Announce: JServ 1.1b2 for apache 1.3.9 and mod_ssl 2.4.5 RPM
Hi. Apache JServ 1.1b2 for apache 1.3.9 and mod_ssl 2.4.5 for Redhat Linux 6.0 Just uploaded to www.modssl.org : http://www.modssl.org/contrib/apache-mod_ssl-JServ-1.1-b2.1.6.0.i386.rpm http://www.modssl.org/contrib/apache-mod_ssl-JServ-1.1-b2.1.6.0.src.rpm Built under Redhat 6.0 with all updates and RPM 3.0.2. I used ibm-jdk 1.1.8 which install on /opt. You can grab it at http://www.ibm.com/java/jdk/118/linux/index.html See you and enjoy. - Henri Gomez ___[_] EMAIL : [EMAIL PROTECTED] (. .) PGP KEY : 4912D659...oOOo..(_)..oOOo... PGP Fingerprint : 8CAD0D50356DA7E45C540B010FFE39E8 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] con reset by peer with netscape (PR#308)
Full_Name: JP Donnio Version: 2.4.5 OS: Linux RH 5 Submission from: alix.cpod.fr (212.39.128.8) Follow up of PR 294 Most Netscape browsers version 4 fail to establish a SSL connection to our servers. They complain about I/O error. On the server all we get is something like this: [Mon Oct 18 14:26:14 1999] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Mon Oct 18 14:26:14 1999] [error] System: Connection reset by peer (errno: 104) Some internet explorers (for mac?) have the same problem. Only MSIE 4 and 5 on win32 connect correctly. Our web site is https://www.fr.thawte.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RSE back / 2.4.6 prepared / feedback appreciated
So, while I'm busy with moving this week, please take the chance and fetch the latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should be very stable. Please give feedback whether it works fine or fails horrible until Friday. Thanks. I built it with APXS from Apache 1.3.9 and it seems to have built with no errors. Do i need to rebuild Apache/mod_ssl from scratch if i want to use MM ? I did not use MM originally to build mod_ssl. regards, mehul -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi stolen from Ben Laurie on the FSB list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] followup connection error with netscape (PR#309)
Full_Name: JP Donnio Version: 2.4.5 OS: RH 5 Submission from: alix.cpod.fr (212.39.128.8) followup of PR 294 308 I have been able to reproduce the problem. I have installed a netscape communicator 4.07 french on win95. If I try to connect to https://www.fr.thawte.com with it the connection fails If I disable SSLv3 in communicator it connects (only SSL v2) It seems like it is not possible to connect with SSLv3 I have modified the server not to propose SSLv3 ciphers with ALL:!ADH:!SSLv3:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP but the problem still occurs. Only way I have found to connect from this netscape is to disable SSLv3 from the navigator. Any idea? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RSE back / 2.4.6 prepared / feedback appreciated
On Wed, Oct 20, 1999, Mehul N. Sanghvi wrote: So, while I'm busy with moving this week, please take the chance and fetch the latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should be very stable. Please give feedback whether it works fine or fails horrible until Friday. I built it with APXS from Apache 1.3.9 and it seems to have built with no errors. Fine. Do i need to rebuild Apache/mod_ssl from scratch if i want to use MM ? I did not use MM originally to build mod_ssl. MM is an optional part of EAPI and for EAPI you've to recompile Apache. So, yes, for MM you've to recompile Apache. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: RSE back / 2.4.6 prepared / feedback appreciated
I just modified some stuff from latest RPM spec (Magnus and I), rebuild and tested. It works fine under Redhat 6.0 + latest updates. PS:I upgraded to mm 1.0.12 just to be up to date. RE-PS: the same server support apache JServ 1.1b2 without any problems. See you - Henri Gomez ___[_] EMAIL : [EMAIL PROTECTED] (. .) PGP KEY : 4912D659...oOOo..(_)..oOOo... PGP Fingerprint : 8CAD0D50356DA7E45C540B010FFE39E8 apache-mod_ssl.spec
RE: [BugDB] followup connection error with netscape (PR#309)
followup of PR 294 308 I have been able to reproduce the problem. I have installed a netscape communicator 4.07 french on win95. If I try to connect to https://www.fr.thawte.com with it the connection fails If I disable SSLv3 in communicator it connects (only SSL v2) It seems like it is not possible to connect with SSLv3 Same problem with netscape communicator pro french 4.7 on both WinNT and Linux. But only on this site. Others site using various mod_ssl works well (ie https://www.thawte.com using 1.3.9 but modssl 2.4.2) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RSE back / 2.4.6 prepared / feedback appreciated
On Wed, Oct 20, 1999, GOMEZ Henri wrote: I just modified some stuff from latest RPM spec (Magnus and I), rebuild and tested. It works fine under Redhat 6.0 + latest updates. PS:I upgraded to mm 1.0.12 just to be up to date. RE-PS: the same server support apache JServ 1.1b2 without any problems. Sounds good. Thanks for your feedback. BTW, while I was busy today I've in the background let 10 clients continuesly connected to a server via SSL for over 8 hours on my development machine and all worked fine. No failures, segfaults or whatever else unusual situations occured. So I guess 2.4.6 is ready to be kicked out the next days. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problem compiling Apache with mod_ssl on NT
Hi all I have a problem with the compilation of Apache 1.3.4 with mod-ssl over Windows NT. I am using Cygnus as the Unix interface and compiling using VC++. I have been following the instructions as described in the modssl documentation and am now trying to nmake (a VC++ command) Apache with the makefile generated for NT. Everything goes fine until I get a linker error, and I can't seem to figure it out. I am sending the list of instructions I followed along with an attachment of the output that I obtained with the nmake command. Any help would be greatly appreciated. Kavita 1. Make sure CygWin, Perl and the Visual Studio tools are already installed and available through the commands `gzip', `tar', `perl', `nmake', `cl', `link', etc. They are needed for configuring SSLeay and mod_ssl and for building the packages. Additionally a text editor should be available. We assume `vim' (Vi Improved), but you can use any preferred text editor. NOTE: vim doesn't work under cygwin. 2. Extract the required packages $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - $ gzip -d -c mod_ssl-2.1.x-1.3.x.tar.gz | tar xvf - $ gzip -d -c SSLeay-0.9.x.tar.gz | tar xvf - 3. Configure and build the SSLeay library. This is a little bit more complicated than under Unix, because you have to additionally patch some source files. So be patient while hacking ;-) o Enter the SSLeay source tree $ cd SSLeay-0.9.0b o Modify $INSTALLTOP in util\mk1mf.pl to fit your preference (e.g. p:\ssleay) $ vim util\mk1mf.pl $INSTALLTOP="/usr/local/ssl"; $INSTALLTOP="p:\ssleay"; NOTE: Instead of p:, specify the path where SSLeay has been extracted. o Edit file crypto\bn\bn_mulw.c by changing line 174: $ vim crypto\bn\bn_mulw.c return(llBN_MASK2); return(BN_ULONG)(llBN_MASK2); o Edit file crypto\des\des.h as following: $ vim include\des.h char *crypt(); #ifndef MOD_SSL char *crypt(); #endif o Create the all-in-one SSLeay Makefile for building under Win32: $ perl util\mk1mf.pl no-asm dll VC-WIN32 makefile.win32 Note: When you've the Microsoft Assembler (`ml') installed on your platform you can leave out the `no-asm' option, of course. Trick: Even if you don't the have Microsoft Assembler you still can make use of the optimized assembler version of the code. SSLeay distribution comes with some precompiled .asm files. If you want to use them, create an empty `ml.bat' file and put it in your %PATH% and leave out the `no-asm' flag above. o Build the SSLeay package $ nmake /f makefile.win32 o Install SSLeay into $INSTALLTOP. You have do this by hand: (replace p:\ssleay with the path you set $INSTALLTOP to) $ md p:\ssleay $ md p:\ssleay\bin $ md p:\ssleay\lib $ md p:\ssleay\include $ copy /b inc32\* p:\ssleay\include $ copy /b out32dll\ssleay32.lib p:\ssleay\lib $ copy /b out32dll\libeay32.lib p:\ssleay\lib $ copy /b out32dll\ssleay32.dll p:\ssleay\bin $ copy /b out32dll\libeay32.dll p:\ssleay\bin $ copy /b out32dll\ssleay.exe p:\ssleay\bin NOTE: Again, specify the path instead of p: o Leave the SSLeay source tree $ cd .. o Now put $INSTALLTOP\bin into your %PATH% (needed because of the DLLs!) SO FAR SO GOOD!! 4. Now apply the mod_ssl source extension and source patches to the Apache source tree. $ cd mod_ssl-2.1.x-1.3.x $ configure.bat \ --with-apache=..\apache_1.3.x \ --with-ssleay=p:\ssleay $ cd .. 5. Build and install the SSL-aware Apache: $ cd apache_1.3.x\src $ nmake /f Makefile.nt NOTE: This is where I had a significant number of warnings with unmatched operators. I don't know if that is going to make a difference. E.g. conversion from double to float- possible loss of data. Signed- unsigned mismatch. NOTE: While compiling, it couldn't find "ssl.h". This was an include statement in c:\Program Files\Apache Group\apache_1.3.4\src\modules\mod_ssl.h on line 81. I just looked for the include statement (line 81 onwards) and explicitly included the file with the entire path name such as #include "c:\\progra~1\\apache~1\\ssleay~1.0B\\include\\ssl.h" The other files under the SSLeay header files were also specified with absolute paths. The compilation proceeds until the ApacheModuleSSL.dll is being made. I get an error which says that it can't open the library file when in fact the file that it is looking for is actually present, i.e. "..\ssleay~1.0b\lib\ssleay32.lib" The path however is not specified correctly as the file is in "c:\program files\apache group\ssleay-0.9.0b\lib\ssleay32.lib" $ nmake /f Makefile.nt installr Help on the above would be greatly appreciated. Kavita Chowdhri Xerox Corporation [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Off 310-333-8190 Res 323-766-9339 Output2.out Makefile.nt
[BugDB] snakeoil-ca-rsa.crt is expired (PR#310)
Full_Name: Tom Vaughan Version: SNAP-19991020 OS: GNU/Linux Submission from: inbound.aventail.com (216.207.80.50) [tvaughan@rehab pkg.sslcfg]$ pwd /opt/src/mod_ssl-SNAP-19991020/pkg.sslcfg [tvaughan@rehab pkg.sslcfg]$ ../../openssl-0.9.4/apps/openssl x509 -noout -text -in snakeoil-ca-rsa.crt Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=Snake Oil [EMAIL PROTECTED] Validity Not Before: Oct 8 17:40:19 1998 GMT Not After : Oct 8 17:40:19 1999 GMT Subject: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=Snake Oil [EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a9:71:0a:a0:ef:03:69:fc:9a:8a:cd:89:57:37: bb:9e:a3:20:0b:2e:7d:04:95:d0:a5:c3:67:94:2b: d1:51:a8:cb:b3:18:ba:0c:b9:c0:54:bd:9a:de:cc: bf:aa:34:48:4d:db:09:83:3c:2e:1a:2a:20:4b:94: ab:fc:d0:91:47:21:7e:9b:32:f5:06:51:57:38:de: fe:d6:f6:e8:8f:00:20:e1:be:69:34:6b:16:50:41: 3e:04:ee:0d:d6:f8:67:3e:a9:be:44:d1:9d:cb:f7: dc:2e:e6:7c:de:4d:ab:a8:0b:60:b9:8f:25:93:75: d1:57:a3:b7:6d:95:43:8a:05 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE, pathlen:0 Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Signature Algorithm: md5WithRSAEncryption 08:a2:f2:3c:16:50:0c:09:96:91:37:2b:12:97:04:6d:1b:9b: 94:2a:58:dd:b3:b0:3d:26:5e:d6:4e:b7:56:70:a7:09:1b:fa: 9a:fb:a5:ec:c2:40:6c:c6:8a:fc:75:bd:fa:15:56:33:d1:0d: 8c:03:cc:05:81:24:b6:eb:8d:38:df:00:81:29:18:eb:e3:6a: 3c:38:43:36:dd:00:88:d6:72:f3:62:39:56:bf:0f:39:14:c9: 75:bb:c8:bb:86:b0:59:bc:e2:45:eb:b5:ba:52:65:34:82:fa: cd:4d:16:f1:14:6e:81:f1:16:cd:49:86:d8:85:ce:90:c1:b0: fc:cf __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Problem compiling Apache with mod_ssl on NT
On Wed, Oct 20, 1999, Chowdhri, Kavita wrote: I have a problem with the compilation of Apache 1.3.4 with mod-ssl over Windows NT. I am using Cygnus as the Unix interface and compiling using VC++. I have been following the instructions as described in the modssl documentation and am now trying to nmake (a VC++ command) Apache with the makefile generated for NT. Everything goes fine until I get a linker error, and I can't seem to figure it out. I am sending the list of instructions I followed along with an attachment of the output that I obtained with the nmake command. Any help would be greatly appreciated. [...] $ cd mod_ssl-2.1.x-1.3.x [...] You're using very anchient versions of Apache, mod_ssl and SSLeay. Don't do this - use the recent versions, please. I've tried this a few days ago on a Win32 environment myself and it worked fine with the latest mod_ssl snapshot. So please start over with these newer versions. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]