RE: Upgrade to Apache 1.3.12 or ... ? dear ME!
"Tim" [EMAIL PROTECTED] wrote : what a shame that the apache sysadmin is too lazy to update I think that's kind of uncalled-for. Points : 1) I expect Brian Behlendorf (sp?) is at the ApacheCon conference, has been preparing for it, and/or is on his way back. Either way, he'll have been a mite busy just lately. 2) As Lewis Bergman explained just now : "Do you run scripts which are subject to the cross site scripting addressed in one of the latest CERT's. 1.3.12 addresses this problem." The main point of 1.3.12 is to address those security problems; if a website doesn't have any dynamic content, and hasn't hit any of the other (mostly minor ?) bugs fixed in 1.3.12, then there's no *need* to upgrade. What's your purpose ? Nick Systems Team, EDS Healthcare, Bristol, UK __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Excessive Quoting (was can't find openssl.cnf)
On 10th.September.1999, Ralf S. Engelschall wrote : On Fri, Sep 10, 1999, Sun JunXu wrote: [...3 quoted mail headers removed...] [...5 quoted mailing list footers removed...] Errr... sorry if I had to complain now, but the thread becomes horrible: have you guys ever heard that one should edit _and strip down_ the quotation text when sending a reply in order to make it readable to the receivers? It's more than lame to send a four line reply with 3 quoted mail headers and 5 quoted mailing list footers attached to the message. Additionally: it's considered bad practice to write your reply paragraph above the quotation. So please make yourself a favor and invest[igate] a few minutes per day more time when writing to mailing lists like this. [snip] Thanks. I haven't read this list in my mailbox for a couple of weeks, and was just on the point of making the same point/complaint myself. Just in case anyone thinks Ralf might be the only listmember who thinks this, I decided to add my voice anyway - *please* trim unnecessary stuff from quoted messages. I know part of the problem is that many of us are (at work) having to use Micro$oft Outlook, which makes intelligent quoting fairly difficult. It puts the quoted text after the reply which means that (a) inline quoting is tediously manual, (b) lots of folks don't even look at the quoted message in their reply - they don't look past their own signature lines - so they forget the quoted bit is even there. But as Ralf says, it only takes a few minutes of extra effort, and makes the Net a better place. Please try. [Ralf: feel free to moderate this out of the list] Cheers, Nick EDS Healthcare, Bristol, UK __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Ultrix Problem: Build Can't Find SSL Headers
On 5th.May.1999 Mads Toftum wrote You should have SSL_BASE=../openssl-SNAP-19990426 on the same line as the ./configure Sorry, but that failed in just the same way : = cut == In directory /data/arc/apache/mod_ssl-2.2.8-1.3.6 :- SSL_BASE=../openssl-SNAP-19990426 \ ./configure --with-apache=../apache_1.3.6 \ --with-ssl=../openssl-SNAP-19990426 \ --prefix=/usr/local/apache \ --disable-rule=SSL_COMPAT Configuring mod_ssl/2.2.8 for Apache/1.3.6 + Apache location: ../apache_1.3.6 (Version 1.3.6) + OpenSSL location: ../openssl-SNAP-19990426 + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.6 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for ULTRIX platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.2.8 + SSL interface build type: OBJ + SSL interface compatibility: disabled + SSL interface experimental code: disabled + SSL interface vendor extensions: disabled Unknown flag + SSL interface plugin: Configured DBM (-ldbm) Error: Cannot find SSL header files under /data/arc/apache/openssl-SNAP-19990426 + SSL library path: /data/arc/apache/openssl-SNAP-19990426 ./configure:Error: APACI failed = cut == ... and in fact it also failed the same way when I tried it without *any* declaration for SSL_BASE. But thanks for the help anyway. Nick Boyce [ Information Security Manager ] Systems Team, EDS Healthcare, Bristol, UK Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Problems using https:
We can access non secure web pages as "http://server/" and "http://server/~user" but "https://server/" fails with the following error message: Netscape's network connection was refused by the server: ServerName The server may not be accepting connections or may be busy. Try connecting again later. I'm not an expert but ... This rather implies that your server machine has no process listening on port 443. I think you should post relevant details from your httpd.conf file(s) and/or output from "netstat -a | grep LISTEN" Are you sure you've modified the server config to cause it to expect SSL connections (as well as built it to be capable of them) ? Nick Boyce [ Information Security Manager ] Systems Team, EDS Healthcare, Bristol, UK __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: What is the difference between apache-ssl and apache-modssl?
On Tue, May 04, 1999 at 07:40:58PM -0400, John Ioannidis wrote: Are they just different distributions, or are there fundamental differences? I couldn't find the answer to this in the FAQs of either. I hope this isn't yet another religious thing... Not exactly : Apache_SSL is a set of patches to Apache which enable Apache to speak SSL, and was written by Ben Laurie. As a (complex) set of patches, it requires major skill level to get up and running, and is said to be definitely not for the fainthearted (= significant Unix knowledge required). This package came first. As there are a lot of the more fainthearted of us who would like to run SSL-capable web-servers, Ralf Engelschall developed mod_SSL as a new Apache module, *based on* a particular release of Ben Laurie's Apache_SSL, but smartened up, "bug-fixed" and made less terrifying for the rest of us, with an easier roadmap to follow for installation. Both implementations use the SSLeay crypto library (now known as "OpenSSL", since the SSLeay authors gained employment with a certain company) to do the crypting stuff. You can use whichever package appeals to you; mod_SSL is easier (my opinion). I don't know whether there are advantages to still using Apache_SSL, like maybe you gain access to tweaking more facilities that (maybe) mod_SSL hides with suitable defaults behind its friendly face. [ I'm speculating wildly here. ] As Tom Minchin said in another reply a few minutes ago, there's more information in the FAQ, where you will find Ralf's answer to this one. See http://www.modssl.org/docs/2.3/ssl_faq.html Regards, Nick Boyce [ Information Security Manager ] Systems Team, EDS Healthcare, Bristol, UK Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Ultrix Problem: Build Can't Find SSL Headers
I've raised this with Ralf E via the Mod_SSL Jitterbug system, but either I'm posting followup mail to the wrong address, or he's away right now, as it's all gone quiet. So I thought I'd try this on the list members, betting that this is a common problem : So far: openssl-SNAP-19990426 built OK "make -f Makefile.ssl links" done OK "make install" done OK But, when I try building mod_ssl-2.2.8_1.3.6, I get :- = cut == SSL_BASE=../openssl-SNAP-19990426 ./configure --with-apache=../apache_1.3.6 \ --with-ssl=../openssl-SNAP-19990426 \ --prefix=/usr/local/apache \ --disable-rule=SSL_COMPAT Configuring mod_ssl/2.2.8 for Apache/1.3.6 + Apache location: ../apache_1.3.6 (Version 1.3.6) + OpenSSL location: ../openssl-SNAP-19990426 + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.6 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for ULTRIX platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.2.8 + SSL interface build type: OBJ + SSL interface compatibility: disabled + SSL interface experimental code: disabled + SSL interface vendor extensions: disabled Unknown flag + SSL interface plugin: Configured DBM (-ldbm) Error: Cannot find SSL header files under /data/arc/apache/openssl-SNAP-19990426 + SSL library path: /data/arc/apache/openssl-SNAP-19990426 ./configure:Error: APACI failed = cut == So ... the big question is : does anyone know what these "SSL Header Files" are called, so I can look for them on my system, and devise some way of telling "configure" where that place is ? I've compared the contents of openssl-0.9.2b and openssl-SNAP-19990426 (which I need to get a build working on Ultrix) and there's no apparent difference in header file content. Also, I can't help wondering what that "Unknown flag" message is about, just before it chokes to death. Regards, Nick Boyce [ Information Security Manager ] Systems Team, EDS Healthcare, Bristol, UK Internet email: [EMAIL PROTECTED] | tel: +44 117 989 2941 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
