Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
Hi, > when I installed red hat's 1.3.22 apache rpm, it does in fact include a > libssl.so module, which does get loaded in the httpd.conf.ssl file on > the system. (I was looking for mod_ssl.so). Are you sure?? I have the latest RPM from RedHat (apache-1.3.22-5.6) and it does not contain any file which has 'ssl' in its name. Maybe you still have an old version of libssl.so on your system. This could also explain the crashes you see. Good luck, Sander. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
Sander Steffann wrote: >>Shaun Erickson wrote: >> >>when I installed red hat's 1.3.22 apache rpm, it does in fact include a >>libssl.so module, which does get loaded in the httpd.conf.ssl file on >>the system. (I was looking for mod_ssl.so). >> > >Are you sure?? I have the latest RPM from RedHat (apache-1.3.22-5.6) and it >does not contain any file which has 'ssl' in its name. Maybe you still have >an old version of libssl.so on your system. This could also explain the >crashes you see. > Yes, that's exactly what I discovered later. The more I dug into the problem, the more I learned and understood. To get my server working again, I downloaded the rpm for the older version I'd been running, from Red Hat, and re-installed that. Everything is fine again. Now, I am learning how to build the server and extra modules from source, so that I: 1) learn how to do it, 2) have the latest releases to draw upon, instead of Red Hat's lagged-behind software, with back-ported patches, 3) know exactly how everything is built. My client will get a nicely running server that meets his needs, and I will have learned quite a bit, which goes right to the bottom-line of my resume. :) -ste __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Success (Was: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2)
I wrote: > Now, I am learning how to build the server and extra modules from > source, so that I: 1) learn how to do it, 2) have the latest releases > to draw upon, instead of Red Hat's lagged-behind software, with > back-ported patches, 3) know exactly how everything is built. And I have now, after a few hours of hair pulling, succeeded in building an apache_1.3.26/mm-1.1.3/openssl-0.9.6d/mod_ssl-2.8.10-1.3.26 server. Now I have to learn how to add php-4.2.1 & mod_perl-1.27 to this mix. This isn't easy, but a little bit of success sure starts to make it fun. :) -ste > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache 1.3.26+mod_ssl 2.8.9 + vhost problem
Hello! I've got problems using $SUBJECT together. System is: - Debian Woody, security upgraded Apache and mod_ssl - related packeges: ii apache 1.3.26-0woody1 Versatile, high-performance HTTP server ii apache-common 1.3.26-0woody1 Support files for all Apache webservers ii libapache-mod- 1.0.3-3A DAV module for Apache ii libapache-mod- 2.8.9-2Strong cryptography (HTTPS support) for Apac I can't live without SSL because I provide file upload to virtual hosts via DAV, and don't want that somebody sniff one of my user's passwd. Don't complain: they are not able to use SSL keys so I can't authenticate them in ths way. So I need SSL. What happens when I have all modules enabled: [Mon Jul 15 00:21:52 2002] [error] mod_ssl: Init: (www.xy.hu:80) Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) Related directives: Listen 443 (previously 30443 packets redirected via ipchains/iptables = it wasn't necessary to start is as root) Listen 80 (prev.: 30080) BindAddress * LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so LoadModule access_module /usr/lib/apache/1.3/mod_access.so LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so LoadModule dav_module /usr/lib/apache/1.3/libdav.so LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so Port 80 (Previously 30080) ServerName T.X.Y.Z (numeric IPv4 address) DocumentRoot /var/www/ Options SymLinksIfOwnerMatch AllowOverride None Options Includes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all SSLEngine on SSLCACertificateFile conf/ssl.crt/ca.crt SSLCertificateKeyFile conf/ssl.key/server.key SSLCertificateFile conf/ssl.crt/server.crt SSLLog /var/log/apache/ssl_log SSLLogLevel warn NameVirtualHost T.X.Y.Z:80 Include virt/ In directory virt: virtserver1.conf virtserver2.conf etc. Example virtserver (only the name and IP address removed): ServerName www.domainname.hu ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/virtuals/domainname/html AllowOverride AuthConfig FileInfo Limit Options FollowSymLinks Any ideas? I've seen a similar thread in the archives without the answer. Thanks, Ago __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26+mod_ssl 2.8.9 + vhost problem
On Sun, Jul 14, 2002 at 11:30:05PM +0200, Deim Agoston <[EMAIL PROTECTED]> wrote: OK, it's solved. For the sake of archive, here it is: - don't write SSLEngine into the main server config - use a virtualhost for this directive - create the virtualhost you want use for the purpose to access it via HTTPS A simple config file looks like this (with real names): ServerName webadmin.lsc.hu ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/webadmin/ #SSL beallitasok SSLEngine on SSLCACertificateFile conf/ssl.crt/ca.crt SSLCertificateKeyFile conf/ssl.key/server.key SSLCertificateFile conf/ssl.crt/server.crt SSLLog /var/log/apache/ssl_log SSLLogLevel warn Bye, Ago __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
compile of openssl-0.9.6d stops
Hi: Thanks all for earlier help to compile Apache and openssl-0.9.6d under Windows. I found awk and got it installed which made things a lot better :-o) I think I'm well on my to getting the project to compile using Microsoft Visual C++ v.6 and MASM, but I ran into a slight glitch. I followed the directions as best I could to compile form the command line, and managed to get the project about half compiled before I ran into the problem listed below. Compilation fails after what seems to be about 50% completion and the compilers throws up the following error box (see below)... Any ideas? The compilation seemed to be proceeding real well up to this point. ERROR MESSAGE BOX APPEARS AND TERMINATES COMPILATION (funny spelling ...CompuuerName... I was unable to find where it came from.) cmd.exe entry point not found The procedure entry point RtlDnsHostNameToCompuuerName could not be located in the dynamic link library NTDLL.DLL THE MAKEFILE COMMAND BEING EXECUTED WHEN COMPILATION FAILURE OCCURS WAS AS BELOW: cl /Fotmp32dllx509_cmp.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -D_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DSO_WIN32 -DBN_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\x509_cmp.c nmake : fatal error U1077: 'cl' : return code '0x80' Stop. Bill Angushttp://www.psychtest.com
FreeBSD SSL_Connect drama
Hi, This problem doesn't sound like it should be that uncommon, but I can't find any information on it. Environment: FreeBSD 4.4, Apache 1.3.24, Mod SSL 2.8.8-1.3.24 [the right one?] Behaviour: "You cannot connect to sol.gropep.com.au because of an unknown SSL error [-12281]" Looking at the situation with openssl s_client I get: sol# openssl s_client -connect sol.gropep.com.au:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0808D4C0 [0809E000] (124 bytes => 124 (0x7C)) - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .zQ... . 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .f.. 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...e..d. 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`. 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ..@. 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 66 47 70 ab fGp. 0060 - 9a 01 13 69 a4 cb 78 16-98 f8 35 5e 7b 24 7a d0 ...i..x...5^{$z. 0070 - a7 fa 83 48 6a bf 36 32-a3 3e 3f 8d ...Hj.62.>?. SSL_connect:SSLv2/v3 write client hello A read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7)) - 0d 0a 0d 0a 3c 21 44 http://www.evolved.com.au/ Phone +61 8 8363 0616 Fax +61 8 8132 1497 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] Views expressed in this message are those of the individual sender, except where the sender specifically states otherwise. _ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
CCT issues with netscape and mod_ssl Urgent - On our production system.
Hello, I'm getting the following errors with netscape v 6.2.3 and 7 pre when ssl connecting to my web server. There is a problem with the cct that identifies www.bawonwater.vic.gov.au do you want to continue? The certificate was issued by a certificate authority that netscape 6.2.3 does not recognize. Can anyone help? I need to resolve this quickly. I'm sure this was not happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the security alert came out. Perhaps I missed something when I performed a make install over the top of the old version. -- Christopher Welsh Barwon Regional Water Authority, Geelong Victoria, 3216 Voice: 03 52 262385, Mobile: 0409 562968 * The information in this e-mail message and any files transmitted with it are confidential and/or privileged and are intended only for the use of the individual or entity to whom they are addressed. If you received this message in error please notify us immediately by telephone or return e-mail and delete all copies from your computer system, as your retention, distribution or copying of this message and files is strictly prohibited. It is the recipient's responsibility to check this message and files for viruses. *** __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: mod ssl for windows
...this _does_ work with mod_jserv, as long as it's compiled with -DEAPI. binaries are available in the modssl contributions section. rgds michael > -Ursprungliche Nachricht- > Von: Noah White [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 11. Juli 2002 16:40 > An: '[EMAIL PROTECTED]' > Betreff: RE: mod ssl for windows > > > > Just as an FYI. This does not work with mod_jserv. > > > -Original Message- > > From: JOURDAIN Philippe [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, July 11, 2002 10:41 AM > > To: [EMAIL PROTECTED] > > Subject: RE: mod ssl for windows > > > > > > > http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-Ope nSSL_0.9.6d- > Wi > n32.zip > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: CCT issues with netscape and mod_ssl Urgent - On our productionsystem.
On Mon, 15 Jul 2002, Christopher Welsh wrote: > The certificate was issued by a certificate authority that netscape > 6.2.3 does not recognize. > > Can anyone help? I need to resolve this quickly. I'm sure this was not > happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the > security alert came out. Perhaps I missed something when I performed a > make install over the top of the old version. You seem to now be using an invalid (possibly self-signed?) server certificate. Did you run "make certificate" by chance? You shouldn't have. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: CCT issues with netscape and mod_ssl Urgent - On our productionsystem.
Cliff, Here is what I did. Any ideas what I can do to quickly fix it? On 1.3.24 I ran make certificate TYPE=custom, and sent the csr off to esign be signed, but not this time because I wanted to keep the keys esigned keys. Not so funny thing is that it is that ALL is well when I get there on MSIE browsers. cd apache_1.3.26 cd ../../mod_ssl gunzip mod_ssl-2.8.10-1.3.26.tar.gz tar -vxf mod_ssl-2.8.10-1.3.26.tar cd mod_ssl-2.8.10-1.3.26 make clean less INSTALL # Read the INSTALL file cd ../../openssl/openssl-0.9.6b make clean # Used gcc. Gcc supports position independant code flag. ./Configure no-threads solaris-sparcv9-gcc -fPIC make make test cd ../../mm/mm-1.1.3 ./configure --disable-shared make cd ../../mod_ssl/mod_ssl-2.8.10-1.3.26 # --enable-rule=SHARED_CORE ./configure --with-apache=../../apache/apache_1.3.26 cd ../../apache/apache_1.3.26 env LIBS=/usr/lib/libC.so.5 CFLAGS=-fPIC SSL_BASE=../../openssl/openssl-0.9.6b ./configure --enable-module=ssl --enable-module=so --enable-shared=ssl --enable -module=rewrite --prefix=/opt/apache --runtimedir=/var/opt/apache --logfiledir=/ var/opt/apache make make install # ls -l ssl.crt total 548 lrwxrwxrwx 1 root root 19 Jul 1 17:16 0cf14d7d.0 -> snakeoil-ca-dsa.crt lrwxrwxrwx 1 root root 6 Jul 1 17:16 27c9619a.0 -> ca.crt lrwxrwxrwx 1 root root 16 Jul 1 17:16 5d8360e1.0 -> snakeoil-dsa.crt lrwxrwxrwx 1 root root 16 Jul 1 17:16 82ab5372.0 -> snakeoil-rsa.crt -rw-r--r-- 1 root root1522 Feb 27 16:53 Makefile -rw-r--r-- 1 root root1386 Feb 27 16:53 README.CRT lrwxrwxrwx 1 root root 10 Jul 1 17:16 c5f0b2a4.0 -> server.crt -r 1 root root 242153 Feb 27 16:53 ca-bundle.crt -r 1 root root1318 Feb 27 16:54 ca.crt lrwxrwxrwx 1 root root 19 Jul 1 17:16 e52d41d0.0 -> snakeoil-ca-rsa.crt -r 1 root root1874 Feb 28 12:05 server.crt -r 1 root root1874 Feb 28 09:15 server.crt.esign -r 1 root root1298 Feb 27 16:54 server.crt.orig -r 1 root root1472 Feb 27 16:54 snakeoil-ca-dsa.crt -r 1 root root1192 Feb 27 16:53 snakeoil-ca-rsa.crt -r 1 root root1452 Feb 27 16:54 snakeoil-dsa.crt -r 1 root root1176 Feb 27 16:54 snakeoil-rsa.crt Cliff Woolley wrote: >On Mon, 15 Jul 2002, Christopher Welsh wrote: > > > >>The certificate was issued by a certificate authority that netscape >>6.2.3 does not recognize. >> >>Can anyone help? I need to resolve this quickly. I'm sure this was not >>happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the >>security alert came out. Perhaps I missed something when I performed a >>make install over the top of the old version. >> >> > >You seem to now be using an invalid (possibly self-signed?) server >certificate. Did you run "make certificate" by chance? You shouldn't >have. > >--Cliff > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > > -- Christopher Welsh Barwon Regional Water Authority, Geelong Victoria, 3216 Voice: 03 52 262385, Mobile: 0409 562968 * The information in this e-mail message and any files transmitted with it are confidential and/or privileged and are intended only for the use of the individual or entity to whom they are addressed. If you received this message in error please notify us immediately by telephone or return e-mail and delete all copies from your computer system, as your retention, distribution or copying of this message and files is strictly prohibited. It is the recipient's responsibility to check this message and files for viruses. *** __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]