Re: ANNOUNCE: 2.1b9-1.3.3 (2.1.0 to-be)
On Mon, 16 Nov 1998 18:08:51 GMT, Ralf S. Engelschall <[EMAIL PROTECTED]> wrote: > On Mon, Nov 16, 1998, Trung Tran-Duc wrote: > > > Ooops. We have problem with patching Makefile on Win32. I'll see to it > > tomorrow. > > I've looked at it. The appended patch solves it for me. Please try it out > also yourself, Trung. worked like a charm!! I think you can go ahead with an announcement now > We have to make sure the Win32-stuff doesn't work as expected for > 2.1.0. doesn't ?! :-) Anyway I and probably everybody else should know that Windows is a broken platform. A few days ago I myself ran into a well-known Windows DLL hell. We cannot overstate the fact that SSLeay's DLLs must be put on _system_ %PATH%, especially when Apache is intended to run as a Windows service. I also have a few suggestions concerning cosmetic aspects of configure.bat. They don't need to be put into the 2.1 release 1) should we make backups (*.orig) when we patch those win32 makefiles? 2) in Makefile.nt you invoke mod_ssl's makefile with nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile clean ... The define CFG="mod_ssl - Win32 %LONG%" has nothing to do here. The other .mak need it, because they are generated by DevStudio, and it's the way they do it. Our Makefile is hand written. Also nmake looks for 'makefile' by default, so no need to use the -f option. You can just nmake /nologo all # or without 'all' nmake /nologo clean -trung P.S. Ralf, thanks for cooperation. It's my first experience with such a project. Good feeling. > [...] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: 2.1b9-1.3.3 (2.1.0 to-be)
On Tue, Nov 17, 1998, Trung Tran-Duc wrote: > > > Ooops. We have problem with patching Makefile on Win32. I'll see to it > > > tomorrow. > > > > I've looked at it. The appended patch solves it for me. Please try it out > > also yourself, Trung. > > worked like a charm!! I think you can go ahead with an announcement now Fine. I'll first go to the birthday dinner with my family members and then I want to adjust a few more files in the distribution (NEWS, ANNOUNCE, README, etc). But then I'll roll the final 2.1.0 tarball this afternoon and release the stuff. Thanks for the fast feedback, Trung. >[...] > 1) should we make backups (*.orig) when we patch those win32 > makefiles? H yes. Ok, I'll create .orig files in configure.bat. This way it's more consistent with what "patch" does. > 2) in Makefile.nt you invoke mod_ssl's makefile with > > nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile > nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile clean > ... > > The define CFG="mod_ssl - Win32 %LONG%" has nothing to do here. The > other .mak need it, because they are generated by DevStudio, and it's > the way they do it. Our Makefile is hand written. Also nmake looks for > 'makefile' by default, so no need to use the -f option. You can just > > nmake /nologo all # or without 'all' > nmake /nologo clean I've removed the CFG=... and added the "all", but the "-f Makefile" I want to leave as "/f Makefile" just to make sure this "broken platform" tools do what they should do (perhaps "makefile vs. Makefile" or whatever next M$ break in new releases of their VC++ stuff :-( ). > P.S. Ralf, thanks for cooperation. It's my first experience with such > a project. Good feeling. Oh, I have to thank _you_, because _you_ contribute to my project. But sure, Open-Source Software projects (especially when related to interesting/popular mother-projects like Apache) are always nice areas to work. That's why we all do it and love it this way. So, keep on your good contributions, please ;-) BTW, for 2.1.x and 2.2bX there will be _A LOT_ of more things where one can contribute to the project. Just a few key words to give you an idea: Diffie-Hellman, Global-ID, IPC Shared Memory Cache, Extended Backward-Compat Mappings, LDAP, CRLs, ... So don't think the project ends with mod_ssl 2.1.0 ;-) Greetings, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: 2.1b9-1.3.3 (2.1.0 to-be)
On Tue, Nov 17, 1998, Khimenko Victor wrote: > 17-Nov-98 11:37 you wrote: > >> 2) in Makefile.nt you invoke mod_ssl's makefile with > >> > >> nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile > >> nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile clean > >> ... > >> > >> The define CFG="mod_ssl - Win32 %LONG%" has nothing to do here. The > >> other .mak need it, because they are generated by DevStudio, and it's > >> the way they do it. Our Makefile is hand written. Also nmake looks for > >> 'makefile' by default, so no need to use the -f option. You can just > >> > >> nmake /nologo all # or without 'all' > >> nmake /nologo clean > > > I've removed the CFG=... and added the "all", but the "-f Makefile" I want to > > leave as "/f Makefile" just to make sure this "broken platform" tools do what > > they should do (perhaps "makefile vs. Makefile" or whatever next M$ break in > > new releases of their VC++ stuff :-( ). > > Makefile and makefile (and MAKEFILE -- in fact this is name of "main file" for > nmake) is one file under Windows 9x/NT and nmake will find this file by default > (at least nmake from Microsoft C 5.0, Microsoft C 6.0, Microsoft C/C++ 7.0, > Microsoft C/C++ 8.0 AKA MS VC++ 1.0, MS VC++ 1.5x, MS VC++ 2.0, MS VC++ 4.x > (MS VC++ 3.x was skipped by MS, not by me :-), MS VC++ 5.0 and MS VC++ 6.0). > Since nmake was able to find MAKEFILE for last 15 years I bet this will be so > in the future as well and if not then Makefile will be not supported at all :-) 15 years? For Microsoft this usually doesn't count, of course. But ok, you convinced me: I'll remove the "/f Makefile". Thanks for complaining, Trung. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: 2.1b9-1.3.3 (2.1.0 to-be)
17-Nov-98 11:37 you wrote: >> 2) in Makefile.nt you invoke mod_ssl's makefile with >> >> nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile >> nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile clean >> ... >> >> The define CFG="mod_ssl - Win32 %LONG%" has nothing to do here. The >> other .mak need it, because they are generated by DevStudio, and it's >> the way they do it. Our Makefile is hand written. Also nmake looks for >> 'makefile' by default, so no need to use the -f option. You can just >> >> nmake /nologo all # or without 'all' >> nmake /nologo clean > I've removed the CFG=... and added the "all", but the "-f Makefile" I want to > leave as "/f Makefile" just to make sure this "broken platform" tools do what > they should do (perhaps "makefile vs. Makefile" or whatever next M$ break in > new releases of their VC++ stuff :-( ). Makefile and makefile (and MAKEFILE -- in fact this is name of "main file" for nmake) is one file under Windows 9x/NT and nmake will find this file by default (at least nmake from Microsoft C 5.0, Microsoft C 6.0, Microsoft C/C++ 7.0, Microsoft C/C++ 8.0 AKA MS VC++ 1.0, MS VC++ 1.5x, MS VC++ 2.0, MS VC++ 4.x (MS VC++ 3.x was skipped by MS, not by me :-), MS VC++ 5.0 and MS VC++ 6.0). Since nmake was able to find MAKEFILE for last 15 years I bet this will be so in the future as well and if not then Makefile will be not supported at all :-) __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[BUG] Solved!
*. . . . . . . . + . . . . . .. + . . . . . . . + .. .. + . . . *.+ .+ .. . . .. . . . . . ..* . . . . + .. + . .+ . . . + . ... * * .+ . + .+. . * . . . .. . + . . . . . . . ... . . . . . . . * .. . +. . . + + .* . . . . * . . * . .. . .. + . + . . . +. + . . . . . * . * . . . .*. . . . .. .. . . .+ .. * . . + . + . . . . .. . . . . . \^/ \^/ \^/ \^/ \^/ \^/ \^/ \^/ \^/. . (*) (*) (*) (*) (*) (*) (*) (*) (*) . /:\ /:\ /:\ /:\ /:\ /:\ /:\ /:\ /:\ . i . i . i . i . i . i . i . i . i . + H H H H H H H H H . . H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H /~\ |\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\| | | | * H * A * P * P * Y * | | | | * B * I * R * T * H * D * A * Y * | :___(_)___ * ~\===/ 8888 8888 8888 8888 ,adPPYYba, 8b,dPPYba, 8b,dPPYba, 8b d8 8888 "" `Y8 88P'"8a 88P'"8a `8b d8' 8888 ,adP88 88 d8 88 d8 `8b d8' 8888 88,,88 88b, ,a8" 88b, ,a8"`8b,d8' 8888 `"8bbdP"Y8 88`YbbdP"' 88`YbbdP"' Y88' 88 88 d8' 88 88 d8' ba 88 88 88 "8b "",d 88 88 ,8P88 88 88aa8P' 88 8b,dPPYba, MM88MMM 88,dPPYba, 88""8b, 88 88P' "Y888 88P'"8a 88 `8b 88 8888 88 88 88 a8P 88 8888,88 88 P" 88 88"Y888 88 88 88 88 88 ,adPPYb,88 ,adPPYYba, 8b d8 a8"`Y88 "" `Y8 `8b d8' 8b 88 ,adP88 `8b d8' aaa "8a, ,d88 88,,88`8b,d8' "88 `"8bbdP"Y8 `"8bbdP"Y8 Y88'd8' d8'8" d8' ba 88 ad88 88 88 "8b 88d8"88 88 ,8P 8888 88 88aa8P' ,adPPYYba, 88 MM88MMM 88 8888'"" `Y8 8888 88 88`8b,adP88 8888 "" 88 `8b 88,,88 8888 aa 88 `8b `"8bbdP"Y8 8888 88 ...And thanks for sharing such a great piece of software with us! Martin -- <[EMAIL PROTECTED]> |Siemens Information and Phone: +49-89-636-46021 |Communication Products FAX: +49-89-636-47816 |81730 Munich, Germany __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: 2.1b9-1.3.3 (2.1.0 to-be)
17-Nov-98 13:47 you wrote: > On Tue, Nov 17, 1998, Khimenko Victor wrote: >> 17-Nov-98 11:37 you wrote: >> >> 2) in Makefile.nt you invoke mod_ssl's makefile with >> >> >> >> nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile >> >> nmake /nologo CFG="mod_ssl - Win32 %LONG%" -f Makefile clean >> >> ... >> >> >> >> The define CFG="mod_ssl - Win32 %LONG%" has nothing to do here. The >> >> other .mak need it, because they are generated by DevStudio, and it's >> >> the way they do it. Our Makefile is hand written. Also nmake looks for >> >> 'makefile' by default, so no need to use the -f option. You can just >> >> >> >> nmake /nologo all # or without 'all' >> >> nmake /nologo clean >> >> > I've removed the CFG=... and added the "all", but the "-f Makefile" I want to >> > leave as "/f Makefile" just to make sure this "broken platform" tools do what >> > they should do (perhaps "makefile vs. Makefile" or whatever next M$ break in >> > new releases of their VC++ stuff :-( ). >> >> Makefile and makefile (and MAKEFILE -- in fact this is name of "main file" for >> nmake) is one file under Windows 9x/NT and nmake will find this file by default >> (at least nmake from Microsoft C 5.0, Microsoft C 6.0, Microsoft C/C++ 7.0, >> Microsoft C/C++ 8.0 AKA MS VC++ 1.0, MS VC++ 1.5x, MS VC++ 2.0, MS VC++ 4.x >> (MS VC++ 3.x was skipped by MS, not by me :-), MS VC++ 5.0 and MS VC++ 6.0). >> Since nmake was able to find MAKEFILE for last 15 years I bet this will be so >> in the future as well and if not then Makefile will be not supported at all :-) > 15 years? Yes. AFAIK. I'm never seen Microsoft C [1-4].x myself but AFAIK nmake was able to find MAKEFILE starting from first version written back in 1983 for Microsoft C 1.0 (Microsoft C 1.0 was created to rewrite Windows 1.0 (initially Windows was written on Pascal (in 1983) but when Turbo Pascal completely and forever pushed MS Pascal from marketspace (yes, MS was not invincible then) Windows was rewritten on C but since there was no Microsoft C yet this took two years (to create Microsoft C 1.0 and then recreate Windows 1.0 with Microsoft C 1.0) and thus Windows 1.0 was out only in 1985... BTW MS VC++ is only marketing term. Internally it's Microsoft C/C++ Version 12.00.8168 ... > For Microsoft this usually doesn't count, of course. But ok, you convinced > me: I'll remove the "/f Makefile". Thanks for complaining, Trung. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Cliet cert to userid mapping
Hi Ralf, I have been happily using mod_ssl for quite a while now. Currently I'm migrating some Netscape Enterprise 3.x applications, I wrote some time ago, over to Apache + mod_ssl + mod_jserv. My work has involved your 2.1 beta code because my client certificates include proprietary extensions so I need the B64 client cert to be passed to the request handlers. This week I started migrating another NES 3.x application that uses the client cert to userid mapping functionality present in NES 3.x As you probably know, the server extracts the contents of the OID '0 9 2342 19200300 100 1 1' and if other elements of the DN match some rules then sets the REMOTE_USER variable to the contents of the extension. The rule matching part can be easily done with SSLRequire directive, however getting the value of OID '0 9 2342 19200300 100 1 1' is a bit more complex because it does not appear in the list SSLeay-0.9.0b/crypto/objects/objects.h. Because fo time constraints, I'm hacking my own mod_ to do the work by reading the stuff directly from the cert. I'm planning to ask the SSLeay guys if this OID can be supported in their distribution. My question is if you think a similar functionalitiy could be included in mod_ssl maybe with LDAP support as described somewhere in the wishlist. HAPPY BIRTHDAY RALF! thanks for the great work. Cheers e. === Enrico Badella email: [EMAIL PROTECTED] Soft*Star srl [EMAIL PROTECTED] InterNetworking Specialists tel: +39-11-746092 Via Camburzano 9 fax: +39-11-746487 10143 Torino, Italy Wanted, for hobbist use, any type of PDP and microVAX hardware,software, manuals,schematics,etc. and DEC-10 docs or manuals === __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.1.0 (happy birthday)
Happy birthday! The 2.1.0 tarball is rolled and released. Either it now horribly fails or succeeds, but at least it's now out. The official Announcement is appended below. Thanks to all who contributed to the project and made the release of 2.1.0 reality. Greetings, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com _ _ _ __ ___ ___ __| |___ ___| | | '_ ` _ \ / _ \ / _` | / __/ __| | | | | | | | (_) | (_| | \__ \__ \ | ``mod_ssl combines the flexibility of |_| |_| |_|\___/ \__,_|___|___/___/_| Apache with the security of SSLeay.'' |_| ``Ralf Engelschall has released an mod_ssl - Apache Interface to SSLeayexcellent module that integrates http://www.engelschall.com/sw/mod_ssl/ Apache and SSLeay.'' Version 2.1.0-1.3.3 Tim J. Hudson, SSLeay co-author This Apache module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the SSL/TLS implementation library SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. As a summary, here are its main features: o Open-Source software (BSD-style license) o Useable for both commercial and non-commercial use o Available for both Unix and Win32 platforms o 128-bit strong cryptography world-wide o Support for SSLv2, SSLv3 and TLSv1 protocols o Clean reviewable ANSI C source code o Clean Apache module architecture o Integrates seamlessly into Apache through an Extended API (EAPI) o Full Dynamic Shared Object (DSO) support o Support for the SSLeay+RSAref US-situation o Advanced pass-phrase handling for private keys o X.509 certificate based authentication for both client and server o Additional boolean-expression based access control facility o Backward compatibility to other Apache SSL solutions o Inter-process SSL session cache o Powerful dedicated SSL engine logging facility o Simple and robust application to Apache source trees o Fully integrated into the Apache 1.3 configuration mechanism o Additional integration into the Apache Autoconf-style Interface (APACI) o Assistance in X.509 v3 certificate generation For more details about mod_ssl please visit its net locations under: http://www.engelschall.com/sw/mod_ssl/ ftp://ftp.engelschall.com/sw/mod_ssl/ __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SetCertStuff failed
Hi, I am hoping someone can shed some light on a problem we've been having getting our Apache SSL working properly. The ingredients: Redhat 5.1 Apache SSL 1.3.1 SSLeay-0.9.0b Thawte Certificate I've checked and triple checked the paths, permissions, etc. Apache SSL boots fine: ssl_gcache started [notice] Apache/1.3.1 (Unix) mod_ssl/2.0.10 SSLeay/0.9.0b configured -- resuming normal operations BUT, every access attempt to https://www.daemon.ca generates: [error] mod_ssl: ssl_int_SetCertStuff failed Any ideas on what I'm missing? best regards, Darren Woods NetWorks Internet - http://www.daemon.ca Dartmouth, Nova Scotia __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
