Re: Practical solution for MSIE problems!?
On Sun, Mar 28, 1999, John Hamlik wrote: The problem still exists on https://en4.engelschall.com/manual/mod/mod_ssl hmmm... I am checking further, will post more shortly. Oh shit, my fault: MSIE actually comes in with a User-Agent of "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)", so the regex has to be ".*MSIE.*" and not "^MSIE.*". Fixed on en4.engelschall.com. Please try again. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
it seems ok for me! nt4/sp3, IE4 (4.72.2106.8) ip 195.230.1.157, [29/Mar/1999:08:59:48 +0200] in your access log -- Dimitar Stoikov. Primasoft Ltd, Internet Dept. Take hold of OpenBSD - http://www.OpenBSD.org __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
This is what I know: 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to work around the issue. Seems like there must be a better way. hmmm. Has anyone reported this to Microsoft? I know it probably wouldn't do much good but it seems like they have a problem with a standard and we would still have to work around it. 2) Happens only with IE clients. 3) Must be refreshed between 16 and 59 secs with standard installation. 4) Must have more than one file being accessed per child process per refresh. A simple html page will not cause the error. A page with a graphic for instance will cause the error. Why?? 5) When the error occurs their is nothing recorded in any of the server logs with debug enabled on both apache and mod_ssl. 6) If one disables keep-alives the problem doesn't exists. 7) Seems like it would be easy for people to screw up and not put the SetEnvIf in the SSL-aware virtual host and then post the issue again. 7) The new suite (apache,mod_ssl,openssl) passes all of my test now! yippie.. 7) Ralf does a great job! Thank you. John __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
So, those of you who've still problems with MSIE clients, should now apply the appended patch to ssl_engine_kernel.c and add the following line to the SSL-aware virtual host: SetEnvIf User-Agent "^MSIE.*" ssl-unclean-shutdown I think that this line is wrong. IE 5.0 User-Agent is Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) then it matches SetEnvIf User-Agent "^.*MSIE.*" ssl-unclean-shutdown or BrowserMatch "MSIE" ssl-unclean-shutdown I added the following line to the SSL-aware virtual host: BrowserMatch "MSIE" ssl-unclean-shutdown And it works fine. __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, Toru Takinaka wrote: So, those of you who've still problems with MSIE clients, should now apply the appended patch to ssl_engine_kernel.c and add the following line to the SSL-aware virtual host: SetEnvIf User-Agent "^MSIE.*" ssl-unclean-shutdown I think that this line is wrong. IE 5.0 User-Agent is Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) then it matches SetEnvIf User-Agent "^.*MSIE.*" ssl-unclean-shutdown or BrowserMatch "MSIE" ssl-unclean-shutdown I added the following line to the SSL-aware virtual host: BrowserMatch "MSIE" ssl-unclean-shutdown And it works fine. Yeah, sorry. This was my fault. I've overlooked the fact that MSIE announces itself as Mozilla. It's now already fixed for 2.2.7 where the SetEnvIf is enabled per default. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, Dimitar Stoikov wrote: it seems ok for me! nt4/sp3, IE4 (4.72.2106.8) ip 195.230.1.157, [29/Mar/1999:08:59:48 +0200] in your access log Pu.. what a happy start for a week ;-) You cannot image how much trouble the MSIE issue caused me... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Sun, Mar 28, 1999, John Hamlik wrote: 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to work around the issue. Fine, this means it now even works for MSIE clients. That makes me finally _very_ happy! Puhh Seems like there must be a better way. hmmm. Has anyone reported this to Microsoft? I know it probably wouldn't do much good but it seems like they have a problem with a standard and we would still have to work around it. The only better way is that Microsoft fixes their MSIE clients, of course. Because their software doesn't correctly handle keep-alive connections and the SSL close notify alerts on connection close. At least our current work-around is the most clean work-around we can do on the server-side, of course. 2) Happens only with IE clients. Yes, I know 3) Must be refreshed between 16 and 59 secs with standard installation. 4) Must have more than one file being accessed per child process per refresh. A simple html page will not cause the error. A page with a graphic for instance will cause the error. Why?? A page with a graphic usually means that the graphic is transferred in the kept-alive connection. The problem MSIE has really seems to be related to a combination of the keep-alive facility of HTTP and the close notify alerts of SSL/TLS. 5) When the error occurs their is nothing recorded in any of the server logs with debug enabled on both apache and mod_ssl. That's interesting, because it means mod_ssl cannot see any unusual packets, but MSIE internally reached his bugs. 6) If one disables keep-alives the problem doesn't exists. Yes, as I said: The problem is a _combination_ of keep-alive and SSL close notify alerts. 7) Seems like it would be easy for people to screw up and not put the SetEnvIf in the SSL-aware virtual host and then post the issue again. I'll both enable the SetEnvIf per default in httpd.conf-dist with 2.2.7 and add an entry to the mod_ssl FAQ. Thanks for the hint. 7) The new suite (apache,mod_ssl,openssl) passes all of my test now! yippie.. 7) Ralf does a great job! Thank you. Fine, thanks. And I've to thank you all for discovering the MSIE bug and helping me in finding a final work-around, of course. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Client Test Suite: Summary
"Ralf S. Engelschall" wrote: Netscape 4.5 Mac, PPC international . Failed [EMAIL PROTECTED] ``I tested the below and got "bad data from the server" http was fine but https was not.'' --- deleted stuff here --- So, I conclude that we've NO problems at all with Netscape clients. But we've problems with various IE clients. There not for all situations, but under some situations it looks like people can deterministically reproduce it. I still got bad data, when I tried it today, 29 mar. So this is still a problem with the NS 4.5 mac version. International 40-bit version. /h -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Hans Lohmander -- Sigma Exallon Information AB Internet Intranet solutions Talkto:+46 (0)40 247636 Faxto:+46 (0)40 24 99 50 Mobile# +46 (0)709-898636 mailto:[EMAIL PROTECTED] http://www.ei.sigma.se/ ICQ# 9319123 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ begin:vcard n:Lohmander;Hans tel;cell:+46 0709 898636 tel;fax:+46 40 249950 tel;work:+46 40 247636 x-mozilla-html:FALSE url:http://www.ei.sigma.se/ org:Sigma Exallon Information AB;Internet / Intranet adr:;;Stortorget 9;Malmö;;S-211 22;Sweden version:2.1 email;internet:[EMAIL PROTECTED] title:Konsult x-mozilla-cpt:;1 fn:Hans Lohmander end:vcard
Re: Client Test Suite: Summary
On Mon, Mar 29, 1999, Hans Lohmander wrote: "Ralf S. Engelschall" wrote: Netscape 4.5 Mac, PPC international . Failed [EMAIL PROTECTED] ``I tested the below and got "bad data from the server" http was fine but https was not.'' --- deleted stuff here --- So, I conclude that we've NO problems at all with Netscape clients. But we've problems with various IE clients. There not for all situations, but under some situations it looks like people can deterministically reproduce it. I still got bad data, when I tried it today, 29 mar. So this is still a problem with the NS 4.5 mac version. International 40-bit version. I cannot find any entries in the access_log from a Netscape under Macintosh. Are you sure you connect to en4.engelschall.com via HTTPS? Or is it already failing at the top-level page before you receive anything at all? I ask because your problems seems to of a different kind, but I want to setup the SetEnvIf for your browser, too. To allow us to check whether ssl-unclean-shutdown also solves your problem. So, why are there no entries for your connections on en4? From which IP you're coming? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
In which versions of MSIE did this occur? I was thinking of a more specific regexp so that not *all* M$IE users trigger the unclean ssl shutdown behaviour... /magnus __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Client Test Suite: Summary
Ralf S. Engelschall wrote: On Mon, Mar 29, 1999, Hans Lohmander wrote: "Ralf S. Engelschall" wrote: Netscape 4.5 Mac, PPC international . Failed [EMAIL PROTECTED] ``I tested the below and got "bad data from the server" http was fine but https was not.'' --- deleted stuff here --- So, I conclude that we've NO problems at all with Netscape clients. But we've problems with various IE clients. There not for all situations, but under some situations it looks like people can deterministically reproduce it. I still got bad data, when I tried it today, 29 mar. So this is still a problem with the NS 4.5 mac version. International 40-bit version. I just tried NS 4.5 Mac PPC and it worked even on my unmodified mod_ssl... I cannot find any entries in the access_log from a Netscape under Macintosh. Are you sure you connect to en4.engelschall.com via HTTPS? Or is it already failing at the top-level page before you receive anything at all? I ask because your problems seems to of a different kind, but I want to setup the SetEnvIf for your browser, too. To allow us to check whether ssl-unclean-shutdown also solves your problem. So, why are there no entries for your connections on en4? From which IP you're coming? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
Having read all the technical stuff about this problem could we run a test with out the patch but killing keepalives for MSIE. I seem to remember problems with MSIE and this before. ___ John Imrie, Internet Technical Specialist [EMAIL PROTECTED] +44 (0)1732 520136 http://www.charitynet.org * CAF - working for charities and donors * Registered Charity No. 268369 __ -Original Message- From: John Hamlik [SMTP:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 8:28 AM To: '[EMAIL PROTECTED]' Subject: RE: Practical solution for MSIE problems!? This is what I know: 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to work around the issue. Seems like there must be a better way. hmmm. Has anyone reported this to Microsoft? I know it probably wouldn't do much good but it seems like they have a problem with a standard and we would still have to work around it. 2) Happens only with IE clients. 3) Must be refreshed between 16 and 59 secs with standard installation. 4) Must have more than one file being accessed per child process per refresh. A simple html page will not cause the error. A page with a graphic for instance will cause the error. Why?? 5) When the error occurs their is nothing recorded in any of the server logs with debug enabled on both apache and mod_ssl. 6) If one disables keep-alives the problem doesn't exists. 7) Seems like it would be easy for people to screw up and not put the SetEnvIf in the SSL-aware virtual host and then post the issue again. 7) The new suite (apache,mod_ssl,openssl) passes all of my test now! yippie.. 7) Ralf does a great job! Thank you. John __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, Magnus Stenman wrote: In which versions of MSIE did this occur? Actually on MSIE version 3, 4 and 5. Look at the inital summary posting from me. There the client versions are listed. I was thinking of a more specific regexp so that not *all* M$IE users trigger the unclean ssl shutdown behaviour... Yes, I've thought about this, too. But I've finally decided that it's more safe to force the unclean shutdown for _all_ MSIE clients until the first version occurs on the net which always works. People can use more specific regex when they want, but for the default config I think it's best and safe to use ".*MSIE.*"... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, John Imrie wrote: Having read all the technical stuff about this problem could we run a test with out the patch but killing keepalives for MSIE. I seem to remember problems with MSIE and this before. Ok, I've now changed the config on en4.engelschall.com to just ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive'' and disabled the ssl-unclean-shutdown SetEnvIf. Try it out when you want and give us feedback. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.2.7
Another update is available before new features will be introduced (in 2.2.8): mod_ssl 2.2.7 for Apache 1.3.6. This version mainly contains support for the MSIE client workaround. Additionally some memory leaks were fixed. The next version (2.2.8) will introduce shared memory support for EAPI together with a high-performance shared memory based session cache (is already implemented and works fine, but needs some more cleanups and testing). Greetings, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.2.7 (24-Mar-1999 to 29-Mar-1999) *) Fixed the ``HTTPS request received for child'' log entries: Now no longer multiple copies of a message occur, because mod_ssl logs them only on initial requests (and no longer on sub-requests and internal redirects). *) Fixed a few more memory leaks which occured on server restarts. *) Added entry to the FAQ for the MSIE work-around with ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown''. *) Added support for two SetEnvIf variables: ssl-unclean-shutdown and ssl-accurate-shutdown. These can be used to for instance force different shutdown approaches for particular browsers. An ``SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown'' now forces the old mod_ssl 2.1 behaviour where no close notify messages are sent at all before connection close. An ``SetEnvIf User-Agent ".*Lynx.*" ssl-accurate-shutdown'' forces an accurate shutdown when the client is Lynx+OpenSSL where mod_ssl both sends it's close notify alert and waits for the close notify alert of the client. *) Updated source file dependecies in src/modules/ssl/Makefile.tmpl. __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 1.3.6 + 2.2.6 PB with openssl 0.9.2
GOMEZ Henri wrote: Yes, mostly all problems until now were with older OpenSSL versions. [GOMEZ Henri] Most of us are ready to switch to OpenSSL now.. Although I personally don't understand why people feel such dependent on existsing RPMS (hey, it's open source, you can compile it yourself in 10 minutes!), maybe you're right. But why is there still no such RPM stuff available? Because the shared library support using shell scripts breaks too easily... [GOMEZ Henri] The RPM is a great stuff when you want to install and preload many systems. It's really a kind of InstallShield (but many time powerfull). Also I personnaly think it's one of the best way to have an 'industrial process' for software production. Yes and no. Except for the security fix (the session tagging call) the = 0x0920 stuff is either consistency (the ciphers), cleanness (the SSL_clean call) or not imporant. At least because of this nothing should fail with older version. [GOMEZ Henri] We have to wait so for OpenSSL 0.9.2 RPM... Well, at http://www.engelschall.com/sw/mod_ssl/contrib/ there are intel binaries now. Two points of caution to it: - they are built from CVS snapshots. Steve Henson is working on PKCS12 support which might break the standalone pkcs12 utility he published. - there is no corresponding source package because I did not automate the complete build into a real spec file. When I've found time to solve the second point, I'll upload new binary and source packages with a higher release number and built from the 'official' frozen 0.9.2 sources. Because of that, the 'release number' is 0_0328 to reflect the CVS snapshot it is made from. 'rpm -q --changelog openssl' will show the top of the cvs CHANGES log. -- Niels Poppe - org.net bv [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Client Test Suite: Summary
Hans Lohmander wrote: "Ralf S. Engelschall" wrote: Netscape 4.5 Mac, PPC international . Failed [EMAIL PROTECTED] ``I tested the below and got "bad data from the server" http was fine but https was not.'' --- deleted stuff here --- So, I conclude that we've NO problems at all with Netscape clients. But we've problems with various IE clients. There not for all situations, but under some situations it looks like people can deterministically reproduce it. I still got bad data, when I tried it today, 29 mar. So this is still a problem with the NS 4.5 mac version. International 40-bit version. My Mac (MacOS bluebox 8.1 on top of Rhapsody DR 2 on PPC) Netscape 4.5 US 128-bit passes... -- Niels Poppe - org.net bv [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
One other thing to remember is this is only for https sessions. This problem does not exists for http sessions. So whichever you choose should be for https only. John -Original Message- From: John Imrie [mailto:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 5:27 AM To: '[EMAIL PROTECTED]' Subject: RE: Practical solution for MSIE problems!? MSIE 5.0 (Win 95) No problems MSIE 4.0 (Win 95) No problems ___ John Imrie, Internet Technical Specialist [EMAIL PROTECTED] +44 (0)1732 520136 http://www.charitynet.org * CAF - working for charities and donors * Registered Charity No. 268369 __ -Original Message- From: Ralf S. Engelschall [SMTP:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 11:08 AM To: [EMAIL PROTECTED] Subject:Re: Practical solution for MSIE problems!? On Mon, Mar 29, 1999, John Imrie wrote: Having read all the technical stuff about this problem could we run a test with out the patch but killing keepalives for MSIE. I seem to remember problems with MSIE and this before. Ok, I've now changed the config on en4.engelschall.com to just ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive'' and disabled the ssl-unclean-shutdown SetEnvIf. Try it out when you want and give us feedback. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Upgrade from 2.2.6-1.3.6 to 2.2.7 problem
Hello, I had a working 2.2.6-1.3.6 setup and decided to try the quick libssl.so-only upgrade. I rebuilt the library via ./configure --with-apxs=/usr/local/apache/bin/apxs --with-ssl=../openssl-0.9.2b/ --with-rsa=../rsaref-2.0/local/ and then ran make and make install. The library failed to work however: Cannot load /usr/local/apache/libexec/libssl.so into server: /usr/local/apache/libexec/libssl.so: undefined symbol: dbm_firstkey Recompiling apache-1.3.6 with the 2.2.7 distribution worked just fine. I've successfully rebuilt modules with apxs before, but I have never succeeded in rebuilding libssl.so alone. igor __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: Apache-mod_ssl-1.3.6-2.2.7 RPMs
Magnus Stenman wrote: Uploaded to the usual place, http://www.engelschall.com/sw/mod_ssl/contrib/ /magnus rebuilt unchanged, for linux-alpha -- Niels Poppe - org.net bv [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ANNOUNCE: openssl-0.9.2b-1.*.rpm
I've uploaded new binaries of openssl 0.9.2b for both intel and alpha architectures, together with a source rpm package, to http://www.engelschall.com/sw/mod_ssl/contrib/. These are built from the 'official' 0.9.2b sources. On request there is mips (Cobalt Qube/RaQ) as well. 1520345 Mar 29 23:54 openssl-0.9.2b-1.src.rpm 441629 Mar 30 00:21 openssl-0.9.2b-1.i386.rpm 625816 Mar 29 23:54 openssl-0.9.2b-1.alpha.rpm # rpm -qlp openssl-0.9.2b-1.alpha.rpm /usr/bin/openssl /usr/doc/openssl-0.9.2b /usr/doc/openssl-0.9.2b/LICENSE /usr/doc/openssl-0.9.2b/openssl.cnf /usr/lib/libcrypto.so.0 /usr/lib/libcrypto.so.0.9.2 /usr/lib/libssl.so.0 /usr/lib/libssl.so.0.9.2 474729 Mar 30 00:21 openssl-devel-0.9.2b-1.i386.rpm 747473 Mar 29 23:54 openssl-devel-0.9.2b-1.alpha.rpm # rpm -qlp openssl-devel-0.9.2b-1.alpha.rpm /usr/bin/CA.pl /usr/bin/CA.sh /usr/bin/c_hash /usr/bin/c_info /usr/bin/c_issuer /usr/bin/c_name /usr/bin/c_rehash /usr/include/ssl /usr/include/ssl/asn1.h ... /usr/include/ssl/x509v3.h /usr/lib/libcrypto.a /usr/lib/libcrypto.so /usr/lib/libssl.a /usr/lib/libssl.so -- Niels Poppe - org.net bv [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[BugDB] sslv3 alert bad certificate (PR#144)
Full_Name: Tom O'Brien Version: 2.2.7 OS: Solaris 7 Submission from: sticky.globix.net (209.208.255.43) I'm using Apache 1.3.6/mod_ssl 2.2.7/OpenSSL 0.9.2b. I seem to be getting some nasty errors with this config... httpd: [Mon Mar 29 11:38:38 1999] [error] mod_ssl: SSL handshake interrupted by system httpd: [Mon Mar 29 11:38:48 1999] [error] mod_ssl: SSL handshake failed (client 208.242.201.220, server www.penthouse.com:443) (SSLeay library error follows) httpd: [Mon Mar 29 11:38:48 1999] [error] SSLeay: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name!?] The handshake errors don't seem to be much bother, but the bad certificate alerts seem to be related to Netscape 3.0 browsers (and others?). The browser returns an error "The security library has experienced a database error. You probably cannot retrieve this page securely." This wasn't happening with my older Netscape servers. I've tried several apache/mod_ssl/openssl/ssleay configs and I'm at the end of my rope. Any ideas? __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.2.7
"Ralf S. Engelschall" [EMAIL PROTECTED] writes: Another update is available before new features will be introduced (in 2.2.8): mod_ssl 2.2.7 for Apache 1.3.6. This version mainly contains support for the MSIE client workaround. Additionally some memory leaks were fixed. The next version (2.2.8) will introduce shared memory support for EAPI together with a high-performance shared memory based session cache (is already implemented and works fine, but needs some more cleanups and testing). Would you be willing to comment on this "shared memory support for EAPI together with a high-performance shared memory based session cache"? Are you referring to the SSL session cache when you say "shared memory based session cache"? Will there be just one shared memory pool, or will there be a shared memory pool per module? Unless there is some standard way to come up with session id's then there is the possiblity that modules could use the same session id within the same pool which would be bad. Which leads me to beleive that it would be nice to have a "tighter integration" between other modules, "the session cache" and the SSL session id. Since there is a good amount of assurance that this SSL session id cannot be spoofed unlike other methods based on cookies or some such thing. Recent events not with standing. Much Thanks, Tom __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache with mod_ssl caching old pages under https
If you removed the directory than it would be impossible (If I am understanding what you are saying correctly) to still retrieve the information. I would suggest totally flushing out the Netscape cache. There might be a problem where https documents are not removed for some reason or another that I am not aware of. Try another https compliant browser to see if that works... Hope this helps =) I'm having a problem where apache will not refresh updated pages under https after I've made a change to them. I first saw this problem with: apache 1.3.4; mod_ssl 2.2.0-1.3.4; SSLeay-0.9.0b; php-3.0.6. I have now upgraded to: apache 1.3.6, mod_ssl 2.2.6-1.3.6; openssl-0.9.2b; php-3.0.7 In an attempt to fix the problem, but it is still there. Under the http protocol everything works fine, but with https pages are not updated to the new code. I'm sure this is a problem with apache, not the browser, because I'm using php3 scripts which access a database and I've changed the tables and the scripts to match, but under https there is a database error. An extreme example of this problem is that I removed the entire directory that houses the web site and under https it still displays the pages, while under http it gets a file not found error. If anybody knows what is going on here or where I can look for further information, please help me. I'm running linux 2.0.36 Thanks, Afam Agbodike __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[BugDB] Compilation problems in make certificate (PR#145)
Full_Name: Jason Prensell Version: 2.2.7-1.3.6 OS: Solaris 2.6 Submission from: spanky.umd.umich.edu (141.215.66.66) I'm having a hell of a time running a make certificate after the source has been build. This is the error I receive upon "make certificate TYPE=test": Undefined first referenced symbol in file ERR_load_RSAREF_strings /usr/local/ssl/lib libcrypto.a(err_all.o) RSA_PKCS1_RSAref/usr/local/ssl/lib/libcrypto.a(rsa_lib.o) Now, for the life of me, I cannot get those to compile in. I compiled the latest SNAP (the releases caused this same problem anyway) of OpenSSL, and I build with RSAREF (sigh). Even though RSAREF is a pain in the ass, I was able to get everything to work cleanly. However, from the above failed references, I apparently haven't. Any ideas? __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]