From: Steve [mailto:[EMAIL PROTECTED]] >> >Sent: Thursday, November 02, 2000 12:03 PM >> >To: [EMAIL PROTECTED] >> >Cc: [EMAIL PROTECTED] >> >Subject: [opensa-users] OpenSA 1.0.0 beta 2 - https >> connection hangs? >> > >> > >> > >> >Hello, >> > >> >I recently installed the newly released OpenSA Beta >> 1.0.0b2 >> >so I could do offline PHP development work running >> localhost. >> > >> >STEP 1: Installed a Private Key (see below) >> > >> >STEP 2: Set up httpd.conf (see below) >> > >> >STEP 3: Start Apache.... >> > "C:\Program Files\OpenSA\Apache\Apache.exe" -D SSL >> > >> > Server localhost:443 (RSA) >> > Enter pass phrase: >> > Ok: Pass Phrase Dialog successful. >> > >> > This prompt was issued TWICE.... I know you were >> wondering! >> > >> > http://localhost/ Works fine. >> > >> > https://localhost/ HANGS, and HANGS and HANGS!! >> > >> >STEP 4: Shutdown Apache and viewed the engine.log >> (see below). >> > >> >I should mention here that the shortcut to Stop >> Apache: >> >"C:\Program Files\OpenSA\Apache\Apache.exe" -k >> shutdown >> >rarely seems to work when running in SSL, but >> otherwise works fine. >> >Same deal with CTRL-C.... no effect? >> > >> >Anyway, thought the private key/passphrase thing >> could be an issue, >> >so I started over and generated an RSA private key >> (genrsa) that is >> >unencrypted by leaving out the "-des3" option: >> > >> > OpenSSL> genrsa -out test.key 1024 >> > >> >No more password prompts..... but >> https://localhost/ still hangs! >> > >> >I have a hunch this an issue with localhost vs. a >> domain name >> >(www.whatever.com) in both httpd.conf and the >> certificate? >> > >> >Or should I have stayed clear of the Beta.... >> > >> >Can anybody shed any light on this? >> > >> >Regards, >> > >> >Steve >> > >> > >> >>============================================================== >========= >> >STEP 1: Installed a Private Key - localhost >> >>============================================================== >========= >> > >> >This was from Chapter 20 of the Wrox Press book: >> >Professional PHP Programming >> > >> >http://www.wrox.com/Consumer/Store/Books/2963/29632006.htm >> > >> >First, fired up the OpenSSL command line tool: >> > >> > C:\Program Files\OpenSA\OpenSSL\bin\openssl.exe >> > >> >1. Generate an RSA private key (genrsa) that is >> > triple DES (des3) encrypted and 1024 bits: >> > >> > OpenSSL> genrsa -des3 -out test.key 1024 >> > >> >2. Create a certificate request file (CSR): >> > >> > OpenSSL> req -new -key test.key -out test.csr >> > >> > Note: Used Common Name: localhost(?) >> > >> >3. Once the CSR (test.csr) has been generated, we >> can sign it ourselves >> > to create a temporary certificate (test.crt) for >> the private key >> > (test.key) we generated earlier: >> > >> > OpenSSL> req -x509 -key test.key -in test.csr -out >> test.crt >> > >> > >> >Copied the 3 files from: C:\Program >> Files\OpenSA\OpenSSL\bin\ >> > >> >(1) "test.crt" into C:\Program >> Files\OpenSA\Apache\conf\ssl.crt\ >> >(2) "test.csr" into C:\Program >> Files\OpenSA\Apache\conf\ssl.csr\ >> >(3) "test.key" into C:\Program >> Files\OpenSA\Apache\conf\ssl.key\ >> > >> >>============================================================== >========= >> >STEP 2: My httpd.conf - Virtual Hosts - Snipped out >> all the comments >> >>============================================================== >========= >> > >> >### Section 3: Virtual Hosts >> > >> ><IfDefine SSL> >> >AddType application/x-x509-ca-cert .crt >> >AddType application/x-pkcs7-crl .crl >> ></IfDefine> >> > >> ><IfModule mod_ssl.c> >> >SSLPassPhraseDialog builtin >> >SSLSessionCache dbm:logs/ssl/scache >> >SSLSessionCacheTimeout 300 >> >SSLMutex sem >> >SSLRandomSeed startup builtin >> >SSLRandomSeed connect builtin >> >SSLLog logs/ssl/engine.log >> >SSLLogLevel info >> ></IfModule> >> > >> > >> ><IfDefine SSL> >> > >> ><VirtualHost _default_:443> >> > >> ># General setup for the virtual host >> >DocumentRoot "C:/PROGRA~1/OPENSA/APACHE/HTDOCS" >> >ServerName localhost >> >ServerAdmin [EMAIL PROTECTED] >> >ErrorLog logs/ssl/error.log >> >TransferLog logs/ssl/access.log >> > >> >SSLEngine on >> > >> >SSLCipherSuite >> >ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> > >> >SSLCertificateFile >> "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.crt/test.crt" >> > >> >SSLCertificateKeyFile >> "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.key/test.key" >> > >> >SSLOptions +FakeBasicAuth +ExportCertData >> +CompatEnvVars +StrictRequire >> > >> ><Files ~ "\.(cgi|shtml)$"> >> > SSLOptions +StdEnvVars >> ></Files> >> > >> ><Directory "C:/PROGRA~1/OPENSA/APACHE/cgi-bin"> >> > SSLOptions +StdEnvVars >> ></Directory> >> > >> >SetEnvIf User-Agent ".*MSIE.*" nokeepalive >> ssl-unclean-shutdown >> > >> >CustomLog logs/ssl/ssl_request_log \ >> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x >> \"%r\" %b" >> > >> ></VirtualHost> >> ></IfDefine> >> > >> >>============================================================== >========= >> >STEP 4: C:\Program >> Files\OpenSA\Apache\logs\ssl\engine.log >> >>============================================================== >========= >> > >> >[info] Server: OpenSA/1.0.0 / Apache/1.3.14, >> Interface: mod_ssl/2.7.2, >> >Library: OpenSSL/0.9.6 >> >[warn] You are using mod_ssl under Win32. This >> combination is *NOT* >> >officially supported. Use it at your own risk! >> >=== message truncated === > > >__________________________________________________ >Do You Yahoo!? >From homework help to love advice, Yahoo! Experts has your answer. >http://experts.yahoo.com/ > >-- >This is The OpenSA Project's mailing list. For more information, >please visit the project's web site at http://www.opensa.org > >To unsubscribe the list, send an empty email message to address >[EMAIL PROTECTED] > -- This is The OpenSA Project's mailing list. For more information, please visit the project's web site at http://www.opensa.org To unsubscribe the list, send an empty email message to address [EMAIL PROTECTED]
