Re: Apache 1.3.26 Upgrade Question
Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache 1.3.26 Upgrade Question
What is really your question ? Just download the source and compile it. apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz mod SSL 2.8.9-1.3.26 : http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz Gilles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Lee Sent: Thursday, June 20, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: Re: Apache 1.3.26 Upgrade Question Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. what platform? unix requires nothing more than a configure in the mod_ssl directory, followed by make. Win32 is a little more cumbersome. Aryeh --- Aryeh Katz VASCO www.vasco.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Why dont you just buy Stronghold? Sounds like you ought to be paying someone to do this work for you. -- http://www.redhat.com/software/apache/stronghold/index.html Jim Lee wrote: Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Upgrade Question
Hi I currently have mod_ssl-2.8.7-1.3.23(apache) deal. I have seen the security issue and the suggetions to upgrade to 2.0 or 1.3.26. Couple of questions, Please. 1. Can I just install the new apache version over my old install? And will it still use my ssl info? If not is there a command I can run when I configure the new apache to not overright all my info in /opt/apache? 2. Or do I need to wait for a mod_ssl-2.x.x-1.3.26 release?? Thanks for any input, Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
problem build apache_1.3.26 with modssl
How do I compile mod_ssl-2.8.8-1.3.24 with apache_1.3.26? When I run configure --with-apache=../apache_1.3.26 I get the foolowing error: Configuring mod_ssl/2.8.8 for Apache/1.3.24 ./configure:Error: The mod_ssl/2.8.8 can be used for Apache/1.3.24 only. ./configure:Error: Your Apache source tree under ../apache_1.3.26 is version 1.3.26. ./configure:Hint: Please use an extracted apache_1.3.24.tar.gz tarball ./configure:Hint: with the --with-apache option, only. Does this mean I can't build apache_1.3.26 with mod-ssl compiled in? JS. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
modssl for apache 1.3.26
Does anyone now when we can expect new modssl module for 1.3.26? Need to upgrade due to CA-2002-17. Would 2.8.8-1.2.24 work?? Thanks, Mark Jackson * Important Note This email (including any attachments) contains information which is confidential and may be subject to legal privilege. If you are not the intended recipient you must not use, distribute or copy this email. If you have received this email in error please notify the sender immediately and delete this email. Any views expressed in this email are not necessarily the views of AXA. Thank you. * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[ANNOUNCE] mod_ssl 2.8.9 for Apache 1.3.26
On demand by the release of Apache 1.3.26 I've made available mod_ssl 2.8.9. The details are appended below. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.8.9 (27-Mar-2002 to 19-Jun-2002) *) Upgraded to Apache 1.3.26. *) Support for OpenSSL 0.9.7. *) Open random files in binary mode under Win32 to not stop on EOS characters. *) Additional internal consistency check on vhost sanity checking in case no DNS entries are found for virtual hosts. *) Fixed detection of a faked Faked Basic Auth situation for internal redirection situations. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Compile fails while building mod_ssl - ?? bison - lex.ssl_expr_yy.c(1753)
Could someone help me figure out why my compile fails...
This is the first time I have tried to compile with mod_ssl - that
is with openssl in srclib.
The code builds fine otherwise.
Compile errors...
echo/nologo /MD /W3 /O2 /I ../../include /I
../../srclib/apr/include /I ../../srclib/apr-util/include /I
../../srclib/openssl/inc32/openssl /I ../../srclib/openssl/inc32
/D NDEBUG /D WIN32 /D _WINDOWS /D WIN32_LEAN_AND_MEAN /D
NO_IDEA /D NO_RC5 /D NO_MDC2 /Fo.\Release\\
/Fd.\Release\mod_ssl /FD /c ssl_expr_scan.c
I:\Temp\nm18BC.tmp
cl.exe @I:\Temp\nm18BC.tmp
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : 'Unknown'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1915) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1917) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1926) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1935) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1943) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1945) : error C2059: syntax error : '}'
.\Release\mod_ssl.so target does not exist
echo kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib
gdi32.lib ssleay32.lib libeay32.lib /nologo /subsystem:
windows /dll /incremental:no /pdb:.\Release\mod_ssl.pdb
/map:.\Release\mod_ssl.map /machine:I386
/out:.\Release\mod_ssl.so /
implib:.\Release\mod_ssl.lib
/libpath:../../srclib/openssl/out32dll
/libpath:../../srclib/openssl/out32 /base:@..\..\os\win3
2\BaseAddr.ref,mod_ssl .\Release\mod_ssl.obj
.\Release\ssl_engine_config.obj .\Release\ssl_engine_dh.obj
.\Release\ssl_e
ngine_init.obj .\Release\ssl_engine_io.obj
.\Release\ssl_engine_kernel.obj .\Release\ssl_engine_log.obj
.\Release\ssl_
engine_mutex.obj .\Release\ssl_engine_pphrase.obj
.\Release\ssl_engine_rand.obj .\Release\ssl_engine_vars.obj
.\Releas
e\ssl_expr.obj .\Release\ssl_expr_eval.obj
.\Release\ssl_expr_parse.obj .\Release\ssl_expr_scan.obj
.\Release\ssl_scac
he.obj .\Release\ssl_scache_dbm.obj
.\Release\ssl_scache_shmcb.objI:\Temp\nm18BD.tmp
echo .\Release\ssl_scache_shmht.obj .\Release\ssl_util.obj
.\Release\ssl_util_ssl.obj .\Release\ssl_util_table.o
bj .\Release\mod_ssl.res ..\..\srclib\apr\Release\libapr.lib
..\..\srclib\apr-util\Release\libaprutil.lib ..\..\Releas
e\libhttpd.lib I:\Temp\nm18BD.tmp
link.exe @I:\Temp\nm18BD.tmp
LINK : fatal error LNK1181: cannot open input file
'.\Release\ssl_expr_scan.obj'
cd ..\..
cd support
nmake -f abs.mak CFG=abs - Win32 Release
RECURSE=0 /build
.\Release Tue Jun 18 21:15:41 2002
The actual error varies ..
(before compiling with Visual Studio from the command line)
cd ..\..
cd modules\ssl
nmake -f mod_ssl.mak CFG=mod_ssl - Win32 Release
RECURSE=0 .\Release\mod_ssl.so
Microsoft (R) Program Maintenance Utility Version 7.00.9466
Copyright (C) Microsoft Corporation. All rights reserved.
if not exist .\Release/ mkdir .\Release
tempfile.bat
tempfile.bat
tempfile.bat
tempfile.bat
rc.exe /l 0x409 /fo.\Release\mod_ssl.res /d NDEBUG
.\mod_ssl.rc
cl.exe @I:\Temp\nm1A17.tmp
mod_ssl.c
ssl_engine_config.c
ssl_engine_dh.c
ssl_engine_init.c
ssl_engine_io.c
ssl_engine_kernel.c
ssl_engine_log.c
ssl_engine_mutex.c
ssl_engine_pphrase.c
ssl_engine_rand.c
ssl_engine_vars.c
ssl_expr.c
ssl_expr_eval.c
ssl_expr_parse.c
\cygnus\cygwin-b20\share\bison.simple(333) : warning C4013: 'alloca'
undefined; assuming extern returning int
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : 'Unknown'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax
Re: Apache 1.3.26 and mod_ssl
Hello there, I've patched the Apache 1.3.26 sources with mod_ssl 2.8.8 and --force Option and it works I've apply the patch for 1.3.26 sh-2.03# patch -p0 modssl-2.8.8-1.3.26-fixup.patch Looks like a unified context diff. The next patch looks like a unified context diff. The next patch looks like a unified context diff. I can't seem to find a patch in there anywhere. ... and configure apache ... ./configure --with-layout=Apache --prefix=/usr/local/apache_1.3.26 --enable-module=so --enable-module=ssl --enable-shared=max ... and run an make ... and some minutes later i got this error(s): === src/modules/ssl === src/modules gcc -c -I./os/unix -I./include -DSOLARIS2=280 -DMOD_SSL=208108 -DEAPI -DUSE_EXPAT -I./lib/expat-lite `./apaci` modules.c gcc -c -I./os/unix -I./include -DSOLARIS2=280 -DMOD_SSL=208108 -DEAPI -DUSE_EXPAT -I./lib/expat-lite `./apaci` buildmark.c gcc -DSOLARIS2=280 -DMOD_SSL=208108 -DEAPI -DUSE_EXPAT -I./lib/expat-lite `./apaci`\ -o httpd buildmark.o modules.o modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a lib/expat-lite/libexpat.a -lsocket -lnsl -lpthread -ldl Undefined first referenced symbol in file ap_ctx_new main/libmain.a(buff.o) ap_hook_callmain/libmain.a(buff.o) ap_mm_useable main/libmain.a(alloc.o) ap_ctx_get main/libmain.a(http_core.o) ap_hook_configure main/libmain.a(http_main.o) ap_hook_initmain/libmain.a(http_main.o) ld: fatal: Symbol referencing errors. No output written to httpd make[2]: *** [target_static] Error 1 make[2]: Leaving directory `/tmp/apache_update/apache_1.3.26/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/tmp/apache_update/apache_1.3.26' make: *** [build] Error 2 It looks not really good ... someone with ideas how the problem can be fixed ? If i compile without ssl support, it works. compiler: gcc 2.95.2 (should work) system: solaris 5.8 With kind regards Manuel Bernhardt On Tue, Jun 18, 2002 at 20:47:11 -0400, Cliff Woolley wrote: On Wed, 19 Jun 2002, James Bromberger wrote: Seems that the current 2.8.8 has some problems patching into some of the mod_proxy code: ./ap/Makefile.tmpl.rej ./modules/proxy/mod_proxy.c.rej ./modules/proxy/proxy_http.c.rej h... wonder why I didn't notice those before? Sigh. Anyway, attached is a patch (totally untested!) which *should* replace the missing part of the mod_ssl patch. So after you've run ./configure --force, apply this patch by going to the apache_1.3.26/ directory and running patch -p0 modssl-2.8.8-1.3.26-fixup.patch. Let me know if it works or breaks. ;) --Cliff Works! Many thanks. -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 CT IC CERT, Siemens CERT | Fax: +49 89 636 41166 D-81730 Muenchen / Germany | email : [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: modssl for apache 1.3.26
If you go to http://www.modssl.org there is a link to mod_ssl-2.8.9-1.3.26 Sincerely, Brian Vaughan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 19, 2002 1:38 AM To: [EMAIL PROTECTED] Subject: modssl for apache 1.3.26 Does anyone now when we can expect new modssl module for 1.3.26? Need to upgrade due to CA-2002-17. Would 2.8.8-1.2.24 work?? Thanks, Mark Jackson * Important Note This email (including any attachments) contains information which is confidential and may be subject to legal privilege. If you are not the intended recipient you must not use, distribute or copy this email. If you have received this email in error please notify the sender immediately and delete this email. Any views expressed in this email are not necessarily the views of AXA. Thank you. * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl-2.8.9-1.3.26
Title: mod_ssl-2.8.9-1.3.26 mod_ssl-2.8.9-1.3.26 is available for download on modssl.org This should be what most people are looking for in regards to Apache 1.3.26 !! Henning Sittler www.inscriber.com
RE: Apache 1.3.26 Upgrade Question
Hi, Please forgive my ignorance. I wish to create a file similar to the following one: Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip, namely, Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip, I need this file so that i can upgrade my current Apache 1.3.20 server with mod_ssl to Apache 1.3.26 server with mod_ssl. I do not have a VC++ 5.0 compiler on my desk and have no idea how i could get the above file from the apache_1.3.26.tar.gz and the mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files. Any help from my friends would be highly appreciated. Thanks. Bye, -Jim. From: Gilles Gros [EMAIL PROTECTED] What is really your question ? Just download the source and compile it. apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz mod SSL 2.8.9-1.3.26 : http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz Gilles Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: problem build apache_1.3.26 with modssl
Actually, you can, but your using the wrong version of mod_ssl. You will need to use mod_ssl-2.8.9-1.3.26. Hope this helps!! Drew J. Como Phone: 631-434-6600 Systems Administrator Fax: 631-434-7800 [EMAIL PROTECTED] Web: www.bascom.com Bascom Global Internet Services, Inc. When quality is the goal, winning is guaranteed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of J S Sent: Wednesday, June 19, 2002 4:57 AM To: [EMAIL PROTECTED] Subject: problem build apache_1.3.26 with modssl How do I compile mod_ssl-2.8.8-1.3.24 with apache_1.3.26? When I run configure --with-apache=../apache_1.3.26 I get the foolowing error: Configuring mod_ssl/2.8.8 for Apache/1.3.24 ./configure:Error: The mod_ssl/2.8.8 can be used for Apache/1.3.24 only. ./configure:Error: Your Apache source tree under ../apache_1.3.26 is version 1.3.26. ./configure:Hint: Please use an extracted apache_1.3.24.tar.gz tarball ./configure:Hint: with the --with-apache option, only. Does this mean I can't build apache_1.3.26 with mod-ssl compiled in? JS. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrade Question
On Thu, 20 Jun 2002, RON MCKEEVER wrote: I currently have mod_ssl-2.8.7-1.3.23(apache) deal. I have seen the security issue and the suggetions to upgrade to 2.0 or 1.3.26. Couple of questions, Please. 1. Can I just install the new apache version over my old install? And will it still use my ssl info? If by info you mean configuration, the answer is yes. If by info you mean mod_ssl itself, the answer is no. 2. Or do I need to wait for a mod_ssl-2.x.x-1.3.26 release?? There has already been one. mod_ssl 2.8.9 is out. So just grab 1.3.26 and 2.8.9, compile them with the same options you did on 1.3.23/2.8.7, and when you install it it will overwrite the old binaries but keep your old config files. (remember to back up the old install directory just in case ;) --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. what platform? unix requires nothing more than a configure in the mod_ssl directory, followed by make. Win32 is a little more cumbersome. Aryeh Aryeh Katz VASCO www.vasco.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache 1.3.26 Upgrade Question
Try GNUs compiler located at http://www.gnu.org/directory/Software_development/Compilers/ Brian Vaughan IT Administrator Wireless Generation, Inc. 26 W. 23rd. St. New York, NY 10010 http://www.wgen.net -Original Message- From: Jim Lee [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 2:59 PM To: [EMAIL PROTECTED] Subject: Re: Apache 1.3.26 Upgrade Question The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. what platform? unix requires nothing more than a configure in the mod_ssl directory, followed by make. Win32 is a little more cumbersome. Aryeh Aryeh Katz VASCO www.vasco.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
I believe if you register for it you can download the commandline version of Borland C++ for free now, although I don't know how well it supports using configure and make files. On Thu, 2002-06-20 at 14:58, Jim Lee wrote: The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. what platform? unix requires nothing more than a configure in the mod_ssl directory, followed by make. Win32 is a little more cumbersome. Aryeh Aryeh Katz VASCO www.vasco.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. you need VC. end of story. --- Aryeh Katz VASCO www.vasco.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Hi, I have been able to download and install Borland C++ 5.5 on my machine. If this is not good enough, please provide me with instructions to create the Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip file. I would somehow find a machine that has VC++ and get the job done. Thanks. Bye, -Jim. The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. you need VC. end of story. Aryeh Katz VASCO www.vasco.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Do you have to stick with 1.3.x? Or could you go to 2.0.39? It comes pre-packaged with a windows installer. All you would have to add is the mod_ssl dll. Sorry if I missed this info in earlier posts. Aryeh Katz wrote: The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. you need VC. end of story. --- Aryeh Katz VASCO www.vasco.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Hi Jim On Thu, 20 Jun 2002 17:48:38 + Jim Lee [EMAIL PROTECTED] wrote: Hi, Please forgive my ignorance. I wish to create a file similar to the following one: Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip, namely, Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip, I need this file so that i can upgrade my current Apache 1.3.20 server with mod_ssl to Apache 1.3.26 server with mod_ssl. I do not have a VC++ 5.0 compiler on my desk and have no idea how i could get the above file from the apache_1.3.26.tar.gz and the mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files. I've got a VC++ 6.0 compiler at my desk and have already compiled the stuff myself before on W32. I will do this tomorrow, however I will use openssl 0.9.6d I'll try to put it in the contrib area. Bye Tim Any help from my friends would be highly appreciated. Thanks. Bye, -Jim. From: Gilles Gros [EMAIL PROTECTED] What is really your question ? Just download the source and compile it. apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz mod SSL 2.8.9-1.3.26 : http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz Gilles Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Do you have to stick with 1.3.x? Or could you go to 2.0.39? It comes pre-packaged with a windows installer. All you would have to add is the mod_ssl dll. without a comiler, this isn't going to do him any good. He needs a compiler, or a binary version. There is no binary version of mod_ssl, and seemingly, none of 1.3.26. Best advice is to somehow get the compiler, and follow the instructions in INSTALL.win32. --- Aryeh Katz VASCO www.vasco.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache 1.3.26 Upgrade Question
This should help you out. The 1.0.2b2 version of OpenSA available at http://www.opensa.org/development/news/97.html contains pre-built Windows binaries for Apache 1.3.26, mod_ssl 2.8.9, and OpelSSL 0.9.6c. It also has a nice graphical installer and comes with pre-built versions of several other Apache modules. Highly recommended! Thanks to Daniel Reichenbach for building this very nice package and for responding quickly to create a new version yesterday. - Geoff -Original Message- From: Jim Lee [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 3:22 PM To: [EMAIL PROTECTED] Subject: Re: Apache 1.3.26 Upgrade Question Hi, I have been able to download and install Borland C++ 5.5 on my machine. If this is not good enough, please provide me with instructions to create the Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip file. I would somehow find a machine that has VC++ and get the job done. Thanks. Bye, -Jim. The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. you need VC. end of story. Aryeh Katz VASCO www.vasco.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: modssl for apache 2.0.39
ModSSL for apache 2.0.39 is including with apache source code. Chris Hsiang From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Fred Quimby Sent: Thursday, June 20, 2002 3:29 PM To: [EMAIL PROTECTED] Subject: modssl for apache 2.0.39 Does anyone now when we can expect new modssl module for 2.0.39 or is there already one I can use? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
Thanks a lot Tim. Words cannot express the sense of relief and gratitude that i am feeling right now. I would be eagerly looking tomorrow for the file : Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip at the following location : http://www.modssl.org/contrib/ Thanks a million again. Bye, -Jim. Hi Jim On Thu, 20 Jun 2002 17:48:38 + Jim Lee [EMAIL PROTECTED] wrote: Hi, Please forgive my ignorance. I wish to create a file similar to the following one: Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip, namely, Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip, I need this file so that i can upgrade my current Apache 1.3.20 server with mod_ssl to Apache 1.3.26 server with mod_ssl. I do not have a VC++ 5.0 compiler on my desk and have no idea how i could get the above file from the apache_1.3.26.tar.gz and the mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files. I've got a VC++ 6.0 compiler at my desk and have already compiled the stuff myself before on W32. I will do this tomorrow, however I will use openssl 0.9.6d I'll try to put it in the contrib area. Bye Tim Any help from my friends would be highly appreciated. Thanks. Bye, -Jim. From: Gilles Gros [EMAIL PROTECTED] What is really your question ? Just download the source and compile it. apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz mod SSL 2.8.9-1.3.26 : http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz Gilles Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[no subject]
Luis E. Alvarez 651.683.6311 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
how do I remove myself from the list?
Luis E. Alvarez 651.683.6311 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how do I remove myself from the list?
Title: RE: how do I remove myself from the list? http://www.modssl.org/support/ Henning Sittler www.inscriber.com -Original Message- From: Alvarez, Luis [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 3:47 PM To: [EMAIL PROTECTED] Subject: how do I remove myself from the list? Luis E. Alvarez 651.683.6311 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question - Thanks
Thanks a lot Tim. Words cannot express the sense of relief and gratitude that i am feeling right now. I would be eagerly looking tomorrow for the file : Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip at the following location : http://www.modssl.org/contrib/ Thanks a million again. Bye, -Jim. Hi Jim On Thu, 20 Jun 2002 17:48:38 + Jim Lee [EMAIL PROTECTED] wrote: Hi, Please forgive my ignorance. I wish to create a file similar to the following one: Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip, namely, Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip, I need this file so that i can upgrade my current Apache 1.3.20 server with mod_ssl to Apache 1.3.26 server with mod_ssl. I do not have a VC++ 5.0 compiler on my desk and have no idea how i could get the above file from the apache_1.3.26.tar.gz and the mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files. I've got a VC++ 6.0 compiler at my desk and have already compiled the stuff myself before on W32. I will do this tomorrow, however I will use openssl 0.9.6d I'll try to put it in the contrib area. Bye Tim Any help from my friends would be highly appreciated. Thanks. Bye, -Jim. From: Gilles Gros [EMAIL PROTECTED] What is really your question ? Just download the source and compile it. apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz mod SSL 2.8.9-1.3.26 : http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz Gilles Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. Thanks. Bye, -Jim. On Wed, 19 Jun 2002, Jim Lee wrote: We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the http://www.modssl.org/contrib/ area. Nobody's contributed one yet. I imagine it won't be that far off, it usually doesn't take too long. We also wish to know if the SSL certificate has to be re-created after Apache is upgraded to 1.3.26 with the new mod_SSL. No. --Cliff _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how do I remove myself from the list?
At 02:46 PM 6/20/02 -0500, you wrote: Luis E. Alvarez 651.683.6311 You could set your anti-spam filter to not let anything through that is coming from this list. Just thought I give an answer that matches the question ;) I hope another time I'll have something smarter to contribute. - Leo Baschy __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [BugDB] PRIVATE: apache 1.3.26 (PR#720)
On Wed, Jun 19, 2002 at 01:38:07AM +0200, [EMAIL PROTECTED] wrote: Full_Name: Michael Duncan Version: 2.8.8 OS: RedHat 7.2 Submission from: (NULL) (216.224.74.74) I was trying to apply the latest apache 1.3.26 to my server and the mod_ssl is not allowing the install. Is there any time line on when mod_ssl will support 1.3.26? It is available from http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL for apache 2.0.39
I downloaded the binary for RedHat for 2.0.39 and installed it on RedHat 7.1. For some reason apache will not start listening on 443! Its driving me crazy. It works fine for port 80 just not 443. Do I need to download something in addition? I am trying to use ./apachectl startssl to start it up Jess _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
to much asking my certificate
Hello My apache with ModSSL (mod_ssl-2.8.5-1.3.22) work fine but it asks me at every page (sometime 2 times) my certificate. I have increase SSLsessionCache but it does no effect Anybody got an idea ? thank you in advance -xj -- Xavier Jeannin UREC/CNRS Université P. M. Curie - Tour 65/66 - 4ième étage Courrier : case 171 4, place Jussieu - 75252 PARIS CEDEX 05 Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 [EMAIL PROTECTED] _ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLRequire use to enforce SSL for almost all files
Hi!
On Tue, Jun 18, 2002 at 04:12:43PM +0200, Lars Povlsen wrote:
I tried putting the following in a .htaccess file:
SSLRequire %{SCRIPT_FILENAME} !~ m/(signon|get_swimg|get_disksw)\.php$/
It did *not* work as intended..., I could still use non-ssl access to
arbitrary scripts
That may be because SCRIPT_FILENAME is not in the list of
variables supported by SSLRequire (see
http://www.modssl.org/docs/2.8/ssl_reference.html#table3)
Have you tried using REQUEST_URI instead?
Ciao
Thomas
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
[BugDB] Broken stdout when using https and http (PR#721)
Full_Name: Alex Barylo Version: 2.8.8-1.3.24 OS: Red Hat 6.2 Submission from: (NULL) (170.115.249.14) PROBLEM === Sorry for a lot of details, thought you might need them. I have a small FTP site writen in Perl using Apache::Registry. The site is one script that gets invoked all over again. First page is a login form. It POST's user name and password via https://. After successfull authentication the script spits out a frame set with two frames. Frame pull their pages through http://. The problem described below occures only when I use both https and http. If I use only http, or only https - everything works fine. When it appears, most of the time extra characters are added after new-line char (\n). If it's a big listing, often there is a pattern. This is a regular output line: a href=http://123.456.78.901/perl/parftp?sid=e564c755bc21c08628ddb4afafe47e2b;get_file=1c78d1ddbf60ae0b33f954ba041feec1/00397.par_1401.pgp00397.par_1401.pgp/a 15.15 Kb Feb 27 2001 17:44 followed by 0xa. Its length is 208 bytes (excluding '\n'). After 19 lines I get this (1): 0x0a 0x0d 0x0a 0x64 0x31 0x0d 0x0a, then one line, then this (2): 0x0a 0x0d 0x0a 0x66 0x38 0x33 0x0d 0x0a. Then another block of 19 lines, followed by sequence (1), then one line, followed by sequence (2), etc. These sequences may or may not remain the same for the subsequent requests. Looks like junk from memory. Sometimes I get this: a href=http://123.456.78.901//123.456.78.901/perl/parftp?sid=e564c755bc21c08628ddb4afafe47e2b;get_file=1c78d1ddbf60ae0b33f954ba041feec1/00397.par_1502.pgp00397.par_1502.pgp/a 31.98 Kb Feb 27 2001 17:44 or this: a href=httc08628ddb4afafe47e2b;get_file=1c78d1ddbf60ae0b33f954ba041feec1/00397.par_1085.pgp00397.par_1085.pgp/a 2.00Kb Feb 27 2001 17:38 If anybody interested, I have dumps what was sent by server, I can make new ones, I can run tests, try this or that, etc. CONFIG == apache_1.3.24 mm-1.1.3 (tried without this library - same result) perl 5.6.1 mod_perl-1.27 mod_ssl-2.8.8-1.3.24 openssl-0.96d OS: Red Hat 6.2 kernel: 2.2.18 gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) glibc-2.1.2-11 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
loading own Object IDs
Hello, In OpenSSL you can load own object identifiers. Is there a way to load them with mod_ssl ? for example: I want the OID 2.5.4.17 (id-at-postalCode) to be known (and printed) as PC. Bye Goetz -- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 smime.p7s Description: S/MIME Cryptographic Signature
Unable to estabish a SSL session
Title: Unable to estabish a SSL session Hi, I try to replace an IBM edge server reverse proxy, by an APACHE 2.0.36 / Mod_proxy / Mod_ssl / openssl 0.9.6d. The Reverse proxy deal the SSL part with client, and work with my back end Server in HTTP. I have 3 type of client which reach the Reverse Proxy : Standard Browsers, Java client and CGI client. All of them call the same URL: https://.. All 3 client work fine with IBM Reverse Proxy. Only 2 of 3 clients work fine with Apache Reverse Proxy: Iam not able to find why the CGI client cannot establish an SSL session ! Im searching some news ways to find the solution: a new trace, some particulary settings, etc Does someone knows how to read through the BIO DUMP ? Here are the 3 traces from the 3 clients ( ssl_engine_log ): ##From an IE 6 Browsers## [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Handshake: start [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: before/accept initialization [20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 11/11 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows) +-+ | : 16 03 00 00 61 01 00 00-5d 03 a...]. | | 000b - SPACES/NULS +-+ [20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 91/91 bytes from BIO#301A2CC8 [mem: 301AC733] (BIO dump follows) +-+ | : 3d 11 be 01 d5 f6 b1 23-d5 62 52 d3 b1 4b d7 7d =..#.bR..K.} | | 0010: dc bd 91 70 ea 40 df 3e-3d a2 21 a6 bd 40 db e2 ...p.@.=.!..@.. | | 0020: 20 29 bf bf 69 76 ad 4e-3e 78 73 1d 80 68 10 db )..iv.Nxs..h.. | | 0030: 44 41 68 8d f0 62 2f 96-c2 81 1a fa 2d a0 f1 f4 DAh..b/.-... | | 0040: 1b 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00 d.b. | | 0050: 03 00 06 00 13 00 12 00-63 01 c. | | 005b - SPACES/NULS +-+ [20/Jun/2002 13:31:25 14914] [trace] Inter-Process Session Cache: request=GET status=FOUND id=29BFBF6976AD4E3E78731D806810DB4441688DF0622F96C2811AFA2DA0F1F41B (session reuse) [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read client hello A [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write server hello A [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write finished A [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 flush data [20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows) +-+ | : 14 03 00 00 01 . | +-+ [20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 1/1 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows) +-+ | : 01 . | +-+ [20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows) +-+ | : 16 03 00 00 38 8 | +-+ [20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 56/56 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows) +-+ | : 13 3a af b4 52 6a a1 f9-40 8b 29 2b 03 3f 36 f8 .:..Rj..@.)+.?6. | | 0010: bc e0 2c 98 c1 ba 88 d8-db ff 43 5d 01 af 36 47 ..,...C]..6G | | 0020: 76 81 2d 1b b1 a9 b1 75-fb 1c b6 49 70 04 d5 30 v.-u...Ip..0 | | 0030: da fa cd a0 82 98 12 ae- | +-+ [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read finished A [20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Handshake: done #FROM a JAVA client ### [20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Handshake: start [20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: before/accept initialization [20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 11/11 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows) +-+ | : 16 03 01 00 5d 01 00 00-59 03 01 ]...Y.. | +-+ [20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 87/87 bytes from BIO#301A2CC8 [mem: 301AC733] (BIO dump follows)
Re: SSL for apache 2.0.39
On Wed, 19 Jun 2002, Jess Williams wrote: I downloaded the binary for RedHat for 2.0.39 and installed it on RedHat 7.1. For some reason apache will not start listening on 443! Its driving me crazy. It works fine for port 80 just not 443. Do I need to download something in addition? I am trying to use ./apachectl startssl to start it up Don't be so lazy smile dump the rmp's, meaning uninstall em and grab the apache source and openssl source and hand compile, all should function then. Thanks, Ron DuFresne -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Trouble building on Win32
I'm trying to bld 2.8.9-1.3.26 on Windows 2000 server with VC++ 7.0 installed. I'm running into the following issues: 1) When patching the sources I get the following: |+-- - || First patch APACI's configuration script to pass a `ssl' flag || to the Makefile.tmpl file which indicated whether mod_ssl is || activated or not. Second we add support for the SSL_BASE and || RSA_BASE variables. Third we provide the configuration || adjustments of the HTTPS port (443) similar to what is || already done by APACI for the HTTP port (80). |+-- - |Index: configure |--- configure 19 Jun 2002 07:20:10 - 1.1.1.14 |+++ configure 19 Jun 2002 07:29:07 - 1.26 -- File to patch: If I ignore that and skip that patch I get another issue here: |+-- - || Here we first incorporate support for the `make certificate' || procedure and second support for the `make install' procedure || where SSL directives in the configuration files are now also || adjusted and SSL certs/keys and support programs are now || additionally installed. |+-- - |Index: Makefile.tmpl |--- Makefile.tmpl 27 Mar 2002 15:22:49 - 1.1.1.12 |+++ Makefile.tmpl 27 Mar 2002 15:30:01 - 1.44 -- File to patch: If I skip/ignore that I get another one: | |+-- - || Add additional SSL configuration directives which provide a || robust default configuration: virtual server on port 443 || which speaks SSL. |+-- - |Index: conf/httpd.conf-dist |--- conf/httpd.conf-dist 27 Mar 2002 15:22:49 - 1.1.1.14 |+++ conf/httpd.conf-dist 27 Mar 2002 15:30:01 - 1.65 -- File to patch: For this one I directed it to patch conf/httpd.conf-dist-win and that seemed to work ok. After this the rest of the patch process completes and I am directed to build Apache. While building apache I get the following error: cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS /DSHARED_M ODULE /DEAPI /DMOD_SSL=208109 /DMOD_SSL_VERSION=\2.8.9\ /I..\..\include /I..\. .\os\win32 /Ic:\silverback\openssl\include mod_ssl.c mod_ssl.c c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2061: syntax error : identifier 'HRESULT' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2059: syntax error : ';' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2061: syntax error : identifier 'HCRYPTPROV' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2059: syntax error : ';' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2061: syntax error : identifier 'HCRYPTKEY' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2059: syntax error : ';' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h Any thoughts on these issues? Thanks, -Noah __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Trouble building on Win32
Is your win32 build environment set on the command line? It looks like something is wrong with your include path. run set, and see whether or not the correct value for include shows up. I'm trying to bld 2.8.9-1.3.26 on Windows 2000 server with VC++ 7.0 installed. I'm running into the following issues: 1) When patching the sources I get the following: |+ -- - || First patch APACI's configuration script to pass a `ssl' flag || to the Makefile.tmpl file which indicated whether mod_ssl is || activated or not. Second we add support for the SSL_BASE and || RSA_BASE variables. Third we provide the configuration || adjustments of the HTTPS port (443) similar to what is || already done by APACI for the HTTP port (80). |+ -- - |Index: configure |--- configure 19 Jun 2002 07:20:10 - 1.1.1.14 |+++ configure 19 Jun 2002 07:29:07 - 1.26 -- File to patch: If I ignore that and skip that patch I get another issue here: |+ -- - || Here we first incorporate support for the `make certificate' || procedure and second support for the `make install' procedure || where SSL directives in the configuration files are now also || adjusted and SSL certs/keys and support programs are now || additionally installed. |+ -- - |Index: Makefile.tmpl |--- Makefile.tmpl 27 Mar 2002 15:22:49 - 1.1.1.12 |+++ Makefile.tmpl 27 Mar 2002 15:30:01 - 1.44 -- File to patch: If I skip/ignore that I get another one: | |+ -- - || Add additional SSL configuration directives which provide a || robust default configuration: virtual server on port 443 || which speaks SSL. |+ -- - |Index: conf/httpd.conf-dist |--- conf/httpd.conf-dist 27 Mar 2002 15:22:49 - 1.1.1.14 |+++ conf/httpd.conf-dist 27 Mar 2002 15:30:01 - 1.65 -- File to patch: For this one I directed it to patch conf/httpd.conf-dist-win and that seemed to work ok. After this the rest of the patch process completes and I am directed to build Apache. While building apache I get the following error: cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS /DSHARED_M ODULE /DEAPI /DMOD_SSL=208109 /DMOD_SSL_VERSION=\2.8.9\ /I..\..\include /I..\. .\os\win32 /Ic:\silverback\openssl\include mod_ssl.c mod_ssl.c c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2061: syntax error : identifier 'HRESULT' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2059: syntax error : ';' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2061: syntax error : identifier 'HCRYPTPROV' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2059: syntax error : ';' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2061: syntax error : identifier 'HCRYPTKEY' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2059: syntax error : ';' c:\Program Files\Microsoft Visual Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h Any thoughts on these issues? Thanks, -Noah __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] --- Aryeh Katz VASCO www.vasco.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache 1.3.26/mod_ssl-2.8.9-1.3.26 segfault
Hi,
Per the recently announced vulnerability in versions of apache 1.3.26,
I decided to be a happy little prole and update all of my webservices.
Unpacking clean source for apache, mod_ssl and mod_perl-1.26, I upgraded
the packages like I always do:
apply mod_ssl to apache, apply mod_perl to apache, compile apache,
install apache, compile mod_ssl apxs module.
however, this time around, upon running ./apachetel startssl, apache
segfaulted:
275 [HAL:root](/usr/apache):./bin/apachectl startssl
./bin/apachectl: line 184: 4423 Segmentation fault $HTTPD -DSSL
./bin/apachectl startssl: httpd could not be started
apache starts fine without ssl enabled.
Here's an strace:
...
...
...
[snip]
stat(/usr/apache/conf/access.conf, {st_mode=S_IFREG|0600, st_size=348,
...}) = 0
lstat(/usr/apache/conf/access.conf, {st_mode=S_IFREG|0600,
st_size=348, ...}) = 0
open(/usr/apache/conf/access.conf, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=348, ...}) = 0
fstat(3, {st_mode=S_IFREG|0600, st_size=348, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4019f000
read(3, ##\n## access.conf -- Apache HTTP..., 4096) = 348
read(3, , 4096) = 0
close(3)= 0
munmap(0x4019f000, 4096)= 0
brk(0x80f7000) = 0x80f7000
pipe([3, 4])= 0
fork() = 4494
close(3)= 0
fcntl(4, F_GETFL) = 0x1 (flags O_WRONLY)
fstat(4, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4019f000
_llseek(4, 0, 0xbfffda00, SEEK_CUR) = -1 ESPIPE (Illegal seek)
dup2(4, 2) = 2
pipe([3, 5])= 0
fork() = 4495
close(3)= 0
fcntl(5, F_GETFL) = 0x1 (flags O_WRONLY)
fstat(5, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x404ac000
_llseek(5, 0, 0xbfffda00, SEEK_CUR) = -1 ESPIPE (Illegal seek)
open(/var/adm/https.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
fcntl(3, F_DUPFD, 15) = 15
close(3)= 0
fcntl(15, F_GETFL) = 0x401 (flags
O_WRONLY|O_APPEND)
fstat(15, {st_mode=S_IFREG|0644, st_size=11391310, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x404ad000
_llseek(15, 0, [0], SEEK_CUR) = 0
munmap(0x404ad000, 4096)= 0
time(NULL) = 1024609805
open(/etc/localtime, O_RDONLY)= 3
read(3, TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0..., 44)
= 44
read(3, \236\246,\200\237\272\371p\240\206\16\200\241\232\333p...,
1170) = 1170
fstat(3, {st_mode=S_IFREG|0644, st_size=1262, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x404ad000
read(3, \377\377\271\260\1\0\377\377\253\240\0\4\377\377\271\260...,
4096) = 48
close(3)= 0
munmap(0x404ad000, 4096)= 0
getpid()= 4493
write(15, [20/Jun/2002 16:50:05 04493] [in..., 110) = 110
time(NULL) = 1024609805
getpid()= 4493
write(15, [20/Jun/2002 16:50:05 04493] [in..., 82) = 82
time(NULL) = 1024609805
getpid()= 4493
write(15, [20/Jun/2002 16:50:05 04493] [in..., 72) = 72
brk(0x80f8000) = 0x80f8000
brk(0x80f9000) = 0x80f9000
brk(0x80fa000) = 0x80fa000
brk(0x80fb000) = 0x80fb000
brk(0x80fd000) = 0x80fd000
brk(0x80fb000) = 0x80fb000
brk(0x80fd000) = 0x80fd000
time(NULL) = 1024609805
getpid()= 4493
write(15, [20/Jun/2002 16:50:05 04493] [in..., 119) = 119
open(/etc/ssl/www.cert, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=1493, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x404ad000
read(3, -BEGIN CERTIFICATE-\nMIIE..., 4096) = 1493
brk(0x80fe000) = 0x80fe000
brk(0x80ff000) = 0x80ff000
close(3)= 0
munmap(0x404ad000, 4096)= 0
open(/etc/ssl/www.key, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=887, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x404ad000
read(3, -BEGIN RSA PRIVATE KEY-\n..., 4096) = 887
close(3)= 0
munmap(0x404ad000, 4096)= 0
time(NULL)
Re: Apache 1.3.26/mod_ssl-2.8.9-1.3.26 segfault
On Thu, 20 Jun 2002 [EMAIL PROTECTED] wrote: Per the recently announced vulnerability in versions of apache 1.3.26, I decided to be a happy little prole and update all of my webservices. Unpacking clean source for apache, mod_ssl and mod_perl-1.26, I upgraded the packages like I always do: write(15, [20/Jun/2002 16:50:05 04493] [in..., 95) = 95 brk(0x8109000) = 0x8109000 open(./php.ini, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/php.ini, O_RDONLY) = -1 ENOENT (No such file or directory) brk(0x810a000) = 0x810a000 brk(0x810b000) = 0x810b000 brk(0x810c000) = 0x810c000 brk(0x810d000) = 0x810d000 ... brk(0x8123000) = 0x8123000 brk(0x8125000) = 0x8125000 brk(0x8126000) = 0x8126000 --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ Sounds like PHP is borked. Try building a new copy. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Expired and Revoked Certificates
On Thu, Jun 20, 2002 at 10:04:40AM -0500, Mary Peterson wrote: I have two issues that I wondered if anyone could assist me with: When I test a revoked client certificate against the CRL I get a Security Alert Message that says 'The security certificate for this site has been revoked. This site should not be trusted.' It's a bug with Internet Explorer. I noticed it too. If you used Mozilla - you'd see it report your certificate has expired - i.e. a correct response. Also, when I test an expired client certificate it brings back a 'Page Cannot be Displayed' error message. Does anyone know how I can get it to return a 'Your certificate has expired' error message in place of the 'Page Cannot be Displayed' message? Pretty hard. As your cert has expired, then there is no channel over which to send you that HTML :-) Nope, I'm afraid nothing but the client can give that information. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
