RE: ANNOUNCE: User Contribution Area
On 06-Oct-98 Ralf S. Engelschall wrote: Today I've spent the whole afternoon to create a special service for you which is a little bit unusual. But because I think it serves the needs of the mod_ssl user community I've established it - treat it as an experiment. This looks to be a very useful experiment. Would that all projects have something along these lines. If you do start to have problems with warez traders, you may adopt a strategie like CPAN, ie each uploader has there own login. This, of course, is an administrative drag... About the .blurbs : very useful as well. However, maybe a small script that would munge the file into HTML for, so we don't have to cut/paste the URLs, would be in order? I could code it up in perl. -Philip __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
bind: Address already in use
I run this server on Port 80. No other apache 1.3.2 servers running. apachectl startssl gives me this in error_log [Tue Oct 6 13:19:10 1998] ssl_gcache started bind: Address already in use however apachectl start runs fine: [Tue Oct 6 13:19:10 1998] [notice] Apache/1.3.2 (Unix) PHP/3.0.4 mod_ssl/2.0.11 y/0.9.0b configured -- resuming normal operations What is bind complaining about and why can't I run startssl? -Patrick Momentum Online __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: bind: Address already in use
On Tue, Oct 06, 1998, System Administrator wrote: I run this server on Port 80. No other apache 1.3.2 servers running. apachectl startssl gives me this in error_log [Tue Oct 6 13:19:10 1998] ssl_gcache started bind: Address already in use however apachectl start runs fine: [Tue Oct 6 13:19:10 1998] [notice] Apache/1.3.2 (Unix) PHP/3.0.4 mod_ssl/2.0.11 y/0.9.0b configured -- resuming normal operations What is bind complaining about and why can't I run startssl? Seems like it complains about the ssl_gcache TCP port. Perhaps your previous server processes died but ssl_gcache is still running (check with "ps -{ax,ef} | grep gcache"). This is one of the reasons why gcache was kicked out for mod_ssl 2.1, because the Apache API lacks a reliable child controlling. Just kill the ssl_gcache program and restart Apache. Or ignore it, because the already running ssl_gcache program serves ok, too. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: User Contribution Area
On Tue, Oct 06, 1998, Philip Gwyn wrote: On 06-Oct-98 Ralf S. Engelschall wrote: Today I've spent the whole afternoon to create a special service for you which is a little bit unusual. But because I think it serves the needs of the mod_ssl user community I've established it - treat it as an experiment. This looks to be a very useful experiment. Would that all projects have something along these lines. If you do start to have problems with warez traders, you may adopt a strategie like CPAN, ie each uploader has there own login. This, of course, is an administrative drag... Yes, will be an option. We'll see. When all works fine we don't need it. When it goes worse I'll give out special admin accounts, of course. About the .blurbs : very useful as well. However, maybe a small script that would munge the file into HTML for, so we don't have to cut/paste the URLs, would be in order? I could code it up in perl. Oh, the script is already there. The old Distrib/Misc/ used an ePerl embedded script for this. I've just to adapt it for the new Contrib area. I'll do this today. Thanks for this suggestion and also thanks for your coding offer, Ohilip. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
cannot make mod_ssl work
Hello, I wrote earlier advising that I could not get mod_ssl to work on a Linux box ... RedHat 5.0 - Kernel 2.0.34. I have installed SSLeay-0.9.0b and mod_ssl-2.0.10-1.3.1 for Apache 1.3.1. I installed per INSTALL instructions and the installation went just fine. I however get nothing with Netscape Communicator 4.05 except the certificate warning boxes. After that there is a timeout of about 3-minutes and then Netscape pops up "Document contains no data". I have looked high and low, and tried all manner of changes to the test certificate to get this behavior to change. The certificate CN has the same as the web server hostname in the configuration and this hostname is the machines real primary ethernet interface and Unix hostname. I have stripped the httpd.conf.dist bare to its stock auto created version and the problem still persists. I doubt that SSLeay or mod_ssl are on RedHat Linux anywhere installed that would conflict, so I am out of ideas. A test with s_client, as previously suggested I previously posted results in the following: * I don't have Lynx-SSL set up anywhere, but, s_client ... after several minutes tells: read:errno=0 Apache error_log tells: connect: Connection timed out When I pipe the output of s_client to less so that I can view all of it, there is verify errors such as: verify error:num=20:unable to get local issuer certificate verify return:1 verify error:num=21:unable to verify the first certificate I have done the whole installation over and over again, and have done "make certificate" and "make install" in the Apache 1.3.1 directory many times trying to get this to work. Not a thing seems to change this failure to make a complete SSL connection. Funny thing, I installed from the exact same tar.gz's at home on another RedHat Linux box with an older kernel, and the same exact version web server (ok I upgraded to 1.3.1 ;-) and Lo-and-Behold the one here at home works! I can get the SSL lock via my local ethernet and I have had someone else test via the Internet where it worked also. I sure could use some help ... like someone that can analyze this at a level deeper than I'd care to go, and tell me what silly little thing down in a nook or cranny I am looking over like such a big elephant wearing orange trousers. Could this thing be looking up reverse-dns or something and is not agreeing with the CN I am giving in the certificate? Or is something with SSL or port 443 broken on two remote machines of mine that is not broken on the local one here? Why does Raven Eval 1.2.2 work? If I can get a response from the author, I will at his convenience provide any information that is needed to debug this problem, including if necessary - access to the machine via secure shell. TIA Alan G. Spicer (Independant SysAdmin/Webmaster,...) PS: [fyi the small company contract I currently have is not wanting to buy Raven or such for just testing this capability. I already demo'd SSL with Raven's Evaluation 1.2.2. I also have done Raven for "secure.satelnet.org" long ago. Pardon me for being new to the SSLeay and mod_ssl. I'm about to buy Raven myself and then it'll be mine ;-) ] --- Alan Spicer ([EMAIL PROTECTED]) __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: bind: Address already in use
At 13:39 1998-10-06 -0500, Patrick [EMAIL PROTECTED] wrote: apachectl startssl gives me this in error_log [Tue Oct 6 13:19:10 1998] ssl_gcache started bind: Address already in use What is bind complaining about and why can't I run startssl? SSLCacheServerPort has to be set to a port that is not used. This is only used internally within the machine for the session cache. You've probably set this port to 80, 443 or some other port already in use. 12345 works fine if you don't have any other daemon running there. http://www.engelschall.com/sw/mod_ssl/docs/#SSLCacheServerPort cheers. - -- magnus bodin http://bodin.org/ ** http://$sum(2,2).x42.com/ ** http://www.altameter.com/ __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: .htaccess problem
On Wed, Oct 07, 1998, T. Freeland wrote: I have built up apache_1.3.2 with mod_perl 1.16 and mod_ssl 2.0.11-1.3.2 using the configurations at the bottom of this page and when running the server via 'truss -t stat,open httpd -X -DSSL' it never checks for .htaccess files. I removed mod_perl and tried apache with mod_ssl and it still ignores them. I then searched the web and found the following news article which describes the same situation when apache 1.3.2 is built with mod_php: [...] Has anybody encountered this problem already and have a patch available? Look at line 42 of the installed access.conf file. There is an "AllowOverride None" for the DocumentRoot. You usually have to make it less restrictive to let your .htaccess files being parsed. But it has nothing to do with neither mod_ssl nor mod_perl nor mod_php, of course. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: bind: Address already in use
I see the exact same thing on Solaris. I've been ignoring it, but I am curious as well. Mark I run this server on Port 80. No other apache 1.3.2 servers running. apachectl startssl gives me this in error_log [Tue Oct 6 13:19:10 1998] ssl_gcache started bind: Address already in use however apachectl start runs fine: [Tue Oct 6 13:19:10 1998] [notice] Apache/1.3.2 (Unix) PHP/3.0.4 mod_ssl/2.0.11 y/0.9.0b configured -- resuming normal operations What is bind complaining about and why can't I run startssl? -Patrick Momentum Online __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: bind: Address already in use
At 13:39 1998-10-06 -0500, Patrick [EMAIL PROTECTED] wrote: apachectl startssl gives me this in error_log [Tue Oct 6 13:19:10 1998] ssl_gcache started bind: Address already in use What is bind complaining about and why can't I run startssl? SSLCacheServerPort has to be set to a port that is not used. This is only used internally within the machine for the session cache. You've probably set this port to 80, 443 or some other port already in use. 12345 works fine if you don't have any other daemon running there. http://www.engelschall.com/sw/mod_ssl/docs/#SSLCacheServerPort Not in my case. I have port 12345, which was the default. Mark cheers. - -- magnus bodin http://bodin.org/ ** http://$sum(2,2).x42.com/ ** http://www.altameter.com/ __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
.htaccess problem
I have built up apache_1.3.2 with mod_perl 1.16 and mod_ssl 2.0.11-1.3.2 using the configurations at the bottom of this page and when running the server via 'truss -t stat,open httpd -X -DSSL' it never checks for .htaccess files. I removed mod_perl and tried apache with mod_ssl and it still ignores them. I then searched the web and found the following news article which describes the same situation when apache 1.3.2 is built with mod_php: http://x11.dejanews.com/getdoc.xp?AN=394869699search=threadthreaded=1CONTEXT=907740545.924516402HIT_CONTEXT=907740228.852426818HIT_NUM=16hitnum=12 Has anybody encountered this problem already and have a patch available? Travis Freeland Web Administrator Deakin University [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cannot make mod_ssl work
On Wed, Oct 07, 1998, Alan Spicer wrote: [...] 1. Try to find out wheter there are 5.0 updates related to kernel and libc from RedHat which perhaps solve your problems. Because other RH 5.0 users reported similar problems for Apache recently, the chance is high that there is something broken under RH 5.0. Especially the glibc2 stuff causes problems. After people have downgraded to libc5 Apache worked for them. Perhaps this is the case for you, too. 2. After 1.) failed you can create an "rse" account on your box, reachable via SSH. Then when I find time I can spent an hour to trace the code. This way we at least know at which corner the problem is. * Wow. Tell me again how to tell what C Library I have? I remember recently installing some software that had to be downloaded depending on which libc. I want to compare which libc the local "working" mod_ssl has as compared to the remote 2 machines that currently won't work with mod_ssl. I'm a little leary about changing libc's on these two remote production machines. I don't want to break anything else that is currently working. I've no RedHat box available, so I cannot help you here. But when these are production machines you should be carefully. Only upgrade or downgrade libc when you really know what you're doing. Then the best way for you is to install a different machine under RH 5.1 (where people didn't reported problems), try mod_ssl there and when it goes fine you can thing about upgrading the OS on your production machine. I recommend you to consult any RH/Linux-related newsgroups or mailing lists for this, because we usually cannot help you here, of course. It's funny ... I'd think my local machine, running a Cyrix clone Pentium would be the problem one ;-) I had to recently install a patch so that GCC could compile 'C' programs at all. It was specific to problems with Cyrix 6x86's and GCC. Anyway I think all three have the same type of glibc, but I want to confirm that. Funny now the Cyrix is the one that WORKS and not the true blue Intel Pentium's ;-) It's not related to the CPU, IMHO. I'm sure you messed up something related to your libc or the compiler. All three machines were originally installed from the same RedHat 5.0 CD from Macmillan Computer Publishing. Yes "originally", but know you have a different installation ;-) Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Request: Debian Packages?
People always ask me where to find Debian packages for Apache+mod_ssl. AFAIK there are still no Debian packages because the Debian guys have very special opinions about their packages and want to compile mod_ssl as a DSO only. Although DSO support for mod_ssl will not be available in the near future, it would be fine to have Debian packages for the Apache+mod_ssl bundle. So, are here any Debian users (or even Debian developers?) which are aware of the dpkg stuff and want to contribute a Debian package? At least to the Apache/mod_ssl community in case it doesn't get accepted by the official Debian masters. You can place it directly yourself into the new http://www.engelschall.com/sw/mod_ssl/contrib/ area for distribution if you want. RPMs are already available from there and a FreeBSD port exists, too. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]