Re: [PHP3] mod_ssl php3
Hi, Please check your http.conf and configure ssl (certificate) SSLCertificateFile/etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key the files etc/httpd/conf/ssl.crt/server.crt and /etc/httpd/conf/ssl.key/server.key must exists. Check that you have this files and check its contents. Hi all, I have problem installing apache_1.3.6 + mod_ssl-2.3.5 + php-3.0.11. During configure and compiled I didn't see any warning or errors until I startup apache it gave me this error in system logfile: /kernel: pid 12345 (httpd), uid 0: exited on signal 11 (core dumped) I tried to compiled just apache_1.3.6 + php-3.0.11 only and it works. So, is there any bugs that I need to know? Or how can I fix this problem? please help. I'm running FreeBSD/Alpha Release 3.2 and this is my component: - apache_1.3.6 - apache_1.3.6+ssl_1.35 - mod_ssl-2.3.5-1.3.6 - openssl-0.9.3a - rsaref-2.0 - mm-1.0.8 - mysql-3.22.23b - php-3.0.11 TIA pe' -- UNIX System Admin. Distributed Computing Services Lake Superior State University 650 W. Easterday Ave. Sault Ste. Marie. MI 49783 USA. -- -- PHP 3 Mailing List http://www.php.net/ To unsubscribe, send an empty message to [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To search the mailing list archive, go to: http://www.php.net/mailsearch.php3 To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SMP machine causes apache to segfault after hitting SSL server.
6-Jul-99 13:10 you wrote: Well I have tried just about everything. I am now just trying to get Apache 1.3.6, mod_ssl 2.3.5, and OpenSSL working. Basically it seems to work somewhat during the first request by returning some or sometimes all the data requested by the browser. I have tried IE and Netscape. Looking at the documentation I thought it may have something to do with the OpenSSL package and the -fPIC option. That didn't work either. Apache works great until I attempt to hit a https page. I have tried the dummy cert and my own certs with the same results. Could it be something to do with slackware 4.0??? That seems to be the only common thing among systems here that don't seem to want to run apache with SSL. Any ideas? Hmm. There are was problem with ndbm in Slackware 3.6. May be it's the same problem in 4.0 as well ? Try to use built-in sdbm or (better yet) shared memory version... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Segmentation fault
Hello, I had my first apache crash today (1.3.6 + mod_ssl): [Thu Jul 8 10:47:24 1999] [error] mod_ssl: SSL handshake failed (client 192.168.33.41, server dps-1.fleggaard.dk:443) (OpenSSL library error follows) [Thu Jul 8 10:47:24 1999] [error] OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [Hint: speaking not SSL to HTTPS port!?] [Thu Jul 8 10:47:24 1999] [notice] child pid 1410 exit signal Segmentation fault (11) [Thu Jul 8 10:47:24 1999] [notice] child pid 1409 exit signal Segmentation fault (11) [Thu Jul 8 10:47:24 1999] [notice] child pid 1408 exit signal Segmentation fault (11) Kind regards, Brian __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] bad data error with NS4.51 (PR#204)
Full_Name: Version: mod_ssl-2.3.5-1.3.6 OS: linux redhat 5.2 (kernel 2.0.36) Submission from: dhost63.bln.de (62.144.104.63) Hello, I'm using mod_ssl-2.3.5-1.3.6, openssl-0.9.3a, apache-1.3.6 under redhat 5.2. The installation went fine without problems. I made make certificate TYPE=test and one generated by verisign. But I can't connect to the server with Netscape 4.5x (other versions too i think) via https. It gives me a "Netscape has encoutered bad data from the server.". The log looks something like this [08/Jul/1999 14:13:18] [info] Connection: Client IP: 192.168.168.42, Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [08/Jul/1999 14:13:18] [info] Initial (No.1) HTTPS request received for child 3 (server 192.168.168.42:443) [08/Jul/1999 14:13:18] [info] Connection to child 3 closed with unclean shutdown (server 192.168.168.42:443) When I disable SSLv3 in Netscape it works. Under IE5 it works anyway. I've read of this problem in some msgboard but with no answers... So I it not an uncommon problem I think. I would appreciate when someone could give me a solution to this problem. Thanks in advantage! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Off the Road: Time Stamping
I`m affraid that this is a bit off the road, but i don`t know where to ask for it. I`m building up our internal server on Caldera OpenLinux 2.2 with Apache 1.3.6, mod_ssl 2.3.5, mm 1.0.8 and OpenSSL 0.9.3a for secure data transmission. It will be used internal and external by dial-in for our collegues at home. We use our one CA to secure our site with client certificates and now my boss asked me if we could use certificates to sign our documents (e.g. Acrobat Docs). No problem at this point. But now he wants time stamps. I found a IETF Draft about Time Stamping but nothing else. Is it possible to use mod_ssl, OpenSSL for this task ? Daniel __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL not initializing.
I finally tracked down why my system was failing to initialize SSL properly. I had not setup SSLSessionCache. As soon as I recompiled (installing mm_1.0.9) and setup the SSLSessionCache my system stopped having troubles during restart. Just though some of you may like to know. In case someone in the future has a similar problem -Jason Now, if we could only figure out the "interrupted by system" issue :) - Original Message - From: Jason Terry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 06, 1999 9:39 AM Subject: Re: SSL handshake interrupted by system Although I have not tracked down any reason for this error, I believe it seems to be a problem with the initialization of SSL in each child. I have a web server running a nearly identical setup, and it used to get many SSL interruptions per day. I raised the MaxRequestsPerChild limit last friday (to 3000). And so far, the number of errors seems to have decreased proportionally. I used to recieve this error dozens of times daily. But since the change 4 days ago, I have only recieved it 20 times. The only noticeable drawback is that each child is consuming 2-6 meg more RAM. Compared to the SSL error, this is totally acceptable to me. Another thing I have noticed, is that immediatly after starting (or restarting) your server. You should hit it several times with your browser (using SSL) this will eliminate the number of times your errors will appear on your clients browsers. -Jason - Original Message - From: Jeremiah Bellomy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 05, 1999 10:33 AM Subject: SSL handshake interrupted by system As you can see below, "SSL handshake interrupted by system" is being logged to Apache's error_log every 3 minutes. The box is running Red Hat Linux release 5.2 (Apollo), Kernel 2.0.36. Also notice that this was happening with Apache/1.3.4 (Unix) PHP/3.0.6 mod_ssl/2.1.8 SSLeay/0.9.0b and is still happening after upgrading to Apache/1.3.6 (Unix) PHP/3.0.11 mod_ssl/2.3.5 OpenSSL/0.9.3a. I've seen a few messages about this error in the mailing list archives, but none seem to match this pattern. This server currently has very little traffic - Probably not much more than 10 page views an hour. Any idea what could be causing this? Is it harmless? Can this error be disabled per configuration if it is harmless? -- Jeremiah error_log: [Thu Jul 1 04:42:03 1999] [notice] Apache/1.3.4 (Unix) PHP/3.0.6 mod_ssl/2.1.8 SSLeay/0.9.0b configured -- resuming normal operations [Thu Jul 1 04:43:22 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 04:46:22 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 04:49:22 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 04:52:22 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 04:55:23 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 04:58:23 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 05:01:23 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 05:04:23 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 05:07:23 1999] [error] mod_ssl: SSL handshake interrupted by system [Thu Jul 1 05:10:23 1999] [error] mod_ssl: SSL handshake interrupted by system ... ... [Fri Jul 2 16:28:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:31:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:34:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:37:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:40:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:43:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:46:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:49:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:52:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:55:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 16:58:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 17:01:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 17:04:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 17:05:38 1999] [notice] caught SIGTERM, shutting down [Fri Jul 2 17:06:45 1999] [notice] Apache/1.3.6 (Unix) PHP/3.0.11 mod_ssl/2.3.5 OpenSSL/0.9.3a configured -- resuming normal operations [Fri Jul 2 17:07:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 17:09:46 1999] [error] mod_ssl: SSL handshake interrupted by system (System error follows) [Fri Jul 2 17:09:46 1999] [error] System: Connection reset by peer (errno: 104) [Fri Jul 2 17:10:06 1999] [error] mod_ssl: SSL handshake interrupted by system [Fri Jul 2 17:13:06 1999] [error] mod_ssl: SSL
Re: Permission.
I alread posted a bug report about this. It's PR # 200 @ http://www.modssl.org/support/bugdb, if anyone wants to look at it. Ralf is apparently rather busy now finishing his degree. If anyone has more info about this, I guess I'd be interested in finding out more. It's probably a pretty simple fix (it seems to be just an incorrect #define in mod_ssl.h). Brian, are you using Linux? Which version? What libc? What distro? What version of modsssl? Dave Neuer -Original Message- From: Brian Schau [EMAIL PROTECTED] To: .L modssl [EMAIL PROTECTED] Date: Thursday, July 08, 1999 5:46 AM Subject: Permission. Hello, I've been playing around with mod-ssl. I wonder about the following entries in the general error.log: [Thu Jul 8 09:12:05 1999] [error] mod_ssl: Cannot open SSLSessionCache DBM file `/var/run/ssl.dbm' for writing (store) (System error follows) [Thu Jul 8 09:12:05 1999] [error] System: Permission denied (errno: 13) I can see why it fails: root@dps-1:/log/error # cd /var/run root@dps-1:/var/run # ll ssl* -rw--- 2 root root12288 jul 8 09:13 ssl.dbm.dir -rw--- 2 root root12288 jul 8 09:13 ssl.dbm.pag -rw--- 1 nobody root0 jul 8 09:13 ssl.sem.1113 So my question is: Why is the *.dbm files owned by root, when the webserver runs as nobody - that is like asking for trouble! ;o) Kind regards, Brian __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: OpenSSL and MSIE5
Has anyone come across the problem of getting IE5 to authenticate with mod-ssl? I'm seeing the following errors in the logs: [Wed Jul 7 15:32:57 1999] [error] mod_ssl: SSL handshake failed [Wed Jul 7 15:32:57 1999] [error] OpenSSL: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 [Wed Jul 7 15:32:57 1999] [error] OpenSSL: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed [Wed Jul 7 15:32:57 1999] [error] OpenSSL: error:14088076:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa decrypt The same pkcs12 certificate works just fine in Netscape. I'm wondering if pkcs12 certs aren't supported properly in IE5. I've also tried changing key length from 1024 bits to 512 bits. The 128 bit patch has been applied. Hopefully, if I can get this one to work, IE4 will also work. :-) I've also changed the registry as per the registry hack for export browsers. IE5 works fine with our modssl implementation, but i dont pretend to be an expert on these things :( Which registry hack? Kristian __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL Handshake interrupted
Hello, I have recently installed modssl-2.3.5 (built with Apache 1.3.6 and OpenSSL 9.9.3a), so first let me say thanks to Ralph for a very well integrated module, plus excellent documentation, not only on modssl, but also on OpenSSL. I have one SSL site currently running (on Solaris 2.6), using an OpenSSL-generated certificate that was signed by our own private CA (which was also generated with OpenSSL), and it appears to work fine. Certainly I have never had any problems accessing it, from either Netscape or IE4, but the errors file for that virtual host shows a constant stream of such error messages: [Mon Jul 5 15:59:02 1999] [error] mod_ssl: SSL handshake interrupted by system [Mon Jul 5 16:00:02 1999] [error] mod_ssl: SSL handshake interrupted by system [Mon Jul 5 16:01:03 1999] [error] mod_ssl: SSL handshake interrupted by system Does anybody else see this ? The ssl_engine_log logfile has more detail. Below are 3 consecutive interruption errors (by the way, the site is password-protected, and has to remain so). I thought at first it might be caused by a timeout, when clients don't complete the handshake, eg. they might not continue, when warned that the cert was signed by an unknown CA. However, the interruption is instant, and it looks to me as if the server has not even presented its dodgy certificate yet. [08/Jul/1999 18:31:41] [info] Connection to child 2 established (server managed-services.equant-web.net:443) [08/Jul/1999 18:31:41] [trace] Seeding PRNG with 1032 bytes of entropy [08/Jul/1999 18:31:41] [trace] OpenSSL: Handshake: start [08/Jul/1999 18:31:41] [trace] OpenSSL: Loop: before/accept initialization [08/Jul/1999 18:31:41] [debug] OpenSSL: read 0/7 bytes from BIO#001FED20 [mem: 0 0215318] (BIO dump follows) +-+ +-+ [08/Jul/1999 18:31:41] [error] SSL handshake interrupted by system [08/Jul/1999 18:32:41] [info] Connection to child 2 established (server managed-services.equant-web.net:443) [08/Jul/1999 18:32:41] [trace] Seeding PRNG with 1032 bytes of entropy [08/Jul/1999 18:32:41] [trace] OpenSSL: Handshake: start [08/Jul/1999 18:32:41] [trace] OpenSSL: Loop: before/accept initialization [08/Jul/1999 18:32:41] [debug] OpenSSL: read 0/7 bytes from BIO#001FED20 [mem: 0 0215318] (BIO dump follows) +-+ +-+ [08/Jul/1999 18:32:41] [error] SSL handshake interrupted by system [08/Jul/1999 18:33:41] [info] Connection to child 2 established (server managed-services.equant-web.net:443) [08/Jul/1999 18:33:41] [trace] Seeding PRNG with 1032 bytes of entropy [08/Jul/1999 18:33:41] [trace] OpenSSL: Handshake: start [08/Jul/1999 18:33:41] [trace] OpenSSL: Loop: before/accept initialization [08/Jul/1999 18:33:41] [debug] OpenSSL: read 0/7 bytes from BIO#001FED20 [mem: 0 0215318] (BIO dump follows) +-+ +-+ [08/Jul/1999 18:33:41] [error] SSL handshake interrupted by system __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Permission.
It is. The parent httpd process will _always_ be owned as root (if root starts the daemon). The children will be owned by the user given to the 'user' config-directive. This is normal ... My system does this same thing. But, I believe it is due to the following... ps -aux reveals the following httpd processes (edited for readability) rootS Jun28 0:03 /usr/local/apache_1.3.6/bin/httpd nobody S Jun28 0:20 /usr/local/apache_1.3.6/bin/httpd nobody S Jun28 0:04 /usr/local/apache_1.3.6/bin/httpd nobody S Jun28 0:03 /usr/local/apache_1.3.6/bin/httpd etc... Notice how the first process is owned by root. and all of its children are nobody. Perhaps your system is running the same way __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Permission.
I alread posted a bug report about this. It's PR # 200 @ http://www.modssl.org/support/bugdb, if anyone wants to look at it. I'll try to apply the patch tomorrow when I get to work. Brian, are you using Linux? Yes. Which version? Kernel 2.2.7 What libc? Libc6 What distro? Suse 6.1 What version of modsssl? mod_ssl-2.3.5-1.3.6 Dave Neuer Note. It's a known fact that apache has problems in determing when to use gdbm and when to use dbm - I made a patch for apache which gave the control to the Admin. The patch was rejected because the AG felt that it was a linking issue and that it was better solved in the makefile (they're right). For some reason they never got around to fix the problem ;o) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: OpenSSL and MSIE5
On Fri, 09 Jul 1999, you wrote: IE5 works fine with our modssl implementation, but i dont pretend to be an expert on these things :( Which registry hack? On export browsers (40-bit) there is a registry entry under HKLM/Software/Microsoft/Cryptographic/Provider/01 (or some such similar path - the exact syntax escapes me at the moment) which points to the base RSA dll. To enable an export browser to do 128-bit encryption without using a Verisign CA3 signing authority (global id). This entry is changed to point to the rsaenh.dll which is the enhanced rsa dll, capable of 128-bit. Are you using US domestic browsers? I'm wondering if the patch incorrectly implements 128-bit encryption. It would be very surprising to find a MS product that didn't work properly :-) Cheers, Gordon Smith, MCP Network Administrator Horticultural Automation Ltd. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Perl script to proccess Netscape Clients Certificate Request
Hi All, Am looking for some Perl CGI script that can proccess Netscape and Microsoft Clients Certificate Request Automatiquely for mod_ssl-2.3.5 with openssl_0_9_3a. The scrript must completely automate the process, causing a client certificate to be installed once the request Html form is submitted. If you know some place where I can find it or if you have it, please tell me, it's very important for me. Tanks, Gerhard Mourani __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Certificate identity...
I sent this out Sunday with no response. I cannot understand the error response. Can some one comment? OK, so now I've gotten Apache 1.3.6 installed with SSL, and I can connect to an https page. But Netscape puts up an alert stating "Unable to establish a secure connection to www.wizdev.net. There is a problem with the security certificate from that site (the identity certificate issuer is unknown.) I got my certificate from Thawte. Did I forget to do something? Mark Jaffe| (408) 972-9638 (home) Chief Wizard | (408) 529-1926 (cell/page/voicemail) Computer Wizards | (408) 863-8066 (work) [EMAIL PROTECTED]| http://www.wizdev.net/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: PEM vs. DER
[EMAIL PROTECTED] writes: "Ralf S. Engelschall" [EMAIL PROTECTED] writes: [snip] Ok, ok, when I understand you correctly, you want that mod_ssl can read any combination Let's see what I can do. Much appreciated! Though I don't think every combination is required. At least not by us. DER Base64 encoding of PKCS#5/8 keys, and DER Base64 encoding of raw X.509 certs would be a nice start. Turns out the PKCS 5 and 8 support in OpenSSL isn't quite there yet. Or at least that's the conclusion I've come to. We've managed to cobble something together from another toolkit. Though the cert reading works nicely. Thanks again Ralf. -Tom -- Tom Vaughan tvaughan at aventail dot com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Off the Road: Time Stamping
I will suggest anyone to read Bruce Schnier's book first before doing timestamping services. That's a good first step to take. Cheers -Original Message- From: Daniel Reichenbach [EMAIL PROTECTED] To: modssl User List [EMAIL PROTECTED] Date: Thursday, July 08, 1999 9:25 AM Subject: Off the Road: Time Stamping I`m affraid that this is a bit off the road, but i don`t know where to ask for it. I`m building up our internal server on Caldera OpenLinux 2.2 with Apache 1.3.6, mod_ssl 2.3.5, mm 1.0.8 and OpenSSL 0.9.3a for secure data transmission. It will be used internal and external by dial-in for our collegues at home. We use our one CA to secure our site with client certificates and now my boss asked me if we could use certificates to sign our documents (e.g. Acrobat Docs). No problem at this point. But now he wants time stamps. I found a IETF Draft about Time Stamping but nothing else. Is it possible to use mod_ssl, OpenSSL for this task ? Daniel __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Permission.
On Thu, Jul 08, 1999, Dave Neuer wrote: I alread posted a bug report about this. It's PR # 200 @ http://www.modssl.org/support/bugdb, if anyone wants to look at it. Ralf is apparently rather busy now finishing his degree. If anyone has more info about this, I guess I'd be interested in finding out more. It's probably a pretty simple fix (it seems to be just an incorrect #define in mod_ssl.h). Brian, are you using Linux? Which version? What libc? What distro? What version of modsssl? Yes, seems like the stuff in mod_ssl.h around line 310 does not the correct thing for this platform. Please try to trace down to what SSL_DBM_FILE_SUFFIX_{DIR,PAG} is set any why. Thanks for your help. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Permission.
The problem is that the main process, when it starts up, is supposed to chown the files so that they're owned by user nobody. However, in some circumstances, it seems that the filename it's trying to chown is wrong (see my previous post about this; it's a build-time configuration issue, basically), so chown() fails -- and the return values for chown() are never checked, so it just goes blithely on its way asssuming everything is hunky dory . . . Had the Gnu DBM (gdbm) library been used, a lot of this could have been avoided - gdbm lets you specify mode upon opening time. Maybe a compile time link option? Kind regards, Brian __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]