Problems with a SSL conf.

2002-11-27 Thread Pierre-Yves Jaquenoud 
Hi,
I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest
version).
I configured the ssl.conf file and i start the webserver with the command
"apachectl startssl".

If i enable the following configuration instruction into the ssl.conf file :
"SSLVerifyClient require"
i can't connect to to my server and i received a strange composite error
into the error_log file:
[Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint:
Usual
ly just one of those OpenSSL confusions!?]
[Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671
error:140890C7:l
ib(20):func(137):reason(199)

What's wrong

I'm not sure to pass the right certificate to the client. How have i to
proceed? Someone has maybe an example using an Apache webserver and a MSIE
6.0 client?

With my best regards.

P-Yves

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Problems with a SSL conf.

2002-11-27 Thread Alexandre 
i was have this problem  at  3 days ago.
i cant know what cause this problem, so, i restore a backup ...


good look


Alexandre

Pierre-Yves Jaquenoud wrote:

> Hi,
> I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest
> version).
> I configured the ssl.conf file and i start the webserver with the command
> "apachectl startssl".
>
> If i enable the following configuration instruction into the ssl.conf file :
> "SSLVerifyClient require"
> i can't connect to to my server and i received a strange composite error
> into the error_log file:
> [Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint:
> Usual
> ly just one of those OpenSSL confusions!?]
> [Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671
> error:140890C7:l
> ib(20):func(137):reason(199)
>
> What's wrong
>
> I'm not sure to pass the right certificate to the client. How have i to
> proceed? Someone has maybe an example using an Apache webserver and a MSIE
> 6.0 client?
>
> With my best regards.
>
> P-Yves
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]

begin:vcard 
n:da Silva Augusto;Alexandre 
x-mozilla-html:FALSE
org:Secretaria de Estado dos Negocios da Fazenda;DTI - Departamento de Tecnologia da Informacao
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Administrador de Sistemas Unix
x-mozilla-cpt:;3424
fn:Alexandre da Silva Augusto
end:vcard

Re: Problems with a SSL conf.

2002-11-27 Thread Estrade Matthieu 
SSLVerifyClient is for verify the client certificate in SSLv3
So maybe try to setup SSLProtocol SSLv3

I did that earlier and it's working fine

m.e


Pierre-Yves Jaquenoud wrote:


Hi,
I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest
version).
I configured the ssl.conf file and i start the webserver with the command
"apachectl startssl".

If i enable the following configuration instruction into the ssl.conf file :
"SSLVerifyClient require"
i can't connect to to my server and i received a strange composite error
into the error_log file:
[Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint:
Usual
ly just one of those OpenSSL confusions!?]
[Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671
error:140890C7:l
ib(20):func(137):reason(199)

What's wrong

I'm not sure to pass the right certificate to the client. How have i to
proceed? Someone has maybe an example using an Apache webserver and a MSIE
6.0 client?

With my best regards.

P-Yves

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w

 




__
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Win32 Binary Builds

2002-11-27 Thread hunter 
On Tue, 2002-11-26 at 15:15, Paul Christmann wrote:
> I'm just installing my first Apache server on a W2K box, and I'd like to 
> include SSL support.  From browsing this newsgroup and reading the 
> apache docs, it appears that the following statements are true (please 
> correct me if I'm wrong):
> 
> 1.  mod_ssl source is now bundled in Apache 2.X

true

> 2.  No binary version of Apache 2.X is available with mod_ssl support.

true (sort of ... but) I am providing binaries

(preferred)

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

or

(limited bandwidth)

http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip
 

> 3.  Compiling Apache source requires MSVC 5

false - I do not want to split hairs but it is built with MSVC 6

Also, I think Apache can be built with Cygwin and Mingw32 but I have not
done either yet.  I have Mingw32 compiling simple Win32 applications on
my Debian Linux box and will be trying eventually to build the Apache
binaries from Linux (cross-compile). Currently I use MSVC 6, MASM,
Cygwin(Bison,Flex,Awk), and Perl to build Apache.

Where I am employed I distribute as many as 20,000 Apaches - my Win32
binaries - they are compiled with SSL but not configured to use it. 

> 
> I've found several links (thanks primarily to "hunter" for links and 
> instructions) to downloading SSL executables built for Windows, and am 
> starting to play with them.  But I am left with two questions:
> 
> 1.  Why isn't there an Apache 2.X binary distribution with SSL?  As best 
> I can tell, there is an issue with export laws.  But why doesn't that 
> same issue apply to non-windows builds?
>
 
There is some uncertainty I suppose about the export laws, like you
say.  I do not know why this does not apply to non-windows.  

> 2.  I don't have (nor do I want to purchase) a MS license.  Without 
> that, is there any way I can compile Apache 2.X?  (I have and use 
> cygwin's gcc and make if that matters)
> 
When I updated my Cygwin I think there was the opportunity to get the
source and build Apache.  I did not do it that way since I have all of
the other tools.

I think you should give both Mingw32 and Cygwin another look.   

> Thanks,
> 
> Paul Christmann
> 

hunter



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

httpd.mm.sem

2002-11-27 Thread Jennifer Fox 
I am very new to apache.  What exactly is the httpd.mm.*.sem file?  I have
4 of these files in my logs directory and all 4 are zero byte files.

Thanks!
Jennifer
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

What is a good way to determine this

2002-11-27 Thread Mark Barton 
I have what I think is probably an easy question to answer, but I have done 
some searching and have not found anything obvious. The gist of the 
question is:

I have mod_ssl running and have my entire site covered with it (there is 
nothing listening on port 80). I also have .htaccess files forcing people 
to log into the site. Is the username and password transaction from the 
.htaccess prompt encrypted, being as it is the first thing the user logging 
on is prompted to perform?

My gut feeling is, of course. I have SSL options protecting the directory 
and the .htaccess file (i will include those at the end). But the reason 
why I am doubting myself is the logs show me something sketchy. I have a 
Custom log that shows the username and SSL environment variables of the 
user logging in:

...
   LogFormat "%t \t%u \t--> 
%{SSL_CIPHER}e  %{SSL_CIPHER_USEKEYSIZE}e  %{SSL_PROTOCOL}e <-- 
\t%r"  sslformat
   CustomLog logs/ssl/mbsindassl.log sslformat
...

But here is the log file entry that I am worried about:
...
[27/Nov/2002:16:46:29 -0500] 	- 	--> -  -  - <-- 	GET /index.html HTTP/1.1
[27/Nov/2002:16:46:34 -0500] 	mbarton 	--> RC4-MD5  128  SSLv3 <-- 	GET 
/index.html HTTP/1.1
...

The log file shows first the request with no username (which makes sense 
because they haven't logged on yet) but the SSL environment variables are 
all NULL too. So is this just a problem with the way environment variables 
are reported to the log? Because it looks like there is not an SSL 
connection before the user logs in!

I have verifed that SSL is up and running and working correctly for the 
site with s_client.

The software I am using is:
Windows 2000
Apache 1.3.27
Mod_SSL 2.8.12
OpenSSL 0.9.6g


Here is the top-level .htaccess file

AuthName "Dude, you had better be authorized"
AuthType Basic
AuthUserFile "C:/MBserver/Apache/bin/.htpasswd"

SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

require user mbarton


Here is the relevant SSL Portion of the httpd.conf file
---



	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl.crl

	SSLMutex sem
	SSLSessionCache dbm:logs/ssl/scache
	SSLSessionCacheTimeout  400
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	SSLLog  logs/ssl/engine.log
   	SSLLogLevel warn

	

	DocumentRoot "C:/MBserver/Apache/secure"
	ErrorLog logs/ssl/error.log
	LogLevel debug	
	TransferLog logs/ssl/access.log
	LogLevel debug
	AccessFileName .htaccess

	LogFormat "%>s \t%u \t%r \t%t \t%f \t%h \t%a \t%A \t%c \t%b \t%e \t%p 
\t%s" docscommon
	LogFormat "%t \t%u \t%{Referer}i -> %U" docsreferer
	LogFormat "%t \t%u \t%{User-agent}i" docsagent
	LogFormat "%t \t%u \t%r" docssmall
   	LogFormat "%t \t%u \t--> 
%{SSL_CIPHER}e  %{SSL_CIPHER_USEKEYSIZE}e  %{SSL_PROTOCOL}e <-- 
\t%r"  sslformat

   	CustomLog logs/ssl/mbsinda.log docscommon
	CustomLog logs/ssl/mbsindareferer.log docsreferer
	CustomLog logs/ssl/mbsindaagent.log docsagent
	CustomLog logs/ssl/mbsindasmall.log docssmall
   	CustomLog logs/ssl/mbsindassl.log sslformat

	ScriptAlias /cgi-bin/ "C:/MBserver/Apache/secure/cgi-bin/"

	
	   SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
	   SSLOptions +StdEnvVars +ExportCertData
	

	SSLProtocol -all +SSLv3
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:-EXP:-LOW:-SSLv2

	SSLCertificateFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaSSL.crt"
	SSLCertificateKeyFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaSSL.key"
   	SSLCACertificateFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaCA.crt"
   	SSLCACertificatePath "C:/MBserver/Apache/conf/ssl-AA"
	SSLOptions +CompatEnvVars +StdEnvVars
	SSLEngine on

	



I appreciate you guys taking a look at this,

Thanks,
Mark Barton

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]