StdEnvVars lost with suEXEC mechanism
Hello,
I have settled a virtualhost to work with the suEXEC mechanism.
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /export/home/sympa
ServerName sympa.archi.fr
#User sympa
#Group listserv
UserDir disabled
ScriptAlias /wws /export/home/sympa/bin/wwsympa.fcgi
ErrorLog /export/home0/apache/gamsau/logs/sympa443.error_log
TransferLog /export/home0/apache/gamsau/logs/sympa443.access_log
DirectoryIndex wws
SSLOptions +StdEnvVars
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/sympa.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/sympa.key
SSLCACertificatePath /usr/local/apache/conf/ssl.crt/
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.crt
SSLVerifyClient optional
SSLVerifyDepth 5
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
If I disable the suEXEC mechanism, the secure connexion is established
but I can not access to the writable directories belonging to sympa
(normally enabled by the suEXEC mechanism).
If I enable the suEXEC mechanism, my email read in my local certificat
is not transmitted to the server, so I can't access to the secure pages.
are suExec and SSL compatible?
Thanks for any suggestion.
--
Anne DURAND
GAMSAU - MAP
UMR CNRS-MCC n° 694
"Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage"
Ecole d'Architecture de Marseille
184 av de Luminy
13288 Marseille Cedex 09
tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71
mel : [EMAIL PROTECTED]
http : www.map.archi.fr
Ce message est signé.
Vous pouvez télécharger le certificat de l'autorité de certification
archi.fr à l'adresse http://www.archi.fr/certif/archi.pem
Signature cryptographique S/MIME
Lost environment variables
Hello,
The definition of the virtualhost in the httpd.conf file is shown at the
bottom.
When opening the URL https://sympa.archi.fr/printenv, the system seems
to load my personal certificat (the page is locked) but I get only the
regular http variables :
What should I do get also the SSL variables?
Thanks in advance for any suggestion.
DOCUMENT_ROOT="/export/home/sympa"
GATEWAY_INTERFACE="CGI/1.1"
HTTP_ACCEPT="image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
image/png, */*"
HTTP_ACCEPT_CHARSET="iso-8859-1,*,utf-8"
HTTP_ACCEPT_ENCODING="gzip"
HTTP_ACCEPT_LANGUAGE="fr-FR,en"
HTTP_CONNECTION="Keep-Alive"
HTTP_COOKIE="SITESERVER=ID=f24d0dd80cc13ec1e3c09b6dfe149b20;
I_Am_Not_An_Email_Sniffer=Let_Me_In"
HTTP_HOST="sympa.archi.fr"
HTTP_PRAGMA="no-cache"
HTTP_USER_AGENT="Mozilla/4.75 [fr] (WinNT; U)"
PATH="/usr/local/bin:/usr/bin:/bin"
QUERY_STRING=""
REMOTE_ADDR="193.50.232.53"
REMOTE_PORT="2515"
REQUEST_METHOD="GET"
REQUEST_URI="/printenv"
SCRIPT_FILENAME="/export/home/sympa/bin/printenv"
SCRIPT_NAME="/printenv"
SERVER_ADDR="193.50.232.12"
SERVER_ADMIN="[EMAIL PROTECTED]"
SERVER_NAME="sympa.archi.fr"
SERVER_PORT="443"
SERVER_PROTOCOL="HTTP/1.0"
SERVER_SOFTWARE="Apache/1.3.14 (Unix) PHP/3.0.16 mod_ssl/2.7.1
OpenSSL/0.9.6"
TZ="MET"
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 500
SSLMutex file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /usr/local/apache/logs/ssl_engine_log
SSLLogLevel debug
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /export/home/sympa
ServerName sympa.archi.fr
User sympa
Group listserv
UserDir disabled
ScriptAlias /printenv /export/home/sympa/bin/printenv
ErrorLog /export/home0/apache/gamsau/logs/sympa443.error_log
TransferLog /export/home0/apache/gamsau/logs/sympa443.access_log
SSLOptions +StdEnvVars +ExportCertData
AllowOverride All
Options ExecCGI
Order allow,deny
Allow from all
SSLOptions +StdEnvVars
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/sympa.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/sympa.key
SSLCACertificatePath /usr/local/apache/conf/ssl.crt/
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.crt
SSLVerifyClient optional
SSLVerifyDepth 10
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
--
Anne DURAND
GAMSAU - MAP
UMR CNRS-MCC n° 694
"Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage"
Ecole d'Architecture de Marseille
184 av de Luminy
13288 Marseille Cedex 09
tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71
mel : [EMAIL PROTECTED]
http : www.map.archi.fr
Ce message est signé.
Vous pouvez télécharger le certificat de l'autorité de certification
archi.fr à l'adresse http://www.archi.fr/certif/archi.pem
Signature cryptographique S/MIME
virtualhost name does NOT match server name
Hello on solaris 2.6 Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 On our server corbu.gamsau.archi.fr I want to secure a virtual host sympa.archi.fr on two ways : the standard way on port 80 with cookies and the SSL way on port 443 httpd.conf Port 80 SSLDisable ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/sympa ServerName sympa.archi.fr ... Port 443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/sympa ServerName sympa.archi.fr User sympa Group listserv UserDir disabled ScriptAlias /wws /export/home/sympa/bin/wwsympa.fcgi ErrorLog /export/home0/apache/gamsau/logs/wwsympa443_error TransferLog /export/home0/apache/gamsau/logs/wwsympa443_access DirectoryIndex wws SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLVerifyClient 0 SSLVerifyDepth 10 ... [02/Dec/2000 15:59:45 04465] [info] Init: Initializing (virtual) servers for SSL [02/Dec/2000 15:59:45 04465] [info] Init: Configuring server 127.0.0.1:443 forSSL protocol [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Configuring RSA server certificate [02/Dec/2000 15:59:45 04465] [warn] Init: (127.0.0.1:443) RSA server certificate CommonName (CN) `sympa.archi.fr' does NOT match server name!? [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Configuring RSA server private key [02/Dec/2000 15:59:45 04465] [warn] Init: (sympa.archi.fr:443) You configured HTTP(80) on the standard HTTPS(443) port! Any advice for generating the certificate or for the httpd.conf file? Thanks in advance -- Anne DURAND GAMSAU - MAP UMR CNRS-MCC n° 694 "Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage" Ecole d'Architecture de Marseille 184 av de Luminy 13288 Marseille Cedex 09 tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71 mel : [EMAIL PROTECTED] http : www.map.archi.fr __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl: Init: Failed to generate temporary 512 bit RSA private key
Hello, Here is my configuration : Solaris 2.6, Apache 1.3.14, openSSL 0.96, modSSL 2.7.1 What I did : cd modSSL ./configure --with-ssl=../../openssl-0.9.6 --with-apache=../../../apache/apache_1.3.14 --prefix=/usr/local/apache cd ../../../apache/apache_1.3.14 make make certificate make install When I run /usr/local/apache/bin/httpd -d /export/home0/apache/gamsau to test my normal web server with this new version, I get the error " mod_ssl: Init: Failed to generate temporary 512 bit RSA private key" Thanks for any help -- Anne DURAND GAMSAU - MAP UMR CNRS-MCC n° 694 "Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage" Ecole d'Architecture de Marseille 184 av de Luminy 13288 Marseille Cedex 09 tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71 mel : [EMAIL PROTECTED] http : www.map.archi.fr __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
