[BugDB] Can connet to server "https" (PR#305)

[modssl-bugdb]

Full_Name: Ren Alexander
Version: 
OS: 
Submission from: bsg-ma-cache2.icg.net (163.179.204.151)


Hi,
When I try to connect as https to the server I get the following error message:


"[Wed Oct 13 12:34:41 1999] [error] mod_ssl: SSL handshake failed (client
209.110.255.251, server www.abcab.com:443) (OpenSSL library error follows)

[Wed Oct 13 12:34:41 1999] [error] OpenSSL: error:14094412:SSL
routines:SSL3_RE$_BYTES:sslv3 alert bad certificate [Hint: Subject CN in
certificate not server name!?]

 [Wed Oct 13 19:49:48 1999] [error] mod_ssl: SSL handshake interrupted by
system$ Hint: Stop button pressed in browser?!] (System error follows)

[Wed Oct 13 19:49:48 1999] [error] System: Connection reset by peer (errno: 54)
$ystem [Hint: Stop button pressed in browser?!] (System error follows)"


I am certain the Common Name (CN) is the same in the certificate and httpd.conf
file. “www.abcab.com”

The server software is as follow:

Server: Apache/1.3.9 (Unix) PHP/4.0B2 mod_ssl/2.4.0 OpenSSL/0.9.4
Apache/1.3.9 Server at www.abcab.com Port 80

Any help will be greatly appreciated.

Regards,
Ren Alexander
AbCab Sybernet


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

snakeoil-ca-rsa.crt is expired

[tvaughan]

This expired on Oct. 8th. Would a certificate-ca Makefile target be a
reasonable WISHLIST item? 

-Tom

P.S. I haven't checked the DSA variant.

-- 
Tom Vaughan 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Problems with your RPMS on RedHat-6.0(sparc)

[Darren Nickerson]

Hello Pablo, can you help me??? Please??? I have so far received no feedback
from the modssl and php3 mailing lists, and I've been trying to trace this for 
several days now.

I am trying to get PHP3 running on a Sun SparcStation20 running RedHat Linux 
6.0 and apache-mod_ssl (openssl).

I visited your www site: http://linusp.usp.br/~pablo/rpms/php3/

I got the apache .src.rpm from modssl.org and rebuilt it for sparc.

[root@sinkhole SPECS]# rpm -qa | egrep apache
apache-mod_ssl-devel-1.3.9.2.4.1-0.6.0
apache-mod_ssl-1.3.9.2.4.1-0.6.0


I'm running RedHat-6.0

[root@sinkhole SPECS]# rpm -q redhat-release
redhat-release-6.0-1

And I installed your RPMS, and all the support packages they required:

[root@sinkhole SPECS]# rpm -qa | egrep php3
mod_php3-cpdf-3.0.12-1
mod_php3-gd-3.0.12-1
mod_php3-imap-3.0.12-1
mod_php3-ldap-3.0.12-1
mod_php3-pgsql-3.0.12-1
mod_php3-mysql-3.0.12-1
mod_php3-xml-3.0.12-1
mod_php3-3.0.12-1
mod_php3-doc-3.0.12-1


The problem is, my PHP3 segfaults when I try to access phpAds' toplevel page, 
or when i try to login to my IMP (horde) setup.

[root@sinkhole SPECS]# gdb /usr/sbin/httpd
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-redhat-linux"...
(no debugging symbols found)...
(gdb) run -X
Starting program: /usr/sbin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x5095466c in ?? () from /usr/lib/php3/apache/pgsql.so
(gdb) bt
#0  0x5095466c in ?? () from /usr/lib/php3/apache/pgsql.so
#1  0x50955ea0 in ?? () from /usr/lib/php3/apache/pgsql.so
#2  0x5094f438 in ?? () from /usr/lib/php3/apache/pgsql.so
#3  0x5094fbb0 in ?? () from /usr/lib/php3/apache/pgsql.so
#4  0x50668124 in cs_functioncall_post_variable_passing ()
#5  0x5066bca4 in phpparse ()
#6  0x505fc1f4 in _php3_build_argv ()
#7  0x505fc658 in apache_php3_module_main ()
#8  0x505f8828 in send_php3 ()
#9  0x505f in send_parsed_php3 ()
#10 0x1bee4 in ap_invoke_handler ()
#11 0x2ccf0 in ap_some_auth_required ()
#12 0x2cfcc in ap_internal_redirect ()
#13 0x50428b14 in _init ()
#14 0x1bee4 in ap_invoke_handler ()
#15 0x2ccf0 in ap_some_auth_required ()
#16 0x2cd44 in ap_process_request ()
#17 0x25b34 in ap_child_terminate ()
#18 0x25ce8 in ap_child_terminate ()
#19 0x25e38 in ap_child_terminate ()
#20 0x263dc in ap_child_terminate ()
#21 0x26c04 in main ()
#22 0x5012f8d0 in __libc_start_main () at ../sysdeps/generic/libc-start.c:78
(gdb) 

Have you seen this before? I followed:

http://bugs.php.net/bugs-generating-backtrace.php3

to generate the debugging output, but I'm really not sure what to do with it!

-Darren


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [Q] Using mod_ssl for e-commerce in the US

[Brandon Warren]

Or, for even less money, try the MacMillian (sp?) copy
of Mandrake 6.0 Secure Server Edition.  It is $80
and uses mod_ssl.

Brandon

On Wed, 13 Oct 1999, Dave Neuer wrote:

> I'm not a lawyer.  That said, I think that the rep's assertion that it is
> illegal to use RSAREF in the US for non-commercial purposes is bogus and in
> direct contradiction to the actual terms of the RSAREF license.
> 
> However, the use you describe counts as 'commercial' under the RSAREF
> license (v 2.0) as far as I can tell.  You are selling a service (web
> hosting) and using RSA as a part of that service.  It doesn't matter that
> you are not charging extra for the SSL functionality.
> 
> There are several RSA-licensed, Apache-based SSL servers ranging in price
> from inexpensive (RedHat Secure Web Server, $99 last I checked) to
> moderately expensive (C2Net's Stronghold, somewhere between $500 and $1000,
> IIRC).
> 
> I'd suggest using one of those.
> 
> Dave Neuer
> Software Engineer
> Futuristics Labs, Inc.
> www.futuristics.net
> 
> -Original Message-
> From: David C. Snyder <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Wednesday, October 13, 1999 8:12 AM
> Subject: [Q] Using mod_ssl for e-commerce in the US
> 
> 
> >Hello,
> >
> >I would like to use mod_ssl enabled Apache to host a few small
> >e-commerce web sites in the US.  Unfortunately, the instructions for
> >building mod_ssl (INSTALL) indicate that it is mandatory for
> >US-citizens to link openssl and mod_ssl with RSAref-2.0.
> >
> >I talked to someone in licensing at RSA, and they indicated that it
> >is illegal to use RSAref-2.0, commercially or not, in the US.  They
> >said that I would need to license their "Crypto-C" library.
> >
> >I am hoping that they simply misunderstood my intentions.  I don't
> >plan to "sell" any software, nor do I plan to charge extra for the use
> >of the SSL enabled Apache that will on my web server.  (My prices for
> >hosting SSL enabled domains are the same as for non-SSL domains.)
> >
> >Given this situation, is it necessary to purchase a license in order
> >to legally operate a mod_ssl enabled Apache in the US?
> >
> >-- David
> >__
> >Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> >User Support Mailing List  [EMAIL PROTECTED]
> >Automated List Manager[EMAIL PROTECTED]
> >
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Version

[Balázs Bárány]

Hi,

> >  Server version: Apache/1.3.6 Ben-SSL/1.35 (Unix)
This seems like apache-ssl, http://www.apache-ssl.org
_
Balázs Bárány[EMAIL PROTECTED]   http://www.tud.at   ICQ 10747763

Computers. You can't live with them, you can't live without them.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Version

[Dom Gallagher]

Title: Version



That 
looks like ApacheSSL - check out http://www.apache-ssl.org.
 
 
Dom GallagherSystems AdministratorStayfree Internet 


  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Charles WilliamsSent: 13 October 1999 
  14:51To: '[EMAIL PROTECTED]'Subject: 
  Version
  I was told we were using mod_ssl but at 
   /apache/bin 
  I type httpsd -v and learn: >  Server version: Apache/1.3.6 Ben-SSL/1.35 
  (Unix) 
  Does anyone know where I go for 
  documentation? 
  Chuck Williams 

[BugDB] SSLSessionCache error (PR#304)

[modssl-bugdb]

Full_Name: Michael F. Gremo
Version: 
OS: Redhat Linux 6.0
Submission from: decatur44.midwest.net (208.235.43.54)


When I try to use https to access SSL I get the following error
in the error_log-ssl file


   mod_ssl: Cannot open SSLSessionCache DBM file '/var/cache/ssl_scache' for
reading (fetch) (System error follows)
System: Permission denied (errno: 13)

I get a second error exactly like this one except it displays store
instead of fetch.

What have I done wrong.  I installed Redhat Linux 6.0 and generated
a test certificate.  I have made no modifications to the system.

Thank you for your assistance.



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

ApacheCon 2000: Call For Papers

[Ralf S. Engelschall]

=
URGENT: SUBMISSION DEADLINE: Friday, 22 October 1999, 17:00 PDT

ApacheCon 2000
Conference: March 8-10, 2000
Exhibition: March 9-10, 2000
Caribe Royale
Orlando, Florida

Presented by the Apache Software Foundation

DEADLINE: Friday, 22 October 1999, 17:00 PDT
Acceptance Notification by: November 5, 1999

Come share your knowledge of Apache at this educational and fun-filled
gathering of Apache users, vendors and friends. Apache founders and
leading contributors are designing the technical program that will
include four tracks and over 40 sessions. Topics to be covered include:

· Securing Apache on Windows
· Securing Apache on Unix
· Security and eCommerce
· Java
· Performance
· Perl
· PHP
· XML

ApacheCon 2000 will attract over 1,000 Apache users and supporters
including:

· Open source software developers
· Apache software developers
· Web site administrators
· Technical managers responsible for running Web sites

Session Requirements:
If you would like to be a speaker at the ApacheCon 2000 event, please
go to the ApacheCon Web site and complete the form there, at URL
.

Or you can reply to this message, or to [EMAIL PROTECTED], with the
following fields filled in.

NOTE: If you are offering more than one session, PLEASE send a separate
message for each!

1. Your name:
2. Your email address:
3. Session title:
4. Is this a technical session, or is it intended for managers
   and/or businessmen?
5. Audience experience level (novice, experienced, or expert):
6. Session length:
a) 3 hours (tutorial only):
b) 2 hours:
c) 1.5 hours:
7. Style (presentation, tutorial, or panel discussion)
8. Session abstract (10 lines maximum):

Only educational sessions will be considered; no product-specific
sales or marketing sessions, please. Course material will be made
available to the public after the Conference.

Ken Coar
ApacheCon 2000 Chair
=

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Help needed: EAPI, Apache/DSO etc

[Ralf S. Engelschall]

On Wed, Oct 13, 1999, Yan Zhang Chen wrote:

> > > Before the existence of EAPI, I was thinking about building one single
> > > Apache core, then each individual module could be built separately
> > > (without referencing to Apache source tree) as DSO via apxs. This would look
> > > really neat in terms of maintenance. Can I still do this with the introduction
> > > of this EAPI? (mod_ssl INSTALL doesn't tell how to build mod_ssl separately
> > > without Apache source tree; is it possible?)
> > 
> > Just build your Apache with EAPI only (see mod_ssl's --with-eapi-only option)
> > and then proceed as you wanted, i.e. build all modules as DSOs (including
> > mod_ssl). See "Upgrading with APXS (EXPERTS ONLY)" in the mod_ssl INSTALL
> > documents for a few hints.
> 
> Hey Ralf! Need your help again. I followed your instructions to
> separately build Apache (with EAPI patched) and mod_ssl DSO, but got the
> following error when I tried to start Apache:
> 
> --
> $ ./httpd -DSSL -f /beaker/yzc/ssl_test/httpd.conf
> Syntax error on line 209 of /beaker/yzc/ssl_test/httpd.conf:
> Cannot load /beaker/yzc/apache/libexec/libssl.so into server: Unresolved symbol in 
>/beaker/yzc/apache/libexec/libssl.so: ap_add_config_define
> -

Doesn't look like you really built with EAPI (that function is part of EAPI).
Try `httpd -V' and look whether EAPI is really displayed.

> 2. Build the base Apache (with SO enabled)
> 
> $ cp -r apache_1_3_9_1 apache_1_3_9
> $ cd apache_1_3_9
> $ ./configure --prefix=/beaker/yzc/apache --enable-module=most --enable-module=so

Ah, here is your problem. Because mod_ssl is not present, you've
to enable EAPI manually, of course. Use --enable-rule=EAPI here, too.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Win32: Hang on password reading

[Ralf S. Engelschall]

On Fri, Oct 08, 1999, Ralf S. Engelschall wrote:

> [..]
> > That said, if you blindly type in the password, the server
> > starts no problem, so it's easy to make it workable,
> > if a little ugly.
> > 
> > If I manage to produce a shippable patch, I'll post it.
> 
> Hmmm... I'm not a Win32 guy and I've not tested it, but it would propose the
> solution as following (patch against 2.4.4 plus/minus a few lines offset
> because I've deleted other changes from 2.4.5):

So what? Its already over one week and I've still not feedback from any
Win32-guy that this patch works or not works. I'm still waiting for some
feedback from someone which tries this out on Win32 with an encrypted private
key and gives feedback whether the pass phrase dialog now works or not. The
patch still is:

Index: ssl_engine_pphrase.c
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_pphrase.c,v
retrieving revision 1.36
diff -u -r1.36 ssl_engine_pphrase.c
--- ssl_engine_pphrase.c1999/08/03 09:27:41 1.36
+++ ssl_engine_pphrase.c1999/10/08 14:09:33
@@ -433,6 +436,9 @@
 if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
 char *prompt;
 int i;
+#ifdef WIN32
+FILE *con;
+#endif
 
 ssl_log(s, SSL_LOG_INFO,
 "Init: Requesting pass phrase via builtin terminal dialog");
@@ -443,11 +449,16 @@
  * to the general error logfile.
  */
 dup2(STDERR_FILENO, STDERR_FILENO_STORE);
+#ifdef WIN32
+if ((con = fopen("con", "w")) != NULL)
+dup2(fileno(con), STDERR_FILENO);
+#else
 dup2(STDOUT_FILENO, STDERR_FILENO);
+#endif
 
 /*
  * The first time display a header to inform the user about what
- * program he actually speaks to, which modules is responsible for
+ * program he actually speaks to, which module is responsible for
  * this terminal dialog and why to the hell he has to enter
  * something...
  */
@@ -485,6 +496,9 @@
  * Restore STDERR to Apache error logfile
  */
 dup2(STDERR_FILENO_STORE, STDERR_FILENO);
+#ifdef WIN32
+fclose(con);
+#endif
 }
 
 /*
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: installing modssl on frebsd 3.3

[Ralf S. Engelschall]

On Fri, Oct 08, 1999, Chris Manjoine wrote:

> I have currently installed modssl for testing purposes but when i do a 
> curl https://localhost/ it says that SSL is disabled can someone tell me what I
> need to have in my httpd.conf or apache.conf file to verify that it is
> configured properly? 

Compare your httpd.conf with httpd.conf-dist as provided by mod_ssl. The
contained SSL configuration works fine. Take over this one.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [BugDB] SSLOptions +ExportCertData and no client cert present (PR#303)

[Mike Klinkert]

[EMAIL PROTECTED] wrote:

> Quick'n'durty fix (not too efficient, but only 4 bytes changed :),

I count 6 bytes. ;-)

> ! for (i = 0; i < sk_X509_num(sk); i++) {
> ! for (i = 0; sk && i < sk_X509_num(sk); i++) {

-- 
Mike Klinkert <[EMAIL PROTECTED]>

Public PGP-key: http://www.nomennescio.net/~michael/pgpkey
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

PHP3 and apache-mod_ssl segfaulting

[Darren Nickerson]

Folks,

I'm trying to get two fantastic PHP projects (IMP and phpAds) running on a
SparcStation20 on which I have installed RedHat-6.0, recently upgraded from the
original 5.1 install. I'm using the following RPM from modssl.org:

apache-mod_ssl-1.3.9.2.4.5-0.5.2.src.rpm

and I'm rpm --rebuilding it here for the sparc architecture. The build goes 
cleanly, it installs and makes a fine webserver, including doing SSL just
fine. I've rebuilt and installed mod_php3-3.0.12-1.src.rpm as well, 

mod_php3-cpdf-3.0.12-1
mod_php3-imap-3.0.12-1
mod_php3-mysql-3.0.12-1
mod_php3-3.0.12-1
mod_php3-doc-3.0.12-1
mod_php3-xml-3.0.12-1

But no matter what I do, I cannot get a PHP3 install which will drive either 
IMP or phpAds. Each time I try to access the front page of phpAds, or login to 
IMP, the apache child segfaults. Here's the debugging output:

[root@sinkhole www.dazza.org]# gdb /usr/sbin/httpd 
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-redhat-linux"...
(no debugging symbols found)...
(gdb) run -X
Starting program: /usr/sbin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x5087866c in ?? () from /usr/lib/php3/apache/xml.so
(gdb) bt
#0  0x5087866c in ?? () from /usr/lib/php3/apache/xml.so
#1  0x50879ea0 in ?? () from /usr/lib/php3/apache/xml.so
#2  0x50873438 in ?? () from /usr/lib/php3/apache/xml.so
#3  0x50873bb0 in ?? () from /usr/lib/php3/apache/xml.so
#4  0x50668124 in cs_functioncall_post_variable_passing ()
#5  0x5066bca4 in phpparse ()
#6  0x505fc1f4 in _php3_build_argv ()
#7  0x505fc658 in apache_php3_module_main ()
#8  0x505f8828 in send_php3 ()
#9  0x505f in send_parsed_php3 ()
#10 0x1bee4 in ap_invoke_handler ()
#11 0x2ccf0 in ap_some_auth_required ()
#12 0x2cfcc in ap_internal_redirect ()
#13 0x50428b14 in _init ()
#14 0x1bee4 in ap_invoke_handler ()
#15 0x2ccf0 in ap_some_auth_required ()
#16 0x2cd44 in ap_process_request ()
#17 0x25b34 in ap_child_terminate ()
#18 0x25ce8 in ap_child_terminate ()
#19 0x25e38 in ap_child_terminate ()
#20 0x263dc in ap_child_terminate ()
#21 0x26c04 in main ()
#22 0x5012f8d0 in __libc_start_main () at ../sysdeps/generic/libc-start.c:78
(gdb) 


If I reduce the PHP3 installation down to the bare essentials, I get:

[root@sinkhole www.dazza.org]# rpm -qa | egrep php
mod_php3-imap-3.0.12-1
mod_php3-mysql-3.0.12-1
mod_php3-3.0.12-1
mod_php3-doc-3.0.12-1

[root@sinkhole www.dazza.org]# gdb /usr/sbin/httpd 
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-redhat-linux"...
(no debugging symbols found)...
(gdb) run -X
Starting program: /usr/sbin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x5087866c in ?? () from /usr/lib/php3/apache/mysql.so

(gdb) bt
#0  0x5087866c in ?? () from /usr/lib/php3/apache/mysql.so
#1  0x50879ea0 in ?? () from /usr/lib/php3/apache/mysql.so
#2  0x50873438 in ?? () from /usr/lib/php3/apache/mysql.so
#3  0x50873bb0 in ?? () from /usr/lib/php3/apache/mysql.so
#4  0x50668124 in cs_functioncall_post_variable_passing ()
#5  0x5066bca4 in phpparse ()
#6  0x505fc1f4 in _php3_build_argv ()
#7  0x505fc658 in apache_php3_module_main ()
#8  0x505f8828 in send_php3 ()
#9  0x505f in send_parsed_php3 ()
#10 0x1bee4 in ap_invoke_handler ()
#11 0x2ccf0 in ap_some_auth_required ()
#12 0x2cfcc in ap_internal_redirect ()
#13 0x50428b14 in _init ()
#14 0x1bee4 in ap_invoke_handler ()
#15 0x2ccf0 in ap_some_auth_required ()
#16 0x2cd44 in ap_process_request ()
#17 0x25b34 in ap_child_terminate ()
#18 0x25ce8 in ap_child_terminate ()
#19 0x25e38 in ap_child_terminate ()
#20 0x263dc in ap_child_terminate ()
#21 0x26c04 in main ()
#22 0x5012f8d0 in __libc_start_main () at ../sysdeps/generic/libc-start.c:78


Seems to be a theme emerging there. Does anyone know how to interpret this 
info and point me in the right direction to get this working on my sparc? I 
know I did have this combination working before the upgrade to 6.0 (after 
which I recopiled everything from scratch) and I know I havea similar install 
working on intel architecture . . . Thanks for any hints/advice.

-Darren

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PRO

Re: Version

[Magnus Stenman]

http://www.apache-ssl.org/

> Charles Williams wrote:
> 
> I was told we were using mod_ssl but at
> 
>  /apache/bin
> 
> I type httpsd -v and learn:
> >  Server version: Apache/1.3.6 Ben-SSL/1.35 (Unix)
> 
> Does anyone know where I go for documentation?
> 
> Chuck Williams
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [Q] Using mod_ssl for e-commerce in the US

[Ralf S. Engelschall]

On Tue, Oct 12, 1999, David C. Snyder wrote:

> I would like to use mod_ssl enabled Apache to host a few small
> e-commerce web sites in the US.  Unfortunately, the instructions for
> building mod_ssl (INSTALL) indicate that it is mandatory for
> US-citizens to link openssl and mod_ssl with RSAref-2.0.
> 
> I talked to someone in licensing at RSA, and they indicated that it
> is illegal to use RSAref-2.0, commercially or not, in the US.  They
> said that I would need to license their "Crypto-C" library.
> 
> I am hoping that they simply misunderstood my intentions.  I don't
> plan to "sell" any software, nor do I plan to charge extra for the use
> of the SSL enabled Apache that will on my web server.  (My prices for
> hosting SSL enabled domains are the same as for non-SSL domains.)
> 
> Given this situation, is it necessary to purchase a license in order
> to legally operate a mod_ssl enabled Apache in the US?

Forget talking to RSA DSI, experiences of mod_ssl users showed that they
always just have an "answer of the month".  Nevertheless you _HAVE_ to license
RSA from them - yes.  But read the README.Patents document in the mod_ssl
distribution for a few hints...
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Version

[Ralf S. Engelschall]

On Wed, Oct 13, 1999, Charles Williams wrote:

> I was told we were using mod_ssl but at
>  /apache/bin 
> 
> I type httpsd -v and learn:
> >  Server version: Apache/1.3.6 Ben-SSL/1.35 (Unix)
> 
> Does anyone know where I go for documentation?

You're using Ben's Apache-SSL and not mod_ssl.
So you should start browsing on http://www.apache-ssl.org/
for documentation.
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: ModSSL core dumps

[Ralf S. Engelschall]

On Wed, Oct 13, 1999, Graham Leggett wrote:

> [Wed Oct 13 13:45:35 1999] [notice] child pid 14426 exit signal
> Segmentation Fault (11)
> [Wed Oct 13 14:24:25 1999] [notice] child pid 14977 exit signal
> Segmentation Fault (11)
> [Wed Oct 13 14:30:27 1999] [notice] child pid 19431 exit signal
> Segmentation Fault (11)
> 
> There have been a number of bugfixes for various core dumps coming
> across the wire recently, anyone know when these fixes will become
> available?

The next days I'll release 2.4.6. But I'm still waiting that someone confirms
that the posted Win32-pass-phrase-dialog patch worked as expected...

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [Q] Using mod_ssl for e-commerce in the US

[Dave Neuer]

I'm not a lawyer.  That said, I think that the rep's assertion that it is
illegal to use RSAREF in the US for non-commercial purposes is bogus and in
direct contradiction to the actual terms of the RSAREF license.

However, the use you describe counts as 'commercial' under the RSAREF
license (v 2.0) as far as I can tell.  You are selling a service (web
hosting) and using RSA as a part of that service.  It doesn't matter that
you are not charging extra for the SSL functionality.

There are several RSA-licensed, Apache-based SSL servers ranging in price
from inexpensive (RedHat Secure Web Server, $99 last I checked) to
moderately expensive (C2Net's Stronghold, somewhere between $500 and $1000,
IIRC).

I'd suggest using one of those.

Dave Neuer
Software Engineer
Futuristics Labs, Inc.
www.futuristics.net

-Original Message-
From: David C. Snyder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, October 13, 1999 8:12 AM
Subject: [Q] Using mod_ssl for e-commerce in the US


>Hello,
>
>I would like to use mod_ssl enabled Apache to host a few small
>e-commerce web sites in the US.  Unfortunately, the instructions for
>building mod_ssl (INSTALL) indicate that it is mandatory for
>US-citizens to link openssl and mod_ssl with RSAref-2.0.
>
>I talked to someone in licensing at RSA, and they indicated that it
>is illegal to use RSAref-2.0, commercially or not, in the US.  They
>said that I would need to license their "Crypto-C" library.
>
>I am hoping that they simply misunderstood my intentions.  I don't
>plan to "sell" any software, nor do I plan to charge extra for the use
>of the SSL enabled Apache that will on my web server.  (My prices for
>hosting SSL enabled domains are the same as for non-SSL domains.)
>
>Given this situation, is it necessary to purchase a license in order
>to legally operate a mod_ssl enabled Apache in the US?
>
>-- David
>__
>Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>User Support Mailing List  [EMAIL PROTECTED]
>Automated List Manager[EMAIL PROTECTED]
>

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Version

[Charles Williams]

Title: Version





I was told we were using mod_ssl but at


 /apache/bin 


I type httpsd -v and learn:
>  Server version: Apache/1.3.6 Ben-SSL/1.35 (Unix)



Does anyone know where I go for documentation?



Chuck Williams

ModSSL core dumps

[Graham Leggett]

Hi all,

I am getting a few core dumps like so:

[Wed Oct 13 13:45:35 1999] [notice] child pid 14426 exit signal
Segmentation Fault (11)
[Wed Oct 13 14:24:25 1999] [notice] child pid 14977 exit signal
Segmentation Fault (11)
[Wed Oct 13 14:30:27 1999] [notice] child pid 19431 exit signal
Segmentation Fault (11)

There have been a number of bugfixes for various core dumps coming
across the wire recently, anyone know when these fixes will become
available?

Regards,
Graham
-- 
-
[EMAIL PROTECTED]"There's a moon
over Bourbon Street
tonight...
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

[Q] Using mod_ssl for e-commerce in the US

[David C. Snyder]

Hello,

I would like to use mod_ssl enabled Apache to host a few small
e-commerce web sites in the US.  Unfortunately, the instructions for
building mod_ssl (INSTALL) indicate that it is mandatory for
US-citizens to link openssl and mod_ssl with RSAref-2.0.

I talked to someone in licensing at RSA, and they indicated that it
is illegal to use RSAref-2.0, commercially or not, in the US.  They
said that I would need to license their "Crypto-C" library.

I am hoping that they simply misunderstood my intentions.  I don't
plan to "sell" any software, nor do I plan to charge extra for the use
of the SSL enabled Apache that will on my web server.  (My prices for
hosting SSL enabled domains are the same as for non-SSL domains.)

Given this situation, is it necessary to purchase a license in order
to legally operate a mod_ssl enabled Apache in the US?

-- David
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

abort() instead of exit(1)?

[Martin Kraemer]

The method to exit from apache when mm cannot open the semaphore file
(e.g., because of permission problems) seems rather drastic to me:

main/alloc.c:628:
if ((mm = ap_mm_create(mm_size, mm_path)) == NULL) {
fprintf(stderr, "Ouch! ap_mm_create(%d, \"%s\") failed\n", mm_size, 
mm_path);
err1 = ap_mm_error();
if (err1 == NULL)
err1 = "-unknown-";
err2 = strerror(errno);
if (err2 == NULL)
err2 = "-unknown-";
fprintf(stderr, "Error: MM: %s: OS: %s\n", err1, err2);
--->abort();
exit(1);
}

I would prefer if the program would simply exit with an unsuccessful
exit code after printing the error message.

Martin
PS: are there more abort()s hidden in there? In alloc.c, there are many
of the assert() class ("this must *NEVER* happen" type of errors), most
of them wrapped in #ifdef POOL_DEBUG. But ordinary permission problems
should definitely NOT trigger an abort().
-- 
<[EMAIL PROTECTED]> |Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730  Munich,  Germany
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: installing modssl /ssh 1

[Tim (not representing his employer's opinions)]

Paul Sturgis wrote:
> 
> Just toying with the idea of setting up a ssh client/server on a Caldera
> Open Linux 2.2 system. Running apache 1.3.1 .  What do I need to do? Any
> good information resources would be helpful...
> Thanx.

SSH?  Or SSL?  For SSL you can find a FAQ at modssl.org, and look at the
first section of the manual.  For ssh get the tarball from
ftp.replay.com and compile + install it.

-- 

"Your Favorite OS Sucks"

  --anonymous internet hero
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Problems with SSL/Apache...

[Robin Smidsrød]

depth=0 /C=NO/ST=none/L=Tonsberg/O=Syse Data/OU=Bedrift Server/CN=bedrift.sysedata.no
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NO/ST=none/L=Tonsberg/O=Syse Data/OU=Bedrift Server/CN=bedrift.sysedata.no
verify error:num=21:unable to verify the first certificate
verify return:1


Mvh,
For Syse Data,

Robin Smidsrød
Tekniker / Selger

---
Jobb-relatert email: [EMAIL PROTECTED]
Privat email: [EMAIL PROTECTED]
Telefon jobb/privat: 33310100 / 91593393
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Help w/htaccess config.

[A. Gárdos]

I need to redirect a pointer domain to a directory
in a principal domain.

ie: when user seeks www.black.com,
I need the result to produce an index.html
which lives in directory 'black' in the
www.white.com domain.

So far I got the pointer domain to redirect to my
principal domain,
but I can't get it to go into a directory to display
it's own index.html


current script recomended by my ISP is:

"Add the following to the .htaccess file:"

RewriteEngine On
Options +FollowSymlinks
RewriteBase /
# Rewrite Rule for machine.domain-name.net
RewriteCond %{HTTP_HOST} machine.domain-name.net$
RewriteCond %{REQUEST_URI} !machine/
RewriteRule ^(.*)$ machine/$1

This will redirect requests for the machine name
machine.domain-name.net
to the directory machine on the site domain-name.net
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: mod_ssl log question

[Ralf S. Engelschall]

On Tue, Oct 12, 1999, Alex Muc wrote:

> I'm running apache 1.3.9 and mod_ssl 2.4.2 on NT.  I am wondering if
> someone can take a look at the following section of my modssl
> 'engine.log' file.  Can anyone tell me if these entries in the log file
> look like a normal startup for apache and modssl.  Specifically I'm
> wondering about the entries regarding 'startup round'.  I have '*'ed
> them in the following list.  They seem a little strange to me and I
> haven't been able to get modssl working properly yet, so I'm wondering
> if this is normal or not.

As their [info] tag cleary indicate, they are just informal messages about the
stage into which mod_ssl is. They are normal, yes. Real problems are never
reported with [info], they are either [error] or [warn]. Your problems are
definetely not related to these, of course.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [BugDB] SSLOptions +ExportCertData and no client cert present (PR#303)

[modssl-bugdb]

On Wed, Oct 13, 1999, [EMAIL PROTECTED] wrote:

> Full_Name: Alex Tutubalin
> Version: 2.4.5
> OS: FreeBSD 3.3-STABLE
> Submission from: (NULL) (195.133.64.212)
> 
> when SSLOption +ExportCertData turned on and no client cert present,
> server coredumps (and not serve request)
> [...]

Yes, this was already reported and is now already fixed for mod_ssl 2.4.6.
Nevertheless thanks for your feedback.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [BugDB] Session cache expire bug (PR#302)

[modssl-bugdb]

On Mon, Oct 11, 1999, [EMAIL PROTECTED] wrote:

> Full_Name: Andreas Persson
> Version: 
> OS: 
> Submission from: idasys-059.idasys.se (194.218.15.59)
> 
> For me, the inter-process session cache seems to work correctly only
> for the first five minutes after a server start. After that a lot of 
> unexpected cache misses occur. I think I've found the problem; in
> ssl_enginge_scache.c, line 548-549 and 836-837 read:
> 
> if (tExpiresAt >= tNow)
>bDelete = TRUE;
> 
> I believe it should be <= instead. Or am I missing something?

U, you're right, of course. How could it be that we've overlooked this
subtle bug for such a long time?  It should be <= at both locations, of
course. This is now fixed for mod_ssl 2.4.6. Thanks a lot for discovering this
nasty semantical bug.
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: abort() instead of exit(1)?

[Ralf S. Engelschall]

On Tue, Oct 12, 1999, Martin Kraemer wrote:

> The method to exit from apache when mm cannot open the semaphore file
> (e.g., because of permission problems) seems rather drastic to me:
> 
> main/alloc.c:628:
> if ((mm = ap_mm_create(mm_size, mm_path)) == NULL) {
> fprintf(stderr, "Ouch! ap_mm_create(%d, \"%s\") failed\n", mm_size, 
>mm_path);
> err1 = ap_mm_error();
> if (err1 == NULL)
> err1 = "-unknown-";
> err2 = strerror(errno);
> if (err2 == NULL)
> err2 = "-unknown-";
> fprintf(stderr, "Error: MM: %s: OS: %s\n", err1, err2);
> --->abort();
> exit(1);
> }
> 
> I would prefer if the program would simply exit with an unsuccessful
> exit code after printing the error message.

Ok, I've removed the abort() for mod_ssl 2.4.6

> PS: are there more abort()s hidden in there? In alloc.c, there are many
> of the assert() class ("this must *NEVER* happen" type of errors), most
> of them wrapped in #ifdef POOL_DEBUG. But ordinary permission problems
> should definitely NOT trigger an abort().

There are more abort()s, but not from me (EAPI), of course.
I usually use abort() only in special situations...

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

[BugDB] SSLOptions +ExportCertData and no client cert present (PR#303)

[modssl-bugdb]

Full_Name: Alex Tutubalin
Version: 2.4.5
OS: FreeBSD 3.3-STABLE
Submission from: (NULL) (195.133.64.212)


when SSLOption +ExportCertData turned on and no client cert present,
server coredumps (and not serve request)

Cause:
SSL_get_peer_cert_chain() at pkg.sslmod/ssl_engine_kernel.c, line 1251
returns NULL and sk_X509_num() at next line traps.

Quick'n'durty fix (not too efficient, but only 4 bytes changed :),
in general there should be an if() around for() operator:


*** pkg.sslmod/ssl_engine_kernel.c.orig Wed Oct 13 12:44:01 1999
--- pkg.sslmod/ssl_engine_kernel.c  Wed Oct 13 12:44:12 1999
***
*** 1249,1255 
  val = ssl_var_lookup(r->pool, r->server, r->connection, r,
"SSL_CLIENT_CERT");
  ap_table_set(e, "SSL_CLIENT_CERT", val);


  sk = SSL_get_peer_cert_chain(ssl);
! for (i = 0; i < sk_X509_num(sk); i++) {
  var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
  val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
  if (val != NULL)
--- 1249,1255 
  val = ssl_var_lookup(r->pool, r->server, r->connection, r,
"SSL_CLIENT_CERT");
  ap_table_set(e, "SSL_CLIENT_CERT", val);
  sk = SSL_get_peer_cert_chain(ssl);
! for (i = 0; sk && i < sk_X509_num(sk); i++) {
  var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
  val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
  if (val != NULL)


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]