can't get mod_ssl-2.7.1-1.3.14 to work

[acoon]

This is what i get when i run /usr/local/apache/bin/apachectl startssl

Cannot load /usr/local/apache/libexec/libssl.so into server: ld.so.1:
/usr/local/apache/bin/httpd: fatal: /usr/local/apache/libexec/libssl.so:
mmap failed: No such device

Do I need to set a link manually when i configure either openssl or
mod_ssl?

AJ
Senior Systems Administrator
Network Operations Center
Net Performance, Inc.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

[BugDB] optional_no_ca broken for multi-processes? (PR#480)

[modssl-bugdb]

Full_Name: Rich Salz
Version: 2.7.1
OS: RedHat 6.2+fixes
Submission from: (NULL) (216.73.149.205)


I have "SSLVerifyClient optional_no_ca" in httpd.conf.  When I first connect
the browser asks me to present my certificate.  When I reload the page the
browser says 'connection broken' and the ssl_engine_log says "unknown error"
The following diff adds more logging (showing that the error actually is
X509_V_ERR_CERT_UNTRUSTED).  This patch is not right since it uniformly slams
error status rather than looking at the config info. mod_ssl is
configured as follows:
o ssl_module uses ConfigStart/End
  + SSL interface: mod_ssl/2.7.1
  + SSL interface build type: OBJ
  + SSL interface compatibility: enabled
  + SSL interface experimental code: disabled
  + SSL interface conservative code: disabled
  + SSL interface vendor extensions: disabled
  + SSL interface plugin: Built-in SDBM
Here's the diff
*** ssl_engine_kernel.c Wed Nov  1 10:53:22 2000
--- ../../../../mod_ssl/pkg.sslmod/ssl_engine_kernel.c  Fri Oct 20 11:10:08
2000
***
*** 137,143 
  char *cpVHostMD5;
  X509 *xs;
  int rc;
- int vrfyrc;
  
  /*
   * Get context
--- 137,142 
***
*** 354,368 
  /*
   * Check for failed client authentication
   */
!   vrfyrc = SSL_get_verify_result(ssl);
!   if (vrfyrc == X509_V_ERR_CERT_UNTRUSTED)
!   vrfyrc = X509_V_OK;
! if (vrfyrc != X509_V_OK
  || ap_ctx_get(fb->ctx, "ssl::verify::error") != NULL) {
  cp = (char *)ap_ctx_get(fb->ctx, "ssl::verify::error");
  ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR,
! "SSL client authentication failed: (0x%x) %s", 
!   vrfyrc, cp != NULL ? cp : "unknown reason");
  SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
  SSL_smart_shutdown(ssl);
  SSL_free(ssl);
--- 353,364 
  /*
   * Check for failed client authentication
   */
! if (   SSL_get_verify_result(ssl) != X509_V_OK
  || ap_ctx_get(fb->ctx, "ssl::verify::error") != NULL) {
  cp = (char *)ap_ctx_get(fb->ctx, "ssl::verify::error");
  ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR,
! "SSL client authentication failed: %s", 
! cp != NULL ? cp : "unknown reason");
  SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
  SSL_smart_shutdown(ssl);
  SSL_free(ssl);


  + SSL library path: /home/rsalz/jack/openssl
  + SSL library version: OpenSSL 0.9.5a 1 Apr 2000
  + SSL library type: source tree only (stand-alone)


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Win32 contrib's

[Jerrad Pierce]

Has anyone tried these on win2k? Or have a win2k version to contribute?
I tried the 1.3.12 and it underwent immediate existence failure.

I've been trying OpenSA (http://opensa.org) too, but I get lots of Dr.
Watson's...

I've also tried compiling source (the opensa source), directly on win2k as
well, to no avail.

Any help would be greatly appreciated, thanks!

PS> I have watson logs if you need them. And I can provide my config file,
but it's *very* simple
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

unable to read server certification

[Günther Heit]

my problem:

[Wed Nov  1 16:01:04 2000] [error] mod_ssl: Init: Unable to read server 
certificate from file /usr/ssl/certs/mail1.pem (OpenSSL library error follows)
[Wed Nov  1 16:01:04 2000] [error] OpenSSL: error:0D09F007:asn1 encoding 
routines:d2i_X509:expecting an asn1 sequence

Thank you.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: [BugDB] Phantom CRLs (PR#477)

[modssl-bugdb]

[EMAIL PROTECTED] wrote:
> 
> I use client authentication with certificates and all works fine but seems that
> CRLs aren't verified. In detail I succeded to login when I got a revoked
> certificate and so my certificate serial number is present in the CRL file. Why
> that?

Did you restart the server after putting in the new CRL?

vh.

Mads Toftum
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Ready for Prime Time ?

[David Rees]

On Thu, Nov 02, 2000 at 12:03:12AM -0600, Keith Parkansky wrote:
> 
> Now I'm wondering if someone in my position is
> justified in using Linux/Apache for a mission-
> critical Web server.  The only support options
> I've found are Web-based documentation and FAQs
> and lists such as this one.  If these venues
> don't provide the answer, is there a commercial
> support alternative available, or commercial
> versions of Apache/SSL and mod_ssl that have
> formal (i.e. pay-per-incident or service contract)
> support operations available, or Unix/Linux-based
> commercial alternatives to Apache and mod_ssl, 
> that offer it ?

You haven't looked very hard, have you?  :-)

www.c2.net and www.covalent.net

Both servers from each company uses a mod_ssl based product.

c2net/Stronghold (now owned by RedHat) is the largest Apache/SSL
vendor.

Covalent and their RavenSSL product is also widely used.

I've trialed both their products and even sent tech support for each of
them a question or two.  The response I got back was pretty good for not
having paid them anything.  :-)

-Dave
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Ready for Prime Time ?

[Paul McGarry]

Keith Parkansky wrote:

> > In fact, with many of the largish Open Source companies basing much
> > of their business model on support revenue I wouldn't think it would
> > be all that difficult to find someone willing to give you support if
> > you actually go and look.
> 
> For issues related to the OS this is true, but for issues
> related to the applications they bundle, such as Apache,
> they will not provide "in depth" technical support.

http://www.redhat.com/products/support/ecommerce/

I haven't talked to them or anything, but their web-page suggests
they'll help you with 'your toughest technical problems'.

-- 
Paul McGarrymailto:[EMAIL PROTECTED] 
Systems Integrator  http://www.opentec.com.au 
Opentec Pty Ltd http://www.iebusiness.com.au
6 Lyon Park RoadPhone: (02) 9878 1744 
North Ryde NSW 2113 Fax:   (02) 9878 1755
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Ready for Prime Time ?

[Keith Parkansky]

Paul McGarry wrote:
> 
> Redhat will probably happily take your money from you..
> I'm sure Linuxcare will too...
> 
> In fact, with many of the largish Open Source companies basing much
> of their business model on support revenue I wouldn't think it would
> be all that difficult to find someone willing to give you support if
> you actually go and look.

For issues related to the OS this is true, but for issues 
related to the applications they bundle, such as Apache,
they will not provide "in depth" technical support.

-- 
Keith Parkansky
[EMAIL PROTECTED]
http://www.execpc.com/~keithp
http://www.goingtovegas.com
http://www.squawkware.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Ready for Prime Time ?

[Paul McGarry]

Keith Parkansky wrote:

> If there are any commercial support operations
> available, where can I find contact information
> for them ?

Redhat will probably happily take your money from you..
I'm sure Linuxcare will too...

In fact, with many of the largish Open Source companies basing much 
of their business model on support revenue I wouldn't think it would
be all that difficult to find someone willing to give you support if
you actually go and look.

-- 
Paul McGarrymailto:[EMAIL PROTECTED] 
Systems Integrator  http://www.opentec.com.au 
Opentec Pty Ltd http://www.iebusiness.com.au
6 Lyon Park RoadPhone: (02) 9878 1744 
North Ryde NSW 2113 Fax:   (02) 9878 1755
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Ready for Prime Time ?

[Keith Parkansky]

I recently joined the list and posted a message 
about missing environment variables and never
found an answer to my problem.  I've noticed other
such messages in the last week and a couple re-posts
from people still searching for answers also.

Now I'm wondering if someone in my position is
justified in using Linux/Apache for a mission-
critical Web server.  The only support options
I've found are Web-based documentation and FAQs
and lists such as this one.  If these venues
don't provide the answer, is there a commercial
support alternative available, or commercial
versions of Apache/SSL and mod_ssl that have
formal (i.e. pay-per-incident or service contract)
support operations available, or Unix/Linux-based
commercial alternatives to Apache and mod_ssl, 
that offer it ?

Without such a thing, the Evil Empire will never
be wiped off the face of the earth because corporate
IS managers can't base systems on products where
one *might* find an answer to an issue on a list
or Web site.  Linux distributors will only go so
far in offering support for the applications
included in their distributions.

If there are any commercial support operations
available, where can I find contact information
for them ?

-- 
Keith Parkansky
[EMAIL PROTECTED]
http://www.execpc.com/~keithp
http://www.goingtovegas.com
http://www.squawkware.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Connection to mod_ssl 2.7.1 blocked on WinNT

[Andrew C. Wong]

Hi,

I just have the latest and greatest Apache1.3.14 + mod_ssl2.7.1
compiled on NT 4.0. It worked fine without loading SSL module.

However, when SSL was enabled, it worked only if -X was specified
on command line. Otherwise, any HTTP or HTTPS connection to it 
would be blocked and never return. The forked child seemed getting
into a funny state.

Any idea?

Thanks!
Andrew
---
CONNECTED(0004)
SSL_connect:before/connect initialization
write to 0017F0C0 [00181788] (130 bytes => 130 (0x82))
 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ..W... .
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .f..
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   
0060 - 00 80 f5 6a 27 fa 37 f1-15 4c aa 7e 48 c7 11 74   ...j'.7..L.~H..t
0070 - cb f8 10 b2 61 8a be a8-35 d3 9e 77 a2 45 56 b8   a...5..w.EV.
0080 - 72 ce r.
SSL_connect:SSLv2/v3 write client hello A
<<< blocked >>>



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

test

[Austin Gonyou]

test
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: benchmarks SSL vs non-SSL

[Jeff Costlow]

Thank you for the reply.  The server machine I was using as a test bed was a PII-400 
with a fwe other jobs running, so it's pretty lame on the CPU end.  The (single) 
client I was using was a perl interpreter on a PII-266, so my numbers are going to be 
low anyway.

Given some of the information you gave me, it looks like my findings are inline with 
what I should be getting.  I'll do a few more benchmarks on production boxes (which 
are more powerful than my test machine, and see what kind of difference I get.

Thanks again.

-Original Message-
From: David Rees [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 31, 2000 5:24 PM
To: [EMAIL PROTECTED]
Subject: RE: benchmarks SSL vs non-SSL


> Can anyone point me to a document that compares SSL performance
> to non-SSL performance?
> I recently compiled up modssl-2.6.1 against 1.3.12 on Win32, and
> I get speeds about 1/20th of what I get from the same server
> without SSL enabled.  That doesn't seem right.

Depending on how much CPU power you have, its not too far off.  I usually
see about 1/5th the performance when running SSL vs unsecure pages.

> I have read Mark Cox's document at
>  , it is very good, but it
> didn't solve my problem, as it doesn't talk about non-SSL.
> Although to be fair, I am not compiling RC4 into openssl, so I am
> probably using 3DES, which will hurt me a bit according to the
> above document.
>
> I have enabled dbm SSLSessionCache, and I doubt if enabled a
> shared memory cache will improve my performance greatly.
> (Especially since my real quick benchmark that I used only made 1
> keepalive connection.

You should run better tests.  Get a couple machines as clients, (not the
same one as the web server!) and go download WebBench from ZDNet or
something similar.

Serving SSL pages is mainly CPU power limited, so multiple fast CPUs will
help a lot.

I found that using openssl-0.9.6 gave me a significant speed boost over
previous versions, about 50-60% if I remember correctly.

FWIW, on a SGI Origin 200 with dual 180MHz CPUs, it topped out around 145
hits/second on a small static data set (small files, most around 1K in size)
running Apache/1.3.14 mod_ssl/2.7.1 OpenSSL/0.9.6.

-Dave

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

First SSL Compilation Ever

[Austin Gonyou]

I was doing some testing last night between an Sun UltraEnterprise 1 
server with 16 400Mhz CPUs and 8GB ram and an AMD Athlon 500 with 128MB 
RAM. Mainly because there was a bunch of info from ApacheCon about SSL. 
One table in particular caught my eye. It was a comparison of several 
platforms and their respective SSL performance. Basically I was just 
reproducing the same test, but on a 10K rather than an Sun Ultra5 400Mhz. 
Either way, the same processors. I garnered very similar results to this 
test that was done for documentation use at ApacheCon. Ralf S. 
Engelschall can concurr I believe. What I found is that 1024bit key signs 
on the Sun was 30/s and the Athlon was 95/s. This holds true with most of 
my testing to date. 
 That brings me to the next thought I had. The first time SSL was 
compiled and used, what was it compiled on/into? (I ask this because it 
would make some sense if it was first compiled on some kind of x86 
architecture, the FPU's are very different from that of a Sun or IBM 
chips.) Any thoughts on this?

I've attatched the athlon results and the E10K results. The athlon is 
using RH and an RPM'd version of openssl0.9.6 and the E10K was compiled 
on, so it had more algorythms to do. The most important thing to look at 
in these results however, is the Sign/s and Vrfy/S at the bottom. The 
1024 and 2048 bits in particular.

 - GrandMasterLee - 
[EMAIL PROTECTED]

Tue Oct 31 17:49:37 CST 2000
Doing md5 for 3s on 8 size blocks: 2287550 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 1508759 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 742601 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 244206 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 33679 md5's in 3.00s
Doing hmac(md5) for 3s on 8 size blocks: 983674 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 64 size blocks: 804500 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 256 size blocks: 515322 hmac(md5)'s in 2.99s
Doing hmac(md5) for 3s on 1024 size blocks: 213772 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 8192 size blocks: 33043 hmac(md5)'s in 3.00s
Doing sha1 for 3s on 8 size blocks: 1503871 sha1's in 3.00s
Doing sha1 for 3s on 64 size blocks: 909971 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 414957 sha1's in 3.00s
Doing sha1 for 3s on 1024 size blocks: 130529 sha1's in 3.00s
Doing sha1 for 3s on 8192 size blocks: 17674 sha1's in 3.00s
Doing rmd160 for 3s on 8 size blocks: 1148990 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 658897 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 286929 rmd160's in 3.00s
Doing rmd160 for 3s on 1024 size blocks: 87975 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 11787 rmd160's in 3.00s
Doing rc4 for 3s on 8 size blocks: 12498376 rc4's in 3.00s
Doing rc4 for 3s on 64 size blocks: 2085709 rc4's in 3.00s
Doing rc4 for 3s on 256 size blocks: 538203 rc4's in 3.00s
Doing rc4 for 3s on 1024 size blocks: 136161 rc4's in 3.00s
Doing rc4 for 3s on 8192 size blocks: 17089 rc4's in 3.00s
Doing des cbc for 3s on 8 size blocks: 4262797 des cbc's in 3.00s
Doing des cbc for 3s on 64 size blocks: 587605 des cbc's in 3.00s
Doing des cbc for 3s on 256 size blocks: 148339 des cbc's in 3.00s
Doing des cbc for 3s on 1024 size blocks: 37225 des cbc's in 3.00s
Doing des cbc for 3s on 8192 size blocks: 4658 des cbc's in 3.00s
Doing des ede3 for 3s on 8 size blocks: 1616924 des ede3's in 3.00s
Doing des ede3 for 3s on 64 size blocks: 210433 des ede3's in 3.00s
Doing des ede3 for 3s on 256 size blocks: 52923 des ede3's in 3.00s
Doing des ede3 for 3s on 1024 size blocks: 13247 des ede3's in 3.00s
Doing des ede3 for 3s on 8192 size blocks: 1657 des ede3's in 3.00s
Doing rc2 cbc for 3s on 8 size blocks: 1606729 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 64 size blocks: 216198 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 256 size blocks: 54638 rc2 cbc's in 2.99s
Doing rc2 cbc for 3s on 1024 size blocks: 13717 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 8192 size blocks: 1717 rc2 cbc's in 2.99s
Doing blowfish cbc for 3s on 8 size blocks: 6720599 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 64 size blocks: 979453 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 256 size blocks: 248871 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 1024 size blocks: 62630 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 8192 size blocks: 7842 blowfish cbc's in 3.00s
Doing cast cbc for 3s on 8 size blocks: 6270969 cast cbc's in 3.00s
Doing cast cbc for 3s on 64 size blocks: 903465 cast cbc's in 3.00s
Doing cast cbc for 3s on 256 size blocks: 229157 cast cbc's in 3.00s
Doing cast cbc for 3s on 1024 size blocks: 57609 cast cbc's in 3.00s
Doing cast cbc for 3s on 8192 size blocks: 7214 cast cbc's in 3.00s
Doing 512 bit private rsa's for 10s: 4810 512 bit private RSA's in 10.00s
Doing 512 bit public rsa's for 10s: 50050 512 bit public RSA's in 9.99s
Doing 1024 bit private rsa's for 10s: 950 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for

Re: hwo to force apache+ssl use CryptoSwift

[Austin Gonyou]

Call Rainbow Tech Support.
Austin 

>> Original Message <<

On 10/31/00, 8:55:56 PM, mod_ssl_cn <[EMAIL PROTECTED]> wrote regarding 
hwo to force apache+ssl use CryptoSwift:


> Hi

> I have installed openssl_engine_0.9.6 , mod_ssl , apache_1.3.14 in my
> linux platform .
> I have installed hardware crypto device : CryptoSwift and it's driver

> I have test it by openssl0.9.3  + swift_patch + mod_ssl.
> It works normal.

> How can I force the apache_1.3.14 + openssl_engine_0.9.6 server to use
> CryptoSwift .

> I have update some source code to implement it ; it works normal.

> but how can I force apache to use CryptoSwift by config file or command
> line arg



> __

> ===
> ÐÂÀËÃâ·Ñµç×ÓÓÊÏä http://mail.sina.com.cn
> ÐÂÀËÍƳö°ÂÔ˶ÌÐÅÏ¢ÊÖ»úµã²¥·þÎñ
> http://sms.sina.com.cn/
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: after install of mod-ssl, stunnel broken

[RCURTIS]

John, thanks for your reply.  The first time I installed stunnel, and older
version a year or so ago, I compiled from sources etc..   However, this time
i took the easy way out and downloaded from redhat the rpms for both openssl
9.5a and stunnel 3.8-4.  I have been thinking that I just do not have the
pem's etc in the right directory that stunnel is looking for.  I have tried
using a server.pem, server.crt, swat.pem in /etc/ssl/certs   /var/ssl/certs
(which is where I think older version had them) and in /usr/share/ssl/certs
which is where doing a stunnel -h says the default directory is.  All to no
avail.  

Nothing is showing up in the syslogs at all for stunnel.  When using the
Opera browser 4.2 connecting to swat it just says "connection closed by
remote server" .  In reading the stunnel docs, I have also tried getting the
c_hash of stunnel.pem, swat.pem and linking those, still to no avail.  Any
other ideas?  


Richard Curtis
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 01, 2000 5:00 am
To: [EMAIL PROTECTED]
Subject: RE: after install of mod-ssl, stunnel broken


You don't mention if you changed your version of Openssl in installing
mod-ssl, which I suspect you did. If so, that can stop stunnel working as it
is usually linked against a specific version of either SSLeay (is anyone
actually using that anymore?) or Openssl.

I had this problem for a while till I recompiled stunnel against the source
tree of the same version of Openssl. Check your syslog for a definitive
answer as stunnel should be logging any failures there.

I use stunnel for SWAT and mod_ssl on the same machines without any
problems.

- 
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 


-Original Message-
From: RCURTIS [mailto:[EMAIL PROTECTED]]
Sent: 01 November 2000 01:45
To: '[EMAIL PROTECTED]'
Subject: after install of mod-ssl, stunnel broken


I have been using stunnel on an apache 1.3 webserver to connect to the web
interface of SAMBA called SWAT.  After install of mod-ssl, I cannot connect
via https: to SWAT i.e.  https://xxx.xxx.xxx.xxx:901
  If connecting to swat outside stunnel,
all works fine.  Any ideas as to what the mod-ssl install changed or how to
make it so that I can continue to use stunnel to connect while at the same
time using mod-ssl on the web server?  Any help appreciated ..   Thanks!
 

Richard Curtis 
[EMAIL PROTECTED] 

 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: after install of mod-ssl, stunnel broken

[John . Airey]

You don't mention if you changed your version of Openssl in installing
mod-ssl, which I suspect you did. If so, that can stop stunnel working as it
is usually linked against a specific version of either SSLeay (is anyone
actually using that anymore?) or Openssl.

I had this problem for a while till I recompiled stunnel against the source
tree of the same version of Openssl. Check your syslog for a definitive
answer as stunnel should be logging any failures there.

I use stunnel for SWAT and mod_ssl on the same machines without any
problems.

- 
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 


-Original Message-
From: RCURTIS [mailto:[EMAIL PROTECTED]]
Sent: 01 November 2000 01:45
To: '[EMAIL PROTECTED]'
Subject: after install of mod-ssl, stunnel broken


I have been using stunnel on an apache 1.3 webserver to connect to the web
interface of SAMBA called SWAT.  After install of mod-ssl, I cannot connect
via https: to SWAT i.e.  https://xxx.xxx.xxx.xxx:901
  If connecting to swat outside stunnel,
all works fine.  Any ideas as to what the mod-ssl install changed or how to
make it so that I can continue to use stunnel to connect while at the same
time using mod-ssl on the web server?  Any help appreciated ..   Thanks!
 

Richard Curtis 
[EMAIL PROTECTED] 

 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]