Re: Hardware Acceleration using OpenSSL-engine
Thanks for that information! -miah On Fri, Jul 13, 2001 at 01:01:38PM -0700, Geoff Thorpe wrote: > On Fri, 13 Jul 2001, JJohnson wrote: > > > That really doesn't come close to answering my question. I know what SSL > > accelerators do, and how they can help and how they can't help. What I need > > to know is what is needed to get apache+modssl to *USE* the accelerator. Do I > > need to add things to the config? Do I need to pray to some unnamed diety? > > 1) Please configure your mail client (or its editor) to line-wrap text, that > paragraph came through as a single line until I formatted it. > > 2) Take a look at "SSLCryptoDevice" in the online ... actually, just as I'm > about to tell you the URL for the modssl docs, I notice myself that there's no > documentation for "SSLCryptoDevice" in the reference section. It should > certainly be mentioned somewhere inside modssl's README or INSTALL (or > something). > > Basically SSLCryptoDevice is modssl's pass-through to the ENGINE code in > OpenSSL. This requires using an "-engine" version of 0.9.6 or a development > version of 0.9.7(-dev). You also need to build modssl with SSL_EXPERIMENTAL > support to enable this directive. > > For now, try taking a look around - in particular look at the mail-archives of > this list (eg. http://marc.theaimsgroup.com/?l=apache-modssl) for prior > discussion of the subject (including people who've experienced problems and the > corresponding solutions). It's still marked "experimental" so the documentation > can be excused for skipping details - but if you're still no closer after > fishing around and playing with this, let us know where you got to and what the > problems you ran into looked like. Maybe we can help. > > Cheers, > Geoff > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: http and https, same instance
Thanks, that did the trick. I didn't notice that you can specify a port on a NamedVirtualHosts directive. I realized that from your example. Once I changed my entry to: NameVirtualHost 192.168.0.101:80 then all of a sudden the HTTPS port was no longer part of a Named set of virtual hosts, and it works. This is great, because it means I only need one httpd running at a time, and can serve both my named virtual hosts AND the SSL pages. Thanks again. --Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Marshall Sent: Thursday, July 19, 2001 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: http and https, same instance I do not use mod_ssl, but I'm using SSL and NamedVirtualHosts on Apache 1.3.19... try this NameVirtualHost 192.168.0.101 ### Definition for some http (non SSL) virtual hosts ServerName "host1.blah.blah.blah.com" # definition for this virtual host ServerName "host2.blah.blah.blah.com" # definition for this virtual host NameVirtualHost 192.168.0.101:443 ### Definition for SSL - ALL port 443! SSLRequireSSL -Original Message- From: Christopher Piggott HOME [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 8:49 AM To: [EMAIL PROTECTED] Subject: http and https, same instance Is it reasonable to expect to run some http and some https traffic on the same instance of apache 1.3 ? I have named virtual hosts, and I understand they don't work with mod_ssl, but what if I want something like this: NameVirtualHost 192.168.0.101 ### Definition for some http (non SSL) virtual hosts ServerName "host1.blah.blah.blah.com" # definition for this virtual host ServerName "host2.blah.blah.blah.com" # definition for this virtual host ### Definition for SSL - ALL port 443! SSLRequireSSL In other words, I don't care if the virtual named hosts work properly for SSL, I just want it to work - and it's ok if HTTPS exists outside of any virtual host. I have thought of adding a second instance of the server, with its own config file (or switches in httpd.conf using ) ... but I don't really want to lose the usefulness of apachectl. I don't know of a convenient way to do this other than brute force. Thanks, --Chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: http and https, same instance
I do not use mod_ssl, but I'm using SSL and NamedVirtualHosts on Apache 1.3.19... try this NameVirtualHost 192.168.0.101 ### Definition for some http (non SSL) virtual hosts ServerName "host1.blah.blah.blah.com" # definition for this virtual host ServerName "host2.blah.blah.blah.com" # definition for this virtual host NameVirtualHost 192.168.0.101:443 ### Definition for SSL - ALL port 443! SSLRequireSSL -Original Message- From: Christopher Piggott HOME [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 8:49 AM To: [EMAIL PROTECTED] Subject: http and https, same instance Is it reasonable to expect to run some http and some https traffic on the same instance of apache 1.3 ? I have named virtual hosts, and I understand they don't work with mod_ssl, but what if I want something like this: NameVirtualHost 192.168.0.101 ### Definition for some http (non SSL) virtual hosts ServerName "host1.blah.blah.blah.com" # definition for this virtual host ServerName "host2.blah.blah.blah.com" # definition for this virtual host ### Definition for SSL - ALL port 443! SSLRequireSSL In other words, I don't care if the virtual named hosts work properly for SSL, I just want it to work - and it's ok if HTTPS exists outside of any virtual host. I have thought of adding a second instance of the server, with its own config file (or switches in httpd.conf using ) ... but I don't really want to lose the usefulness of apachectl. I don't know of a convenient way to do this other than brute force. Thanks, --Chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http and https, same instance
If you have mod_perl, check out an article I wrote for take23 a while back at http://take23.org/articles/2001/03/12/redirect.xml?style=printable If you don't, maybe mod_rewrite would help? Then again, maybe I'm misreading what you need? --- Christopher Piggott HOME <[EMAIL PROTECTED]> wrote: > Is it reasonable to expect to run some http and some https traffic on > the same instance of apache 1.3 ? > > I have named virtual hosts, and I understand they don't work with > mod_ssl, but what if I want something like this: > > NameVirtualHost 192.168.0.101 > > ### Definition for some http (non SSL) virtual hosts > > >ServerName "host1.blah.blah.blah.com" ># definition for this virtual host > > > >ServerName "host2.blah.blah.blah.com" ># definition for this virtual host > > > ### Definition for SSL - ALL port 443! > > > SSLRequireSSL > > > > > > In other words, I don't care if the virtual named hosts work properly > for > SSL, I just want it to work - and it's ok if HTTPS exists outside of > any > virtual host. > > I have thought of adding a second instance of the server, with its > own > config file (or switches in httpd.conf using ) ... but > I don't > really want to lose the usefulness of apachectl. I don't know of a > convenient way to do this other than brute force. > > Thanks, > > --Chris > > > > __ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
http and https, same instance
Is it reasonable to expect to run some http and some https traffic on the same instance of apache 1.3 ? I have named virtual hosts, and I understand they don't work with mod_ssl, but what if I want something like this: NameVirtualHost 192.168.0.101 ### Definition for some http (non SSL) virtual hosts ServerName "host1.blah.blah.blah.com" # definition for this virtual host ServerName "host2.blah.blah.blah.com" # definition for this virtual host ### Definition for SSL - ALL port 443! SSLRequireSSL In other words, I don't care if the virtual named hosts work properly for SSL, I just want it to work - and it's ok if HTTPS exists outside of any virtual host. I have thought of adding a second instance of the server, with its own config file (or switches in httpd.conf using ) ... but I don't really want to lose the usefulness of apachectl. I don't know of a convenient way to do this other than brute force. Thanks, --Chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: secure cgi script environment variable problem
Below is my previous post on the problem I am seeing with secure forms from Netscape. Since I got no response, can anyone at least suggest another discussion area or someone I can contact to help resolve the problem? Since the same thing works from Linux, there must be something from the TPF server that is throwing Netscape off that the other browsers are not sensitive to, but I don't know what it is. Thanks. Referenced post: Relating to my previous question about why I am missing expected environment variables in a secure cgi script on TPF, here is an example of an actual GET and POST. I intercepted them in the SSL_read() function in ssl_lib.c. Note the POST is missing content-type, content-length and the form data. Any idea why Netscape is doing this? Again, IE has the expected fields in the POST, and Netscape has them in non-secure mode. GET /cgiform2.html HTTP/1.0 If-Modified-Since: Thu, 05 Jul 2001 20:25:01 GMT; length=727 Connection: Keep-Alive User-Agent: Mozilla/4.77 [en] (Windows NT 5.0; U) Pragma: no-cache Host: 9.117.241.16 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 POST /cgi-bin/test-cgi HTTP/1.0 Referer: https://9.117.241.16/cgiform2.html Connection: Keep-Alive User-Agent: Mozilla/4.77 [en] (Windows NT 5.0; U) Host: 9.117.241.16 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 Regards, Evan Jennings TPF Development, IBM Corp. Poughkeepsie NY (845) 435-1918 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Question
The simple answer is yes, but make sure you have a copy of your key and certificate in case it goes pear-shaped. For information, I've upgraded our version of Apache-mod_ssl several times in the last year without a hitch. This surprises users of MS code of course. - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] > -Original Message- > From: James Stevens [mailto:[EMAIL PROTECTED]] > Sent: 19 July 2001 04:39 > To: [EMAIL PROTECTED] > Subject: Question > > > I just discovered the hardship of using a binary installation > of Apache... > Can't install FP Extensions to it. (sigh) > > So I am preparring to build the apache server using the src's > .. Question is > I already have SSL up and running (mod_ssl) ... Running under > apache 1.3.19 > now the newest download from both apache and mod_ssl are the > apache 1.3.20 > variants.. Question is if I use the newer .20 src's to build > my appache can > I simply drop in the backed up copies of my key and crt files > and will she > start up without throughing a fit? I have never upgraded a live server > before I have always waited untill the cert ran out and did > everything then. > > In this case we just got the cert a week ago and now the clients are > demanding FP support so I need to get it installed one way or another. > > Spacifics on my system: > > OS: Linux Mandrake 8.0 > Current Web Server: Apache 1.3.19 (default install from > Mandrake no source > avalible on server) > Current SSL Server mod_ssl 0.9.6 (version ID from 'openssl > version' command) > > Upgrading to: Apache 1.3.20 (from source distribution files) > Upgrading to: 2.8.4-1.3.20 (from source distribution files) > > Thanks in advance! > > --JT > Network Administrator > http://www.webcommanders.com > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
