Re: ANNOUNCE: mod_ssl 2.2.5-1.3.4
On Fri, Mar 19, 1999, [EMAIL PROTECTED] wrote: "Ralf S. Engelschall" [EMAIL PROTECTED] writes: *) The SSLCertificateFile and SSLCertificateKeyFile directives now can read PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER format certificate and private key files. This is mostly provided for convinience reasons. I haven't spent much more time on this, sorry, but I still cannot get this to work. Using Ralf's patch from last week, there appears to be a problem with how the private key is being read. Just for kicks, I went and got the latest versions of mod_ssl and OpenSSL via rsync last night and tried again. (I built directly out of pkg.apache.) This time I dump core on startup. I would appreciate it if someone who has this working successfully, try this out with the provided _sample_ server cert and key. The second cert is the ca cert used to issue the server cert. And let me know how it goes. [...] -BEGIN ENCRYPTED PRIVATE KEY- MIIBeDAaBgkqhkiG9w0BBQMwDQQIS0XKnH4OhTICAQUEggFY7p+anDqPJaJbDQMC CSqitvjPRt1kg1O98O4bnB+GYiGMZPeFEB537OvRsyrhOpDHaV/JD+c4eMwshgVU UUbaXqURzSi2vIV8LfCHUzjtQciJSjL721MHeyhN1z+rILFD8CmXDB2DV/NYjb28 uVuU7ESIUnfKakRTJz6npj58DvpLJ/DaHJUp9/ap+EYrKgxFf3+A6Nnvr3vRLq1p HYngIgSqWDCD9csCrGv9Yu1KCU+ht35nLHbf2+AnLgDtTxHZM2tEh6yhMt/9298L HeTygTgcPHjsRd5uv6J3DSQm3Hx90lHrvXCgliL7x1zXbZWKW50D1ZFke2QGJzW9 l5xZJ7mVMEgjp8KNB/dx2kwE+zeFCQUZYkfnoy36iCsshVZVV5lQEyL553jL71y5 xdLxh6q/RhVO/UEnFM9Jk0QjxcVwIoNhjhc08ZmaeODm9QnWRCqtb9A7G9c= -END ENCRYPTED PRIVATE KEY- Yeah, the problem is that OpenSSL doesn't know these "ENCRYPTED PRIVATE KEY" headers. Mod_ssl cannot change this, of course. The question now is: From where do they come, i.e. which program created this format? And what's in this container? Just a Base64-encoded DER key? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.2.5-1.3.4
On Sun, 21 Mar 1999, Ralf S. Engelschall wrote: On Fri, Mar 19, 1999, Aaron Turner wrote: I did a ./configure make make install. (You'll notice in my earlier email that the compile date/time in the log for Apache is after 2.2.5 was released.) The only thing I didn't do (which I never bother to do) is a make clean. Since I don't use DSO, and it says mod_ssl/2.2.5 I would assume that all is OK? I just did the following: cd apache_1.3.4 make clean cd ../mod_ssl-2.2.5-1.3.4 ./configure ... cd ../apache_1.3.4 ./configure ... make make install which would seem to COMPLETELY rebuild the apache and mod_ssl source trees, and I'm still having the POST problem, using mod_ssl with DSO. -mike You really have to recompile Apache with the updated EAPI or the POST problem will not gone away, of course. So, I hope you've not just built an new libssl.so with --with-apxs That doesn't work for 2.2.x - 2.2.5 as I mentioned in the CHANGES entry. I've never used the --with-apxs flag. Thanks, Aaron __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.2.5-1.3.4
"Ralf S. Engelschall" [EMAIL PROTECTED] writes: *) The SSLCertificateFile and SSLCertificateKeyFile directives now can read PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER format certificate and private key files. This is mostly provided for convinience reasons. I haven't spent much more time on this, sorry, but I still cannot get this to work. Using Ralf's patch from last week, there appears to be a problem with how the private key is being read. Just for kicks, I went and got the latest versions of mod_ssl and OpenSSL via rsync last night and tried again. (I built directly out of pkg.apache.) This time I dump core on startup. I would appreciate it if someone who has this working successfully, try this out with the provided _sample_ server cert and key. The second cert is the ca cert used to issue the server cert. And let me know how it goes. Much Thanks, Tom -BEGIN CERTIFICATE- MIICODCCAeICAQIwDQYJKoZIhvcNAQEEBQAwgZkxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRYwFAYDVQQKEw1BdmVu dGFpbCBDb3JwMSAwHgYDVQQLExdFdmFsdWF0aW9uIEN1c3RvbWVycyBDQTEpMCcG A1UEAxMgVEVTVElORyBVU0UgT05MWSAtLSBETyBOT1QgVFJVU1QwHhcNOTcwMzI2 MDgwMDAwWhcNMDAwMzI2MDc1OTU5WjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgT Cldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxGDAWBgNVBAoUD0F2ZW50YWls LCBDb3JwLjEdMBsGA1UECxQURXZhbHVhdGlvbiBDdXN0b21lcnMxRDBCBgNVBAMU O0V2YWx1YXRpb24gYW5kIERlbW9uc3RyYXRpb24gUHVycG9zZXMgT25seSAtIERv IE5vdCBUcnVzdCEhMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnTHJpUpcMZTaJq qLX6iyRGPoH0mKSqm86DXolZpFmefmft7b3Ck5OlhCq5qs1KwqnS5stujJlKN/Nu thj/V3MCAwEAATANBgkqhkiG9w0BAQQFAANBABhpdCTQy6jq884614tqKaBi7h3W 7Nj0huhBNcVcMop7iBG6Aed7OR0abeWeIJWguB2JH2IZukw5mvWlqZjwSIw= -END CERTIFICATE- -BEGIN CERTIFICATE- MIICHjCCAcgCAQEwDQYJKoZIhvcNAQEEBQAwgZkxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRYwFAYDVQQKEw1BdmVu dGFpbCBDb3JwMSAwHgYDVQQLExdFdmFsdWF0aW9uIEN1c3RvbWVycyBDQTEpMCcG A1UEAxMgVEVTVElORyBVU0UgT05MWSAtLSBETyBOT1QgVFJVU1QwHhcNOTcwMzAx MDgwMDAwWhcNMDAwMzI2MDc1OTU5WjCBmTELMAkGA1UEBhMCVVMxEzARBgNVBAgT Cldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxFjAUBgNVBAoTDUF2ZW50YWls IENvcnAxIDAeBgNVBAsTF0V2YWx1YXRpb24gQ3VzdG9tZXJzIENBMSkwJwYDVQQD EyBURVNUSU5HIFVTRSBPTkxZIC0tIERPIE5PVCBUUlVTVDBcMA0GCSqGSIb3DQEB AQUAA0sAMEgCQQDWD6U1EJhqdX3u66ERYC44hCnEqtX3QcJGm7SU9BJ7LMxS8ACG cceHUy4El7edhpyO6CRVfw6yYWSeTVRgZxhfAgMBAAEwDQYJKoZIhvcNAQEEBQAD QQBgxIgnyhjtSbQMgWONio9G4aYhrzKmFdvKn0IvKqOhCO9C/4j3S0VurRciQNed vDe2cNzhieQ2FYlg+5OA+ort -END CERTIFICATE- -BEGIN ENCRYPTED PRIVATE KEY- MIIBeDAaBgkqhkiG9w0BBQMwDQQIS0XKnH4OhTICAQUEggFY7p+anDqPJaJbDQMC CSqitvjPRt1kg1O98O4bnB+GYiGMZPeFEB537OvRsyrhOpDHaV/JD+c4eMwshgVU UUbaXqURzSi2vIV8LfCHUzjtQciJSjL721MHeyhN1z+rILFD8CmXDB2DV/NYjb28 uVuU7ESIUnfKakRTJz6npj58DvpLJ/DaHJUp9/ap+EYrKgxFf3+A6Nnvr3vRLq1p HYngIgSqWDCD9csCrGv9Yu1KCU+ht35nLHbf2+AnLgDtTxHZM2tEh6yhMt/9298L HeTygTgcPHjsRd5uv6J3DSQm3Hx90lHrvXCgliL7x1zXbZWKW50D1ZFke2QGJzW9 l5xZJ7mVMEgjp8KNB/dx2kwE+zeFCQUZYkfnoy36iCsshVZVV5lQEyL553jL71y5 xdLxh6q/RhVO/UEnFM9Jk0QjxcVwIoNhjhc08ZmaeODm9QnWRCqtb9A7G9c= -END ENCRYPTED PRIVATE KEY- length: 512 email: [EMAIL PROTECTED] commonname: Evaluation and Demonstration Purposes Only - Do Not Trust!! locality: Seattle province: Washington country: United States __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]