Re: Apache2 with ssl
> What is the recommended way of getting the ssl module for Apache2? Using the built >in Apache2 SSL or using mod_ssl? I don't see a mod_ssl for Apache2 on the mod_ssl >site. Does anyone have experience with Apache2 and ssl? The buildin in is the official mod_ssl for apache 2 - as it looks to me! The documentation is nearly identical to the www.modssl.org docs! -- Institut für Seeverkehrswirtschaft und Logistik http://www.isl.org/ Dipl.-Inform. Kai Hofmann mailto:[EMAIL PROTECTED] Universitaetsallee GW1 Block A phone:+49 421 22096-83 D-28359 Bremen fax:+49 421 22096-55 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Testing SSLv3 Authentication
> How can I build the client certificate to install on the browser? > Can I build a second client.crt and then sign it with the ca.crt? Take a look at www.thwate.com under personal certificates - they are free!!! -- Institut für Seeverkehrswirtschaft und Logistik http://www.isl.org/ Dipl.-Inform. Kai Hofmann mailto:[EMAIL PROTECTED] Universitaetsallee GW1 Block A phone:+49 421 22096-83 D-28359 Bremen fax:+49 421 22096-55 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
client authentication
We have problem with client authentication from some client. On server side we use Apache 1.3.24 with mod_ssl 2.8.8. All client use MS IE 5 or higher and MS Windows 98-2000. >From some client is client authentication without problems, but from some not. I think, certificate on client is installed properly. There is list from ssl logs: [13/Jun/2002 11:18:18 11431] [info] Requesting connection re-negotiation [13/Jun/2002 11:18:18 11431] [info] Awaiting re-negotiation handshake [13/Jun/2002 11:18:18 11431] [error] Re-negotiation handshake failed: Not accepted by client!? [13/Jun/2002 11:18:18 11431] [error] SSL error on writing data (OpenSSL library error follows) [13/Jun/2002 11:18:18 11431] [error] OpenSSL: error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure or [13/Jun/2002 11:06:08 32598] [info] Seeding PRNG with 23177 bytes of entropy [13/Jun/2002 11:06:10 32598] [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [13/Jun/2002 11:06:10 32598] [error] System: Connection reset by peer (errno: 104) Thanks for any advice Libor __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: Apache2 with SSL doesn't start
> > I've installed Apache 2.0.36 with mod_ssl on Win2k. After I create a > > certificate I now have the files test.cert and test.key. > > But the Apache doesn't start! Someone who know what I've to do? > > What does the error log say? [Thu Jun 13 09:50:05 2002] [error] mod_ssl: Init: PassPhraseDialog BuiltIn not supported in server private key from file D:/server/Apache2/conf/ssl/test.key (OpenSSL library error follows) [Thu Jun 13 09:50:05 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag [Thu Jun 13 09:50:06 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing [Thu Jun 13 09:50:06 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] I/O Error when using https (PR#715)
Full_Name: Stephan PAVEK, Mag.
Version: 2.8.1
OS: Win NT 40
Submission from: (NULL) (193.83.101.90)
We are running a web-application using SSL. The environment is as follows: IAS
1.0.2.2.2 (ORACLE) using Apache (v 1.3.19) and open_ssl (v 0.9.5a) on an
AIX-Machine, ORACLE-DB v. 8.1.7.3.
Using IE Explore > 5.01 (we didn't test older versions) we get I/O errors in the
log-file (ssl_engine_log). We got the following log-entries. These error result
in empty pages on the Browser (
+-+
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: read 813/18437 bytes from
BIO#202FF4B8 [mem: 204557C8] (BIO dump follows)
+-+
| : 17 03 01 03 28 8a f8 91-2e 50 78 b0 02 4e 23 68 (Px..N#h |
| 0010: 53 95 8f 7d d4 55 24 ab-e4 66 88 59 6f 78 05 d5 S..}.U$..f.Yox.. |
| 0020: 50 01 e2 96 ac 8c 8f 08-5e 68 12 9b 27 68 22 75 P...^h..'h"u |
| 0030: 24 80 cc 2a 13 82 eb 4b-01 82 93 78 45 c3 66 1c $..*...K...xE.f. |
| 0040: 22 fa 3f a1 9a 78 1c a7-ce 66 98 ab f0 4b e9 38 ".?..x...f...K.8 |
| 0050: 88 03 ce 16 12 33 6a 74-e2 8a df 5e d5 3f 98 58 .3jt...^.?.X |
| 0060: 80 d5 5a ba ab bf 2e 3e-53 7c 14 60 4e b8 a0 03 ..Z>S|.`N... |
| 0070: 9d 62 fc 5f 1d fc ca c7-5e ac 53 b7 46 e5 6f 8c .b._^.S.F.o. |
| 0080: d1 87 36 8b b4 73 5f 24-d8 63 f9 a5 a3 dd 28 38 ..6..s_$.c(8 |
| 0090: 75 54 0c c7 28 7b c1 ba-fe c9 21 d6 dd ce 8d ed uT..({!. |
| 00a0: fb 6c ab cd 76 de dc 64-b4 9a 02 ea 2f f4 c1 4a .l..v..d/..J |
| 00b0: a0 64 88 af b3 b8 cb 18-42 9f cb 38 8f 37 a0 43 .d..B..8.7.C |
| 00c0: 43 f6 eb bc 6f 4e bd 7c-63 fc 11 4a f4 a3 1e 56 C...oN.|c..J...V |
| 00d0: 2d 54 2e fc 32 da 93 77-de 0a 74 6f be 73 06 2d -T..2..w..to.s.- |
| 00e0: 9d 9a 8f 9f b6 ff 80 33-24 c0 af 47 d2 37 af e6 ...3$..G.7.. |
| 00f0: 8c 7d a6 89 0a 1f 65 ca-d8 12 c6 7a e7 0b 30 74 .}ez..0t |
| 0100: f2 30 c9 df be 15 79 80-de f2 33 8c 4f ba fc 2f .0y...3.O../ |
| 0110: 30 96 d9 f4 ac 39 f5 8a-43 f6 0a 16 71 db ee 5d 09..C...q..] |
| 0120: 31 a7 31 d6 95 99 c0 b8-83 90 4d 09 da 65 91 77 1.1...M..e.w |
| 0130: f6 aa ea 0c a2 c5 2a a0-a4 e7 95 52 85 53 4a b0 ..*R.SJ. |
| 0140: 3f 27 b1 f3 90 7d cd 6f-ca ec de 49 4e c8 9f 6e ?'...}.o...IN..n |
| 0150: ee 84 ae 9e a1 a0 ab 26-88 f8 e3 ee 12 e0 68 d3 ...&..h. |
| 0160: 27 a0 33 13 8e be 4d 45-8d 96 14 2b f9 3f 76 8b '.3...ME...+.?v. |
| 0170: 8e 1b 06 bb 02 54 8a 29-99 e8 29 bd 68 13 41 c0 .T.)..).h.A. |
| 0180: 49 0c e0 81 a9 19 45 3d-00 96 21 4c d6 08 74 43 I.E=..!L..tC |
| 0190: ca 1d 3d 87 cd 1d 1a 5a-c1 33 cc 03 a6 4a 82 fd ..=Z.3...J.. |
| 01a0: a4 43 13 54 8a 94 45 eb-d1 5d 9e 14 b8 3f 6b 27 .C.T..E..]...?k' |
| 01b0: 67 74 c4 53 ba 55 8e ff-01 3c d1 af f2 d5 16 31 gt.S.U...<.1 |
| 01c0: b8 69 e8 d5 ac d3 a1 3f-18 4a 51 68 d0 d8 8e 99 .i.?.JQh |
| 01d0: 60 ab f9 24 12 18 d0 de-2c 0c 50 9f 91 d8 01 9b `..$,.P. |
| 01e0: 8e 4a f8 c7 12 ba 30 f9-11 96 0f 35 4f a7 26 84 .J05O.&. |
| 01f0: a6 c7 90 ff b4 17 ff 1f-be 71 b9 85 61 c3 60 85 .q..a.`. |
| 0200: 7b 20 e9 31 d9 2e b5 d6-0b eb 01 4a d8 4e 22 24 { .1...J.N"$ |
| 0210: 59 09 49 6b 1a 5d f3 23-80 4e b6 4a 7f 46 6d 8a Y.Ik.].#.N.J.Fm. |
| 0220: 8f 85 2b ef 4b cf db a6-89 52 72 c8 2b 74 ac 79 ..+.KRr.+t.y |
| 0230: 8f 5e 4a 9b 72 ea fc a4-f6 85 9b b4 6a 16 c3 d8 .^J.r...j... |
| 0240: 1f 07 b8 aa ce 15 33 cb-7c fe de e3 9f 02 15 5c ..3.|..\ |
| 0250: 91 3a bc 1b a7 79 f1 5e-eb b9 63 12 9d 29 21 5c .:...y.^..c..)!\ |
| 0260: bb 3d 88 58 c9 56 19 41-2b 0d 88 09 df 2d 40 e7 .=.X.V.A+-@. |
| 0270: ef e9 23 4b 93 d9 b0 f7-bb e7 c6 f4 df 93 db 96 ..#K |
| 0280: 2a 00 cc ee da aa 4e dd-6c d4 36 d3 ec d4 ac c1 *.N.l.6. |
| 0290: fa ba cb 06 71 60 6f 1b-11 ea 90 e7 d0 89 38 53 q`o...8S |
| 02a0: dc 7c 36 0e a1 ee 43 21-bb 23 f0 50 12 41 db a5 .|6...C!.#.P.A.. |
| 02b0: e2 d5 86 1d 89 0b 33 e2-6f 60 4f 17 52 9a c3 d2 ..3.o`O.R... |
| 02c0: e2 3d 80 c9 a7 b2 a4 ba-40 39 60 86 a4 e6 b5 e3 .=..@9`. |
| 02d0: 08 2a 38 54 51 8d 80 a7-f0 8c f5 c6 b1 1d 5f e6 .*8TQ._. |
| 02e0: d8 ad 33 d1 c3 8a 8d c9-ed 35 d6 51 fd 7f a2 5a ..3..5.Q...Z |
| 02f0: a8 5b d3 1f 84 94 31 16-0a d9 6a 7c 82 2b c7 32 .[1...j|.+.2 |
| 0300: 9b 9c 1b 9b 4a 01 f1 ce-c9 36 aa 04 91 b9 12 77 J6.w |
| 0310: 0d 64 77 07 6e c3 ee 02-e2 c5 11 73 a8 66 5c 92 .dw.n..s.f\. |
| 0320: de 41 1c fa 5e 57 b3 d0-f0 92 e5 2f 4a .A..^W./J|
+-+
[10/Jun/2002 15:43:06 35008] [info] Subsequent (No.2) HTTPS request received
for child 9 (server card.omv.com:443)
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 2045B828]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error,
client certificate!
Hello everybody. In first, sorry for my english. I have web server with apache, modèssl and openssl. I need to create certificate for my user's company, can I do it with this software? Currently, I know how to create server's certificate, but what about client? thanks. Antoine __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache/2.0.36 + Win98 + SSL or PHP4=Error(31)
Hello !!! I am using Apache/2.0.36 (Win32) DAV/2 on Win98. my server is running very fine when i use PHP4 as a interpreter. but as i use " LoadModule " to use PHP4 as a modules i am getting the error as (31) A device attached to the system is not functioning: This error also come when i try to load SSL I also tried to run server on Win 2k. Same error :( Can any one help me out. why this error is comming ? Or where i am wrong ? Thanks is advance Prachait Saxena WebMaster [SitesOnTesting.Com] If you do for other's ! Other's will do for you !! Visit me at http://www.sitesontesting.com/prachait __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLRequireSSL Circumvention
On Tue, 4 Jun 2002, Cliff Woolley wrote: > > BTW- I originally put in the 'deny from all' and 'satisfy any' lines > > because I had another line 'allow from .my-domain.com' inbetween them > > at one point. Which makes me wonder, what would I do if I wanted to > > put it back in? > > Ah, forgot to respond to this part. If you want that, then you would > obviously have to use 'satisfy any'. And in that case, you can't use > SSLRequireSSL. You can use a RewriteRule to get the same effect. I just discovered a config option of which I was previously unaware that would help here. From the SSLOptions directive: # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. So add: SSLOptions +StrictRequire and then your scenario will work. Sorry for misleading you earlier! --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
