pthread
Hi All, I have been down this track before, but have not found a conclusive answer. On Tue, Feb 08, 2000 at 02:46:09PM +0100, GOMEZ Henri wrote: apache-ssl is not apache-mod_ssl. This problem is related to pthread inclusion somewhere in one of the modules. ie mod_php3 with mysql could add libpthread and sus make apache core. I am using the oci8.so module with php3 and apache-modssl 1.3.11-2.5.0 and have also tried against 1.3.12-2.6.3. This seems to work - the php.so module loads the oci8.so module. But I now need to use auth_oracle, and mod_owa which also link against libpthread, via one of their shared libraries. If I run php together with either (auth_oracle|mod_owa) I get a core dump. But if I run auth_oracle and mod_owa without php it runs fine. TIA on ideas. Rudi -- Rudi HeitbaumPh: +61-3-9822 1216 Managing DirectorFax: +61-3-9822 1728 DARX Consulting Pty Ltd Mobile: 04-1122 6244 mailto:[EMAIL PROTECTED] http://www.darx.com/ PGP public key: http://www.darx.com/pgp/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL Client authentication problem
I installed a Secure Reverse Proxy to access some internal resources using I am using Apache/1.3.12 (Unix Solaris 2.6) with mod_ssl/2.6.3 and OpenSSL/0.9.5a. It work quite well. But now I want to use SSL client Certificate for authentication. It work but with a problem. The problem is when I connect on the reverse proxy, my browser ask me several time to present my client certificate. It's seems that for every session it ask me a client certificate. I guess this is not a normal behavior ??? I used to do the same with Stronghold and it ask me only one time for my certificate. Has some body an idea how to deal with that. Maybe a parameter to change on the apache mod_ssl server ? Sylvain -- -- Sylvain MARET, Network Security Engineer Datelec Networks SA Av. de la Praille 26 1227 Carouge / Geneva Member of Dimension Data HOLDINGS Switzerland Tel: +41 22 309.15.80 Fax: +41 22 309.15.85 Visit our Web Site: http://www.datelec.com PGP Fingerprint: BE06 F406 32CA 0886 BAC8 F794 9A75 7DF9 4CD4 D07C PGP Key: On request! --- Are you Secure? How do you know? __ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify Datelec Networks. -- Mail To: [EMAIL PROTECTED] -- http://www.datelec.com _ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: installing through RPM
In a message dated 4/28/2000 7:47:22 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: after I install the RPM, is it possible if I will add php3 + mysql + imap + ldap ? I don't know about them, but I am sure mod_perl works very badly with the RPM Apache. Beyond that, RPM Apache is not the latest, most secure version. -Josh __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
failed installing mod_ssl
Hi, this is my second time trying to install apache+mod_ssl+php3 Here is what I did from scratch: 1. installing redhat 6.1 + openldap (RPM) 2. install imap-4.7.3 (RPM) 3. install imap-devel-4.7-3 (RPM) 4. install MySQL-3.22.32-1 (RPM) 5. install MySQL-client-3.22.32-1 (RPM) 6. install MySQL-devel-3.22.32-1 (RPM) 7. install MySQL-shared-3.22.32-1 (RPM) 8. install openssl-0.9.5a (source) ./configure make make test make install 9. extract apache_1.3.12 10. extract mod_ssl-2.6.3 for apache 1.3.12 11. patch apache: ./configure --enable-shared=ssl --with-ssl 12. install apache SSL_BASE=../openssl-0.9.5a ./configure --enable-module=all --enable-shared=max make make certificate TYPE=custom make install 13. extract php3.0.16 14. install php3.0.16 ./configure --with-apxs=/usr/local/apache/bin/apxs \ --with-config-file=/usr/local/apache \ --with-imap \ --with-mysql \ --with-ldap \ --with-ftp \ --enable-track-vars make make install Then, if I tried starting ./httpd -t -DSSL I got error: Segmentation fault (core dumped) Then I tried to comment out php3 in httpd.conf .. voila, it's work well ... is there any error what I did here? why my php3 installation can not work with apache+mod_ssl? I also tried with php3.0.14 ... same .. is there any hardware restriction? because my computer is only 40 MB RAM ... Please help me, Regards, kapot __ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: installing through RPM
Hello, Is that really true? In the contrib section of modssl.org, I see the latest greatest apache+modssl. Regards, Harry Hoffman Product Systems Specialist Restaurants Unlimited Inc. 206.634.3082 x. 270 On Fri, 28 Apr 2000 [EMAIL PROTECTED] wrote: In a message dated 4/28/2000 7:47:22 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: after I install the RPM, is it possible if I will add php3 + mysql + imap + ldap ? I don't know about them, but I am sure mod_perl works very badly with the RPM Apache. Beyond that, RPM Apache is not the latest, most secure version. -Josh __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Minor problem ~
The latest Apache and modssl installation appeared to go OK, it appears to start in ssl mode, however, when you attempt to do a SSL login, an error message pops-up that reports "the servers certificate has an invalid signature. you will not be able to connect to this site securely." The ssl_engine_log reports: "...alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]" Any thoughts how to fix this? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl + mod_proxy + mod_auth
I've dredged through the archives, but can't find a reference to the problem I'm having. I've got the standard reverse proxy setup going with client connections via SSL to an apache server that proxies pages (via proxypass) from an internal http server. That works fine. I'd like to do authentication on the apache server as well, but can't get it to work. Here's part of the httpd.conf file: ProxyPass /corporate_rd/ http://sapling/corporate_rd/ ProxyPassReverse /corporate_rd/ http://sapling/corporate_rd/ And later, in the SSL virtual host section: Directory proxy:http://sapling/corporate_rd/ AuthType Basic AuthUserFile /home/jayl/tmp/.htpasswd AuthName 'RD' require valid-user /Directory When I try to load this from netscape, I get an Error 407, Proxy Authentication Required without being prompted for a passwd. (IE just crashes. :) ) What am I doing wrong? thanks for the help, jay lyerly __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: installing through RPM
ERRATA: I was referring to the RedHat Apache RPM, not the combined Apache/SSL rpms from ssl sites. I don't know about them, but I am sure mod_perl works very badly with the RPM Apache. Beyond that, RPM Apache is not the latest, most secure version. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Import a CA certificate to Netscape browser
Has any one imported a CA certificate (like ca.crt ) to the Netscape browser? Can you share how it is done? Thanks, __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Adding myself as trusted signer authority in Netscape?
How do I generate a trusted signer certificate for Netscape? I have to install it in Netscape, and some years ago bellsign.be could install themselves via a file I downloaded. I need to generate that same kind of file so that Netscape trusts me. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: installing through RPM
[EMAIL PROTECTED] wrote: In a message dated 4/28/2000 7:47:22 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: after I install the RPM, is it possible if I will add php3 + mysql + imap + ldap ? I don't know about them, but I am sure mod_perl works very badly with the RPM Apache. Beyond that, RPM Apache is not the latest, most secure version. Please explain what you mean by that... The RPM packaged version of apache-mod_ssl is made from the latest versions. apache-mod_ssl-1.3.12.2.6.3-0.6.0.i386.rpm apache-mod_ssl-devel-1.3.12.2.6.3-0.6.0.i386.rpm apache-mod_ssl-1.3.12.2.6.3-0.6.0.src.rpm are all available in the www.modssl.org contrib area. I have not tried compiling mod_perl with apache-mod_ssl as a DSO (via apxs) lateley, but if you would like to compile it statically into apache you could do that with that SRPM. /magnus -Josh __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Solaris and Linux binaries
I just looked at MIT's ssl apache server web.mit.edu/apache-ssl/www They seems to have a download binary for Solaris and Linux. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
FYI: Compiling on Win32
Had to add to modules\ssl\Makefile: $(LIBNAME).dll: $(OBJS) $(LD) $(LDFLAGS) /dll /out:$@ \ $(OBJS) \ ..\..\CoreR\ApacheCore.lib \ $(SSL_LIB)\ssleay32.lib \ $(SSL_LIB)\libeay32.lib \ wsock32.lib \ added gdi32.lib \ clean: Had to add to modules\ssl\mod_ssl.h: #endif#ifdef WIN32#include wincrypt.h added #include winsock2.h#endif /* OpenSSL headers */
cap.gov
Hi Jim I think the test cert. didn't work because of an error in the data I entered for that certificate based on further reading I have done. Nevertheless, if you think it is worth a try, attached is a new CSR. Bill -BEGIN CERTIFICATE REQUEST- MIIB/TCCAWYCAQAwgaQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNaWNoaWdhbjEX MBUGA1UEBxMOU2VsZnJpZGdlIEFOR0IxGTAXBgNVBAoTEENpdmlsIEFpciBQYXRy b2wxHjAcBgNVBAsTFUNBUC5HT1YgQWRtaW5pc3RyYXRvcjEQMA4GA1UEAxMHQ0FQ LkdPVjEcMBoGCSqGSIb3DQEJARYNYWRtaW5AY2FwLmdvdjCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAzNHovUGzIi4iW8Y0rSdAovz8Rgu1wVVNRCgemsIKGznO RA849rghjkrkz0wlY24ZagKnDpAvHxLSqj2UbCyYdeFJ2OI2Hlqqe3H3UahmYOV2 +W5A+YhSTLgUXh3A3zHeiCl2mlTFjzeK1ddLjTCqVxLRdGK/agfezYSFupfo+MUC AwEAAaAYMBYGCSqGSIb3DQEJBzEJEwdtaWNyb24AMA0GCSqGSIb3DQEBBAUAA4GB AELjBglSnV8NI3PWwKyBz3wIBzXWrWpK/+dX37sxcUTVM68vm5PZKLLrW+3O33JF DNv5WGHauQ7ZXSAHluwPFMwEesR331joFQzCCtIzjN3+hxr8VqU8jL3FRJ+EVT3X Df6qfeUP8SQm9lJtsq5xNR3HefG7IN6o1Pmz6vWZF/NC -END CERTIFICATE REQUEST-
Re: FYI: Compiling on Win32
On Fri, Apr 28, 2000, Erik Aronesty wrote: Had to add to modules\ssl\Makefile: $(LIBNAME).dll: $(OBJS) $(LD) $(LDFLAGS) /dll /out:$@ \ $(OBJS) \ ..\..\CoreR\ApacheCore.lib \ $(SSL_LIB)\ssleay32.lib \ $(SSL_LIB)\libeay32.lib \ wsock32.lib \ added gdi32.lib \ clean: Had to add to modules\ssl\mod_ssl.h: #endif #ifdef WIN32 #include wincrypt.h added #include winsock2.h #endif /* OpenSSL headers */ Thanks for your patches. But I personally cannot decide whether these are reasonable and correct or not. Can someone else confirm that these patches are really necessary for mod_ssl to build under Win32? I'm still very sceptic whether gdi32.lib and winsock2.h are generic things which are available under all Win32 environments... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]