I am having a heck of a time - Please help.
I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure --prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure --with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED] Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help.
I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle >-Original Message- >From: David Loesche [mailto:[EMAIL PROTECTED]] >Sent: Freitag, 12. Juli 2002 20:12 >To: '[EMAIL PROTECTED]' >Subject: I am having a heck of a time - Please help. > > >I have poured through all the documentation I can find on >enabling mod_ssl >with Apache 1.3.26 but keep coming up short. If I static link >the mod_ssl >it works fine but when I try to enable DSO and use it as a >shared library I >keep getting ap_add_config_define : referenced symbol not >found. I have the >following config setup for the apache build: > >#!/bin/ksh >SSL_BASE=/usr/local/ssl \ >EAPI_MM=../mm-1.1.3 \ >EAPI_MM_CORE_PATH=logs/httpd.mm \ >LIBS=/usr/lib/libC.so.5 \ >CFLAGS=-fPIC \ >./configure--prefix=/opt/apache \ > --enable-rule=EAPI \ > --enable-module=ssl \ > --enable-shared=ssl \ > --disable-rule=SSL_COMPAT \ > --enable-rule=SSL_SDBM \ > --enable-suexec \ > --suexec-caller=http > >I have followed the instructions in the modssl install guide to patch >Apache. Please verify the following build for mod_ssl: > >./configure--with-apache=../apache_1.3.26 \ > --with-ssl=/usr/local/ssl \ > --with-mm=../mm-1.1.3 > >If you can help (point me to some documentation) I would be >very grateful... > > >David S. Loesche >[EMAIL PROTECTED]Yipes >Communications, Inc. >Main: (415) 901-2000 114 Sansome Street, Suite 1045 >Direct:(415) 901-2210 San Francisco, CA 94104 >Fax: (415) 901-2201 http://www.yipes.com > >Yipes is the defining provider of fully scalable bandwidth for >businesses. >We offer fully managed high-speed Internet and Nationwide LAN-to-LAN >services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps >increments. > >Yipes delivers this uniquely flexible service over the first nationwide >system of optical IP networks. > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help. -- SOLUTION FOUND!
Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple task. I do not know why it took so long to figure out. You simply following the instructions in the mod_ssl install documentation (or other helpful documents you can find these all over the web), and your up and running with Apache - EAPI, DSO, mod_ssl, etc. running. WRONG! Not on Solaris 8. It seems that if you build Apache on Solaris 2.6 with gcc 2.95 all is well. Simply following the instructions in the mod_ssl documentation and your done. But it's another story if you are using Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these). After many hours of frustration and numerous emails I finally decided to try every combination one-by-one to identify which one was the culprit. Initial environment: Solaris 8 Gcc 3.0.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d The only way this combination works is with -enable-rule=SHARED_CORE. This option "forces" Apache to export the share symbols so they are available at run time. This takes a 5% performance hit and since the previous build did not have it I assumed I was doing something wrong. So I tried every possible build configuration over and over - No change (I had to use the SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the previous build version here of Apache). No matter what I did I could not get it to build the same way as the previous version. More work to do... 2nd shot: Solaris 8 Gcc 2.95.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d EVENTS AND SOLUTION: Same as above. More work to do... Last shot: Solaris 8 Gcc 3.1 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d Worked just like all the documentation said it should have and everyone I contacted told me to do (which I had spend over a week reading and trying all these suggestions). As it turns out, either the build from sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the loader module, the building of shared libraries, or gcc has an issue. So, if any of you have to do this make sure you have gcc 3.1 or SUN's compiler (I believe SUN's works but did not try it - I guess I'm just stubborn). Later, -Original Message- From: David Loesche Sent: Monday, July 15, 2002 12:07 PM To: '[EMAIL PROTECTED]' Subject: RE: I am having a heck of a time - Please help. I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle >-Original Message- >From: David Loesche [mailto:[EMAIL PROTECTED]] >Sent: Freitag, 12. Juli 2002 20:12 >To: '[EMAIL PROTECTED]' >Subject: I am having a heck of a time - Please help. > > >I have poured through all the documentation I can find on >enabling mod_ssl >with Apache 1.3.26 but keep coming up short. If I static link >the mod_ssl >it works fine but when I try to enable DSO and use it as a >shared library I >keep getting ap_add_config_define : referenced symbol not >found. I have the >following config setup for the apache build: > >#!/bin/ksh >SSL_BASE=/usr/local/ssl \ >EAPI_MM=../mm-1.1.3 \ >EAPI_MM_CORE_PATH=logs/httpd.mm \ >LIBS=/usr/lib/libC.so.5 \ >CFLAGS=-fPIC \ >./configure--prefix=/opt/apache \ > --enable-rule=EAPI \ > --enable-module=ssl \ > --enable-shared=ssl \ > --disable-rule=SSL_COMPAT \ > --enable-rule=SSL_SDBM \ > --enable-suexec \ > --suexec-caller=http > >I have followed the instructions in the modssl install guide to patch >Apache. Please verify the following build for mod_ssl: > >./configure--with-apache=../apache_1.3.26 \ > --with-ssl=/usr/local/ssl \ > --with-mm=../mm-1.1.3 > >If you can help (point me to some documentation) I would be >very grateful... > > >David S. Loesche >[EMAIL PROTECTED]Yipes >Communications, Inc. >Main: (415) 901-2000 114 Sansome Street, Suite 1045 >Direct:(415) 901-2210 San Francisco, CA 94104 >Fax: (415) 901-2201 http://www.yipes.com > >Yipes is the defining provider of fully scalable bandwidth for >businesses. >We offer fully managed high-sp
RE: modssl with a shared ssl lib base
What is the environment you are working on (OS, Compiler, etc)? Also, check out the documentation located at www.modssl.org (install document). If you are building on Solaris drop another line and I will forward you some information (I just spent some time debugging an issue with gcc and Solaris 8). -Original Message- From: R. DuFresne [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:53 AM To: [EMAIL PROTECTED] Subject: modssl with a shared ssl lib base Since apache 2.0.X will not function with older kernels, we have been trying to upgrade to apache_1.3.26 and wheen out of reliance for present upon the mod_blowchunks.so thing we have implimented till time permitted. But, we had decided to build ssl-engine with shared capability, so as to not have to jump through hoops if matters with apache 2.0.X changed and such. But, we are failing to get a working httpd when going this route. I'm wondering if the older apache fails, at least on older kernels, when ssl has been compiled as an so? Thanks, Ron DuFresne -- ~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Please, I need aid
This is the config I used on a test environment that works for Solaris 8 (this includes the new multi-threaded capabilities). #!/bin/ksh PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin LD_LIBRARY_PATH=/usr/local/lib:/opt/ssl/lib:/usr/lib export PATH LD_LIBRARY_PATH SSL_BASE=/opt/ssl \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure --prefix=/opt/apache \ --enable-ssl \ --with-ssl=/opt/ssl/ \ --enable-so \ --with-mpm=worker \ --enable-deflate David S. Loesche [EMAIL PROTECTED] Yipes Enterprise Services, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. -Original Message- From: [EMAIL PROTECTED] [mailto:mb3@;ati.es] Sent: Wednesday, November 13, 2002 2:31 AM To: [EMAIL PROTECTED] Subject: Please, I need aid Hello, I'm an Spanish technicien, and my name is Marc Bartres. Please excuse for my english first. I've a problem installing Apache 2.0.43 ans SSL. I've downloading this version and the OpenSSL 0.9g version. The Apache without SSL runs ok. But when I runs Apache with startssl appears an error of a library: vhost.c of APR. I compiled Apache with: ./configure --prefix=/usr/local/apache2 --enable-ssl make make install and I configured httpd.conf with ServerName "the_IP:80" and ssl.conf with ServerName "the_IP:443". I put server.key and server.crt in ssl.conf too. I want a basic secure server and I don't know what's the problem. I'm testing enabling all modules, but then appears and error on DAV's library. Please, it's for my work and I'm only in this project. Nobody knows Apache. Thany you very much. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Mod_ssl in apache 2.X
Here is a config for Solaris 8, gcc 3.1, Apache 2.x - multithreaded with SSL - I had no issues with this and am not an expert on Linuz by any means. Perhaps this might help. If not delete it. #!/bin/ksh PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin LD_LIBRARY_PATH=/usr/local/lib:/usr/local/ssl/lib:/usr/lib export PATH LD_LIBRARY_PATH SSL_BASE=/usr/local/ssl \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure --prefix=/opt/apache \ --enable-ssl \ --with-ssl=/usr/local/ssl/ \ --enable-so \ --with-mpm=worker \ --enable-deflate David S. Loesche [EMAIL PROTECTED] Yipes Enterprise Services, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. -Original Message- From: Johan Bryssling [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 2:39 AM Cc: [EMAIL PROTECTED] Subject: RE: Mod_ssl in apache 2.X Hi! Im not here to quarrel with you kid. Im here to get some help, and your insults are not helping very much. I thought this was the modssl-users list for people with not-so-much-expert-knowledge and not the linux-experts-with-nolife mailinglist. Im working under time pressure and cannot afford reading old documentation all day and then guess how the latter versions work (but of course I have read most of the old documentation anyway...). If I understand the example below I could rewrite it: CC="pgcc" CFLAGS="-O2" \ ./configure --prefix=/sw/pkg/apache \ --enable-ssl=shared ? ... and load "mod_ssl.so" dynamically with "Loadmodule" latter on? Right? (Of course its right.. ;) ) "Now you have to do some work on your own, you can't expect others to do it all for you and remain lazy." You call me lazy and think you know me after one email, that's cute. ;) I was asking a question and not hiring you or anybody else for a job. You even didnt have to answer. Im not demanding anything. (This is the first time I ask a usergroup a question at all, silly.) "The new apache is not the best as far as documentation concerns, certainly not up to the documentation that the older apache with or without mod-ssl integration, but, there is info to be gleened, if one looks" Right, I and other developers still havnt all day, thats why it exists user-groups to ask someone who already knows and perhaps have some time over for an clear answer. If I had some time over myself I would be happy to contribute with some quick-start-(dummy)-tutorials, because it's needed. Setting up Apache2 with SSL must be one of the most common configurations... Perhaps I will contribute in not-so-distance-future. ;) Regards /Johan -Original Message- From: R. DuFresne [mailto:[EMAIL PROTECTED]] Sent: den 4 december 2002 16:53 To: Johan Bryssling Cc: [EMAIL PROTECTED] Subject: Re: Mod_ssl in apache 2.X Didn't read any of the documentation in that tarball did ya? INSTALL [SNIP] For a short impression of what possibilities you have, here is a typical example which configures Apache for the installation tree /sw/pkg/apache with a particular compiler and flags plus the two additional modules mod_rewrite and mod_speling for later loading through the DSO mechanism: $ CC="pgcc" CFLAGS="-O2" \ ./configure --prefix=/sw/pkg/apache \ --enable-rewrite=shared \ --enable-speling=shared The easiest way to find all of the configuration flags for Apache 2.0 is to run ./configure --help. [SNIP] The new apache is not the best as far as documentation concerns, certainly not up to the documentation that the older apache with or without mod-ssl integration, but, there is info to be gleened, if one looks. How about the apache web pages, read that at all? Now you have to do some work on your own, you can't expect others to do it all for you and remain lazy. Thanks, Ron DuFresne On Wed, 4 Dec 2002, Johan Bryssling wrote: > Hi! > > I have a couple of questions: > > If mod_ssl is included in apache2.x why doesnt it show up in the modulelist > when I use: > > %> httpd -l > > ? > > If it's not "included" when I "default" compile (using the INSTALL-file > instructions), how do I know how to compile in the mod_ssl into the apache > (if this is my first time)? > > Where do I find information about these things, I certanly dont install > apache at a regulary basis.. ;-) > > I noted a default config file for SSL (I also found an include into the > httpd.config-file) and used the command: > > %>