Re: Apache 1.3.20/ModSSL2.8.4/OpenSSL0.9.6b builds but core dumps.
I'm running imap, fetchmail, pine, etc (from redhat) mutt, apache, php (external sources, apache from Henri G.) stunnel, sendmail (internally made RPMs) which all use ssl, with no problems (well you have to force Henri's apache RPMto ignore the openssl 0.9.6 dependency) on several RedHat 6.2's with the latest RH updates including the openssl-0.9.5a-7.6.x So if you just need standard apache-mod_ssl functionality maybe you could just use the apache-mod_ssl-1.3.20.2.8.4-2 RPMs? (you can always apxs compile add-on modules) /magnus [EMAIL PROTECTED] wrote: -Original Message- From: Lanny Baron [mailto:[EMAIL PROTECTED]] Sent: 26 July 2001 18:06 To: [EMAIL PROTECTED] Subject: Re: Apache 1.3.20/ModSSL2.8.4/OpenSSL0.9.6b builds but core dumps . Hi, Perhaps a try..FreeBSD. Regards, Lanny Thanks for the hint, but we've been running RedHat for several years now. I'm the only one who understands how most of it works and changing to FreeBSD would only complicate an already difficult situation. Your suggestion is a bit like asking for directions and getting the response I wouldn't start from here if I were you! ;-) There does appear to be a major problem with building openssl 0.9.6a and b on RedHat 6.2, which I've not got to the bottom of. I have successfully built openssl 0.9.6 from source rpms, but I and several others cannot get later editions to work. I can post the folllowing if it helps: The build part of a working 0.9.6 spec file. The errors obtained when trying to build 0.9.6a and 0.9.6b from the preceding spec file. The build part of RedHat's spec file for building what they claim is equivalent to 0.9.6b (even if it doesn't look like it!) I have been in contact with the previous providers of the RPMs for RedHat, and received a response from one of them that he is no longer building them as RedHat now includes it. Actually I was going to post to the openssl list the problems with this issue, as RedHat 7.x depends on 0.9.6 being installed and installing a later version via RPMs breaks 24 other packages! - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and name-based virtual hosts
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 [EMAIL PROTECTED] wrote: can some one send me the proper syntax for setting up name-based virtual host with ssl? I have tried several things and only nonvitrual host seem to work. thanks Robert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Grant Sent: Wednesday, July 18, 2001 3:52 AM To: [EMAIL PROTECTED] Subject: Re: mod_ssl and name-based virtual hosts Jeff wrote: What is the host name (common name) in the certificates ??? I suspect you have used *.mydomain.dom - correct ??? Hmm, I'm also using name based virtual hosting with ssl as well, but my cert isn't *.domain.dom, it's just cn=domain.dom. The virtual hosts are of the form sub1.domain.dom and sub2.domain.dom. When I first accessed the domain, my browser asked me to accept the cert, it never said anything about the domain names not matching. I do, however, get the following errors in my apache_ssl_engine_log: Init: (sub1.domain.dom:443) RSA server certificate CommonName (CN) `domain.dom' does NOT match server name!? but otherwise, it doesn't seem to cause any problems except that I have this annoying floating point error... For those who asked previously, I'm running % httpd -version Server version: Apache/1.3.20 (Unix) Server built: May 24 2001 17:21:45 % gcc --version 2.95.3 % uname -v FreeBSD 4.3-STABLE #0: Sat Apr 28 11:05:39 EDT 2001 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.6.6 RPMs
Get them at the ususal place: http://www.modssl.org/contrib/ /magnus -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: : apache+modssl+... got SEGVs
On Sat, Jul 29, 2000 at 09:38:47PM +0200, Mads Toftum wrote: On Sat, Jul 29, 2000 at 11:49:20AM -0700, David Rees wrote: This sounds like an excellent idea. This would surely help most users who would like to use RPMs, and reduce the number of issues with mismatched RPMs causing problems. Now, who's going to do it? ;-) As I said, I'll do it - if none of those contributing the rpm's will :-) Nice idea, but we need access to the modssl.org web pages. And they are generated with wml, I believe, so something has to be worked out there, too. Something Ralf has to arrange/comment on. /magnus PS: have you tried the RedHat 6.2 php, modperl, RPMs? I think those are APXS compiled against an EAPI Apache. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: : apache+modssl+... got SEGVs
On Fri, Jul 28, 2000 at 02:07:51AM -0700, David Rees wrote: On Wed, Jul 26, 2000 at 11:17:14AM +0200, Hugues Pisapia wrote: And sometimes (well, more often with MSIE than with Mozilla :), apache gets Segmentation faults. It seems that it comes from openssl or modssl as i tried many configurations. Apache gets SEGVs only when the virtual host with modssl is running. I tried many thing to figure out where it comes from, but i have no more idea... Could someone help me, at least to give me a clue ? Last things : i tried the solution in the FAQ, i.e. to change the SSLSessionCache directive arguments, but i'm running apache from a rpm, so i don't have mm support, and my project manager will kick me if i say that i have to recompile apache :/, so i'd like to avoid that. The RPMs at modssl.org have mm compiled in. No one has had good luck when using RPMs to install mod_ssl. I'm afraid that recompiling Apache from scratch is the way to go. What's the problem with the RPMs? I roll them, and if you got a RPM specific porblem, I'll be happy to look at it. Why will your project manager kick you for recompiling Apache? You'll only be down for a second or two when you install the newly compiled Apache. Maintenence? It's easier with RPMs... /magnus -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: : : apache+modssl+... got SEGVs
On Fri, Jul 28, 2000 at 09:03:57AM -0700, David Rees wrote: No one has had good luck when using RPMs to install mod_ssl. I'm afraid that recompiling Apache from scratch is the way to go. What's the problem with the RPMs? I roll them, and if you got a RPM specific porblem, I'll be happy to look at it. Maybe if everyone used the RPMs you rolled there wouldn't be any problems, but it seems that people want to take one RPM from every site, throw them all together, and hope they work. Then they don't because one package wasn't compiled with the right options (like EAPI) There just seems to be too many variables if you want to use RPMs to build Apache/mod_ssl, especially since a lot of people would also like to use RPMs to install other Apache modules I'm sure (php, mod_perl). It also seems that a lot Yeah, mixing Apache RPMs is evil, the dependency facilities in RPM is just not enough to achieve full modularity in apache-mod_ssl There should probably be a FAQ just for doing this... And some things just don't run reliably as a loadable module no matter what you do... mod_perl for example... But I hear that RedHat 6.2 work fairly well, I haven't confirmed, though. of the people that come to the list reporting Apache/mod_ssl crashes are using RPMs. Yeah, and often mixing non-EAPI/EAPI stuff. Too bad the apache group didn't include EAPI, but started to discuss how to do it better, ending up with nothing... /m Why will your project manager kick you for recompiling Apache? You'll only be down for a second or two when you install the newly compiled Apache. Maintenence? It's easier with RPMs... Can't argue with you there. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.6.5 RPMs
It took some time due to vacation, but here they are: http://www.modssl.org/contrib/ (Note that the Redhat version in the release number is gone now, so the filenames are apache-mod_ssl*-1.3.12.2.6.5-0.* now. There are also some other RPMs there with the other numbering, but I did not upload those.) Changelog: - mod_ssl 2.6.5 - mm 1.1.3 - removed RedHat 5.x/6.x release numbering workaround ... -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.6.4 RPMs
Get them at the ususal place: http://www.modssl.org/contrib/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: installing through RPM
[EMAIL PROTECTED] wrote: In a message dated 4/28/2000 7:47:22 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: after I install the RPM, is it possible if I will add php3 + mysql + imap + ldap ? I don't know about them, but I am sure mod_perl works very badly with the RPM Apache. Beyond that, RPM Apache is not the latest, most secure version. Please explain what you mean by that... The RPM packaged version of apache-mod_ssl is made from the latest versions. apache-mod_ssl-1.3.12.2.6.3-0.6.0.i386.rpm apache-mod_ssl-devel-1.3.12.2.6.3-0.6.0.i386.rpm apache-mod_ssl-1.3.12.2.6.3-0.6.0.src.rpm are all available in the www.modssl.org contrib area. I have not tried compiling mod_perl with apache-mod_ssl as a DSO (via apxs) lateley, but if you would like to compile it statically into apache you could do that with that SRPM. /magnus -Josh __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: apache-mod_ssl 2.6.3-1.3.12 RPMs
In the usual place: http://www.modssl.org/contrib/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.6.2-1.3.12 RPMs
At hthe usual place: http://www.modssl.org/contrib/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.6.1-1.3.12 RPMS
are in the usual place: http://www.modssl.org/contrib/ On Tue, Feb 29, 2000 at 02:41:54PM +0100, Ralf S. Engelschall wrote: mod_ssl 2.6.1 is now available. It provides mainly PRNG changes, but also a few other fixes and cleanups. http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.6.1 (25-Feb-2000 to 29-Feb-2000) *) Added support for OpenSSL 0.9.5's RAND_egd() which is now used to read entropy from the EGD Unix domain socket if `SSLRandSeed egd:/path/to/socket' is configured. *) Extended builtin PRNG seeding with a run-time stack based source. This way the builtin source now creates more entropy and usually enough to make OpenSSL = 0.9.5 happy again. If OpenSSL is still not happy (i.e. still not sufficient entropy exists), a warning message is logged by mod_ssl now. *) Fixed Tanenbaum's name on the quote in ssl_intro.wml *) Updated Thawte's sxnet stuff for latest OpenSSL. *) Allow mod_ssl to compile also under Win32 VC++ 6.0 *) Fix OS/2 support and this way make mod_ssl again work also under this platform. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: : ANNOUNCE: mod_ssl 2.6.0-1.3.12
Sorry, list users That was not intended for the list, please ignore. /magnus On Mon, Feb 28, 2000 at 07:49:06AM +0100, Magnus Stenman wrote: I made RPMs for both 2.5.1 and 2.6.0, but someone uploaded before I had a chance to. Problem is, those RPMs contain some errors, an invalid serial number, no changelog, etc (and as far as I've seen aren't ANNOUNCed yet.) Could you please replace them with the ones I built? ... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.6.0-1.3.12
I made RPMs for both 2.5.1 and 2.6.0, but someone uploaded before I had a chance to. Problem is, those RPMs contain some errors, an invalid serial number, no changelog, etc (and as far as I've seen aren't ANNOUNCed yet.) Could you please replace them with the ones I built? They are on: ftp://www.hkust.se/incoming/mod_ssl/ /magnus PS: congrats on the marriage! On Fri, Feb 25, 2000 at 10:31:14AM +0100, Ralf S. Engelschall wrote: Apache 1.3.12 is already around the corner and should be released these days (be patient, please!), so I'll release mod_ssl 2.6.0 for it. Because I'm not available the coming days (we have our church marriage-ceremony on this weekend ;) and I don't wanted to let you wait to use SSL with this Apache version (especially because of security reasons you should consider to upgrade to 1.3.12). Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.6.0 (24-Feb-2000 to 25-Feb-2000) *) Merged in enhanced HTTPS Proxy Support which is derived from Stronghold 2.x and was originally contributed by C2Net over one year ago. This is still _EXPERIMENTAL_ stuff, so it is entirely wrapped with SSL_EXPERIMENTAL sections and has to be abled under built-time with --enable-rule=SSL_EXPERIMENTAL. Then the following new configuration directives are provided to fine-tune the HTTPS proxy support: o SSLProxyProtocol [+-][SSLv2|SSLv3|TLSv1] ... (enable or disable SSL protocol flavors) o SSLProxyCipherSuite XXX:...:XXX (colon-delimited list of permitted SSL ciphers) o SSLProxyVerify on|off (whether to verify the remote certificate) o SSLProxyVerifyDepth N (maximum certificate verification depth) o SSLProxyCACertificateFile /path/to/file (file containing server certificates) o SSLProxyCACertificatePath /path/to/dir (directory containing server certificates) o SSLProxyMachineCertificateFile /path/to/file (file containing client certificates) o SSLProxyMachineCertificatePath /path/to/dir (directory containing client certificates) This stuff is declared experimental, because it was still _NOT_ tested in depth and is still _UNDOCUMENTED_. So keep in mind what SSL_EXPERIMENTAL means and use this with care! *) Extended the EAPI patches to mod_proxy to allow the new HTTPS proxy support to be merged in. *) Fixed ssl_io_suck() prototype scope in mod_ssl.h by changing the old #ifdef SSL_EXPERIMENTAL to the now correct #ifndef SSL_CONSERVATIVE. *) Added "cons" and "nocons" development target to src/modules/ssl/Makefile.tmpl. *) Upgraded to Apache version 1.3.12. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: : RH 6.1 and apache-ssl RPM from ftp.zedz.net: Doesn't work?
28 DARX Consulting Pty Ltd Mobile: 04-1122 6244 mailto:[EMAIL PROTECTED] http://www.darx.com/ PGP public key: http://www.darx.com/pgp/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Regards Rudi -- Rudi HeitbaumPh: +61-3-9822 1216 Managing DirectorFax: +61-3-9822 1728 DARX Consulting Pty Ltd Mobile: 04-1122 6244 mailto:[EMAIL PROTECTED] http://www.darx.com/ PGP public key: http://www.darx.com/pgp/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RH 6.1 and apache-ssl RPM from ftp.zedz.net: Doesn't work?
What are the gcache processes doing there? They are from apache-ssl, not apache-mod_ssl Maybe you have ended up with files from both apache variants? /magnus Steve Frampton wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi again: I discovered more up-to-date RPM's were available on ftp.modssl.org in /pub/contrib. Therefore, I installed: apache-mod_ssl-1.3.9.2.4.9-0.6.0 apache-mod_ssl-devel-1.3.9.2.4.9-0.6.0 and it worked! But on to other problems. ;-) I am trying to get things working with PHP3. I have downloaded the tarball for php-3.0.14, did a: ./configure --with-apxs=/usr/sbin/apxs --with-mysql \ --with-apache=/usr/include make make install I then made sure that the following lines were present in my httpd.conf file: LoadModule php3_modulelib/apache/libphp3.so AddModule mod_php3.c AddType application/x-httpd-php3 .php3AddType application/x-httpd-php3-source .phps (PHP's "make install" procedure actually put the LoadModule and AddModule lines within IfDefine SSL blocks, I assumed this was incorrect so I moved them outside the blocks). After starting the server, connections on both ports 80 and 443 are refused, and there are no "httpd" processes in memory. There *are*, however, a couple of gcache processes. There are no error messages in any of the httpd logs, the only thing that appears after starting the server is the following in ssl_engine_log: [info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.9, Library: OpenSSL/0.9.4 [info] Init: 1st startup round (still not detached) [info] Init: Initializing OpenSSL library [info] Init: Loading certificate private key of SSL-aware server localhost:443 [info] Init: Generating temporary RSA private keys (512/1024 bits) [info] Init: Configuring temporary DH parameters (512/1024 bits) Those look normal enough. But I can *not* interact with the server unless I comment out the LoadModule and AddModule lines. :-( Any ideas? - -- LINUX: The choice of a GNU generation. -- Steve Frampton[EMAIL PROTECTED]Japan Communications, Inc. Software Developer/Systems Administratorhttp://www.j-com.co.jp/ GNU Privacy Guard ID: D055EBC5 (see http://www.gnupg.org for details) GNU-PG Fingerprint: EEFB F03D 29B6 07E8 AF73 EF6A 9A72 F1F5 D055 EBC5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4n73amnLx9dBV68URApc3AJ93moBzZ8XykgMru4G0TpHAT2UeCwCdGrR9 /eZS5OeyIKyDWHjOgMF2KsM= =kLqO -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RPM installs (mod's)
No extra modules, except those in a standard apache/mod_ssl are compiled in. You'll have to download the SRPM and recompile it for that. /magnus On Tue, Jan 25, 2000 at 01:17:38PM -0800, [EMAIL PROTECTED] wrote: Hey All, I was wondering if anyone know where I can get info as to what apache1.3.9+mod_ssl.rpm is compilied with in terms of modules. (ie php, postgres, mysql, mod_perl,etc.). Any help is greatly appreciated. Thanks, Harry Hoffman Product Systems Specialist Restaurants Unlimited Inc. (206) 634-3082 x. 270 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.5.0-1.3.11 RPMs
At the usual location: http://www.modssl.org/contrib/ Changelog: * Mon Jan 24 2000 Magnus Stenman [EMAIL PROTECTED] - mod_ssl 2.5.0 - apache 1.3.11 - suexec is compiled with umask 022 - latest RedHat logrotate and init scripts included . . . -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: apache-mod_ssl 2.4.10 RPMs
In the usual place: http://www.modssl.org/contrib/ /magnus __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.4.9 RPMs
At the usual place: http://www.modssl.org/contrib/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: OT: EAPI, DSO stability
Adriano Rodrigues wrote: Sorry to be a bit off topic, but I'm very curious about the two questions below... Does someone know if there are any plans to incorporate the EAPI into mainstream Apache? There were, but somehow it never got included. Someone on the apache list apparantly had a better solution, which also has not been incorporated... Status on that, Ralf? Also, I usually compile a bare bones Apache with EAPI and all my modules are DSO (mod_ssl, php, mod_perl, etc). But when one starts getting segfaults (mod_perl comes to mind), people usually recommend that you build Apache statically. It is recommended to compile mod_perl statically. It's a mod_perl bug, I believe. Are the problems due to Apache's DSO implementation (is it rock solid?), bugs in the modules, or both? Of course, I am assuming here that the environment is sane (a modern UNIX like FreeBSD or Linux, libs compiled with -fpic, etc). Thanks, -- Adriano __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Version
http://www.apache-ssl.org/ Charles Williams wrote: I was told we were using mod_ssl but at /apache/bin I type httpsd -v and learn: Server version: Apache/1.3.6 Ben-SSL/1.35 (Unix) Does anyone know where I go for documentation? Chuck Williams __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.4.5 RPMs
RPMs and spec file at: http://www.modssl.org/contrib/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.4.4
2.4.3 compiled OK on my redhat 5.2 box, but 2.4.4 barfs: gcc -c -I../../../../mm-1.0.11 -I../../os/unix -I../../include -O2 -m486 -fno-strength-reduce -DLINUX=2 -DMOD_SSL=204104 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT -I/usr/include -DMOD_SSL_VERSION=\"2.4.4\" ssl_engine_mutex.c mv ssl_engine_mutex.o ssl_engine_mutex.lo ssl_engine_mutex.c: In function `ssl_mutex_sem_create': ssl_engine_mutex.c:293: incompatible type for argument 4 of `semctl' ssl_engine_mutex.c:302: incompatible type for argument 4 of `semctl' make[4]: *** [ssl_engine_mutex.lo] Error 1 make[3]: *** [all] Error 1 make[2]: *** [subdirs] Error 1 make[2]: Leaving directory `/usr/src/rpmbuild/BUILD/apache-mod_ssl_1.3.9.2.4.4/apache_1.3.9/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/src/rpmbuild/BUILD/apache-mod_ssl_1.3.9.2.4.4/apache_1.3.9' make: *** [build] Error 2 Bad exit status from /tmp/rpm-tmp.50717 (%build) -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.4.3 RPMs
RPM, SRPM and spec files at the usual place: http://www.modssl.org/contrib/ changelog: * Mon Sep 27 1999 Magnus Stenman [EMAIL PROTECTED] - mod_ssl 2.4.3 - mm 1.0.11 - added (noreplace) to some configuration files - removed patch to cca.sh - added the ssl.crl and ssl.prm subdirs in conf/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache w/ suExec + Mod SSL
Take a look at the RPM spec files in the contrib area at www.modssl.org /magnus Chad Cordero wrote: Has anyone successfuly compiled Apache 1.3.9 + ModSSL 2.4.2 + OpenSSL 0.9.4 or similar and also compiled Apache's suEXEC in? I'm not shure how. Please help. I can't find anything in any of the ModSSL README files or the FAQs. Thanks, Chad Cordero Telecommunications Network Services California State University, San Bernardino __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.4.2 RPMs
That's all been taken care of. Patrick Maartense wrote: Magnus Stenman wrote: Available at http://www.modssl.org/contrib/ You don't have permission to access /contrib/ftp/contrib/apache-mod_ssl-1.3.9.2.4.2-0.5.2.i386.rpm on this server. :-( __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.4.2 RPMs
Right now, a binary built for 5.2 will segfault on a 6.0 system. Henri Gomez builds the RPMs for 6.0 versions, and they usually appear some time after I put out the 5.2 ones. Feel free to download the .src RPM, install it, edit the redhat version rows in the .spec file, and rebuild with "rpm -ba apache-mod_ssl.spec" /magnus Patrick Maartense wrote: Magnus Stenman wrote: That's all been taken care of. Thankx, one more question, why only for redhat 6.0? Patrick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.4.2 RPMs
Available at http://www.modssl.org/contrib/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: apache-mod_ssl-1.3.9.2.4.1 RPMs
RPMs and spec file can be found at http://www.modssl.org/contrib/ These RPMs are for RedHat 5.2 systems. /magnus -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache + mod_ssl exits cleanly on startup
I have had similar problems when I tried to load mod_perl as a DSO. My strace showed that my apache exited in a similar manner. Removing the mod_perl module load from the httpd.conf cured the problem, and I have not had time to investigate it further since. Mod_php loads fine, so in my case the problem is mod_perl/DSO related (DSO with mod_perl is considered alpha, I believe) Do you use APXS compiled modules? /magnus Graham Leggett wrote: Hi all, I am having some hassles with Apache v1.3.9 + mod_ssl v2.4.1 under Redhat v6.0 (Intel). When the server is started, the server exits cleanly straight away. Nothing is logged, or output to stderr or stdout. An strace reveals that httpd is making a clean exit just after it's initialised. Anyone know what's wrong? The strace is attached. Regards, Graham -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: GDBM error when session cache is enabled?
If you haven't done so already, try to turn off the DBM session cache in httpd.conf and use shared memory instead. SSLSessionCache shm:/var/run/ssl_scache(512000) #SSLSessionCache dbm:/var/run/ssl_scache /magnus Jeff Johnson wrote: Does anyone have any suggestions on what to do when you receive this error. Sorry for providing a lack of information, I'm just very busy at work now, right now, session cache is disabled. Server Version: Apache/1.3.9 (Unix) DAV/0.9.9 mod_fastcgi/2.2.2 PHP/4.0B2 mod_macro/1.1.1 mod_perl/1.21 mod_frontpage/3.0.4.3 mod_ssl/2.4.0 OpenSSL/0.9.4, using MM 1.0.9. error_log shows "gdbm error", or something similar. OS is FreeBSD 3.2. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.3.11 RPMs
At http://www.modssl.org/contrib/ For those of you with idling redhat 6.0 boxen, grab the SRPM, recompile with rh defined as 6.0 and upload the RPMs... Changelog: * Tue Aug 03 1999 Magnus Stenman [EMAIL PROTECTED] - mod_ssl 2.3.11 - removed some patches to the apache source, which now are performed by mod_ssl * Thu Jul 29 1999 Magnus Stenman [EMAIL PROTECTED] - mod_ssl 2.3.10 * Sun Jul 25 1999 Magnus Stenman [EMAIL PROTECTED] - mod_ssl 2.3.8 - removed Thawte Strong Extranet Support due to apxs dependency problem - changed release numbering to allow for simultaneous RedHat versions; release 0.5.2 means release 0, for RedHat 5.2 ... ... -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se ...all in all, it's just another rule in the firewall. /Ping Flood __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.3.1 RPMs
No changes but the mod_ssl revision bump. Get them at the usual place: http://www.modssl.org/contrib/ -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ANNOUNCE: apache-mod_ssl-1.3.6.2.3.0 RPMs (and openssl 0.9.3 RPMs)
Tested on redhat 5.2 and 6.0 Compiled on redhat 5.2 Get it at the usual place: http://www.modssl.org/contrib/ Since I couldn't find any openssl 0.9.3 RPMs out there, I uploaded those, too. Name: apache-mod_ssl Distribution: (none) Version : 1.3.6.2.3.0 Vendor: (none) Release : 0 Build Date: Tue May 25 17:04:37 1999 Install date: (not installed) Build Host: starbug.inbox.se Group : Networking/DaemonsSource RPM: (none) Size: 1994706 License: BSD-like Packager: Magnus Stenman [EMAIL PROTECTED], Henri Gomez [EMAIL PROTECTED] URL : http://www.modssl.org/ Summary : Apache HTTP daemon with SSL Description : apache-mod_ssl is Apache with SSL support via mod_ssl and OpenSSL This build is not for use in the U.S., you will have to build your own apache-mod_ssl with RSAref for that due to patent problems. Built with loadable modules (all standard modules enabled). The configuration files provided with apache and apache-mod_ssl are unchanged. Built for glibc6 on RedHat 5.2 and 6.0 Changes: * Tue May 25 1999 Magnus Stenman [EMAIL PROTECTED] - mod_ssl 2.3.0 - Changes in URLs and description - Included more mod_ssl documentation, and the mod_ssl contrib directory. - Added require for openssl = 0.9.3 -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl-2.2.8-1.3.6 + RedHat 6.0, no ndbm found
The redhat SRPM has some patches for that... Maybe it helps? --- apache_1.3.3/src/helpers/find-dbm-lib.nondbmFri Dec 18 17:55:25 1998 +++ apache_1.3.3/src/helpers/find-dbm-lib Fri Dec 18 17:59:48 1998 @@ -15,8 +15,6 @@ DBM_LIB="" if ./helpers/TestCompile lib dbm dbm_open; then DBM_LIB="-ldbm" - elif ./helpers/TestCompile lib ndbm dbm_open; then - DBM_LIB="-lndbm" fi if [ "X$DBM_LIB" != "X" ]; then LIBS="$LIBS $DBM_LIB" Stefanita Vilcu wrote: Hello, I am trying to compile mod_ssl-2.2.8-1.3.6 on a RedHat 6.0 box (kernel 2.2.6). The problem is that the mod_ssl is looking for the ndbm package (header and library) which is, on the RH boxes, replaced by the gdbm package. Is there any patch for this or I'll have to write it? Below is the piece of error. === src/modules/ssl gcc -c -I../../os/unix -I../../include -DLINUX=2 -DMOD_SSL=202108 -DUSE_HSREGEX -DEAPI `../../apaci` -DSSL_COMPAT -I/usr/src/openssl-0.9.2b/include -DMOD_SSL_VERSION=\"2.2.8\" mod_ssl.c In file included from mod_ssl.c:65: mod_ssl.h:282: ndbm.h: No such file or directory make[4]: *** [mod_ssl.o] Error 1 I tried this simple trick: [root@test1 apache_1.3.6]# ln -s /usr/include/gdbm.h /usr/include/ndbm.h and the compilation seems to work smooth, until: gcc -c -I../../os/unix -I../../include -DLINUX=2 -DMOD_SSL=202108 -DUSE_HSREGEX -DEAPI `../../apaci` -DSSL_COMPAT -I/usr/src/openssl-0.9.2b/include -DMOD_SSL_VERSION=\"2.2.8\" ssl_engine_scache.c ssl_engine_scache.c: In function `ssl_scache_dbm_init': ssl_engine_scache.c:227: `DBM' undeclared (first use in this function) ssl_engine_scache.c:227: (Each undeclared identifier is reported only once ssl_engine_scache.c:227: for each function it appears in.) ssl_engine_scache.c:227: `dbm' undeclared (first use in this function) ssl_engine_scache.c: In function `ssl_scache_dbm_store': ssl_engine_scache.c:276: `DBM' undeclared (first use in this function) ssl_engine_scache.c:276: `dbm' undeclared (first use in this function) ssl_engine_scache.c:277: parse error before `dbmkey' ssl_engine_scache.c:281: `dbmkey' undeclared (first use in this function) ssl_engine_scache.c:285: `dbmval' undeclared (first use in this function) ssl_engine_scache.c:302: `DBM_INSERT' undeclared (first use in this function) ssl_engine_scache.c: In function `ssl_scache_dbm_retrieve': ssl_engine_scache.c:315: `DBM' undeclared (first use in this function) ssl_engine_scache.c:315: `dbm' undeclared (first use in this function) ssl_engine_scache.c:316: parse error before `dbmkey' ssl_engine_scache.c:325: `dbmkey' undeclared (first use in this function) ssl_engine_scache.c:338: `dbmval' undeclared (first use in this function) ssl_engine_scache.c: In function `ssl_scache_dbm_remove': ssl_engine_scache.c:362: `DBM' undeclared (first use in this function) ssl_engine_scache.c:362: `dbm' undeclared (first use in this function) ssl_engine_scache.c:363: parse error before `dbmkey' ssl_engine_scache.c:366: `dbmkey' undeclared (first use in this function) ssl_engine_scache.c: In function `ssl_scache_dbm_expire': ssl_engine_scache.c:390: `DBM' undeclared (first use in this function) ssl_engine_scache.c:390: `dbm' undeclared (first use in this function) ssl_engine_scache.c:391: parse error before `dbmkey' ssl_engine_scache.c:414: `tNow' undeclared (first use in this function) ssl_engine_scache.c:415: `dbmkey' undeclared (first use in this function) ssl_engine_scache.c:417: `dbmval' undeclared (first use in this function) ssl_engine_scache.c:424: `tExpiresAt' undeclared (first use in this function) make[4]: *** [ssl_engine_scache.o] Error 1 make[3]: *** [all] Error 1 make[2]: *** [subdirs] Error 1 make[2]: Leaving directory `/usr/src/apache_1.3.6/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/src/apache_1.3.6' make: *** [build] Error 2 Thank you, -vsv -- Stefanita Valeriu Valcu, Network Administrator Dynamic Network Technologies Calea Victoriei 155, bl. D1, sc. 8, et. 2 tel: +40-1-2106863 fax: +40-1-3122745 e-mail: [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RPM stuff
For those of you who are into RPM development, I uploaded my latest .spec for apache-mod_ssl to http://www.engelschall.com/sw/mod_ssl/contrib/ Comments? Btw, anyone but me having problems with mod_ssl:s libssl.so not using shared lib{ssl,crypto}.so ? -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Updated apache-mod_ssl-1.3.6-2.2.8-1.src.rpm
Mike McHenry wrote: I am in the process of uploading an updated version of the apache-mod_ssl package to the contrib section of sw.engelschall.com. http://www.engelschall.com/sw/mod_ssl/contrib/apache-mod_ssl-1.3.6-2.2.8-1.s rc.rpm I have not generated binary versions as I do not want to step on the normal package maintainers toes. :) Basically I merged in the latest Redhat apache release with the latest apache-mod_ssl package. This involved a number of changes to the SPEC file to get everything in synch. Umm, I do not like that layout/spec/patchset; it's messy it uses the non-standard mod_bandwidth it uses multiple config files it does not include README documentation including legal aspects, licences etc (it does some good things too -- I think I'll merge some stuff in..) If you want to maintain the RPM releases, be my guest -- I will be building and compiling my versions because I use them on a number of servers -- but I won't upload them to the contrib area. /magnus This release compiles cleanly on RH5.2 and should also compile cleanly on the upcoming RH6.0 release. I have this release up and running on a production webserver right now so I consider it to be a stable package. Mike McHenry Systems Administrator MinnNet Communications, Inc. -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ANNOUNCE: mod_ssl 2.2.8 RPMs
mod_ssl 2.2.8 RPMs are uploaded to www.engelschall.com contrib area -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS #11 Utility Package
Netscape has some software that might be of interest for some of the developers? PKCS #11 Utility Package 1.0.5 OVERVIEW The PKCS #11 Utility Package assists vendors of PKCS #11-compliant cryptographic hardware or software verify compatibility with Netscape software. The package provides test suites that exercise cryptographic modules through Netscape's security library. It also contains test automation tools, as well as utilities for manipulating Netscape's security databases. http://developer.netscape.com/software/tools/index.html?cp=dev_ltr1content=pkcs/up105.html -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS #11 Utility Package
Sooner or later, someone will upload it to replay.com... Patrik Carlsson wrote: Especially for those in the US as it obey under the US export regulations :-( --Patrik Magnus Stenman wrote: Netscape has some software that might be of interest for some of the developers? PKCS #11 Utility Package 1.0.5 ... -- Magnus Stenman mailto:[EMAIL PROTECTED] http://www.hkust.se Get it up, keep it up. Linux -- Viagra for your PC __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
In which versions of MSIE did this occur? I was thinking of a more specific regexp so that not *all* M$IE users trigger the unclean ssl shutdown behaviour... /magnus __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Client Test Suite: Summary
Ralf S. Engelschall wrote: On Mon, Mar 29, 1999, Hans Lohmander wrote: "Ralf S. Engelschall" wrote: Netscape 4.5 Mac, PPC international . Failed [EMAIL PROTECTED] ``I tested the below and got "bad data from the server" http was fine but https was not.'' --- deleted stuff here --- So, I conclude that we've NO problems at all with Netscape clients. But we've problems with various IE clients. There not for all situations, but under some situations it looks like people can deterministically reproduce it. I still got bad data, when I tried it today, 29 mar. So this is still a problem with the NS 4.5 mac version. International 40-bit version. I just tried NS 4.5 Mac PPC and it worked even on my unmodified mod_ssl... I cannot find any entries in the access_log from a Netscape under Macintosh. Are you sure you connect to en4.engelschall.com via HTTPS? Or is it already failing at the top-level page before you receive anything at all? I ask because your problems seems to of a different kind, but I want to setup the SetEnvIf for your browser, too. To allow us to check whether ssl-unclean-shutdown also solves your problem. So, why are there no entries for your connections on en4? From which IP you're coming? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Ok, Client Test Suite established
Ralf S. Engelschall wrote: On Thu, Mar 25, 1999, Magnus Stenman wrote: http://en4.engelschall.com/ https://en4.engelschall.com/ Dang. NS 4.08 Linux and NS 4.5 Mac work fine on all tests... Unfortunately I cannot give you access to my box, because it's on a non-public net.. But I can enable "debug" level in the logs.. Ahh... fine. I was already made-insecure and though I become totally crazy. So we can now conclude that at least for your situation it's seems a local platform problem. At least it seems it's not a general mod_ssl protocol problem. I've expected this, because I already went over the protocol stuff more than once and finally were convinced that in 2.2.5 and 2.2.6 it's now finally correct. Hmmm.. but nevertheless you've still the nasty problems on your platform and the question remains: What cause it. Using the debugging loglevel can give some hints, yes. It's not exactly the software versions I used, right? I think the problem is inside OpenSSL, because in Apache the protocol stuff I start to suspect that too... I use 0.9.1c (could not find newer RPMs) but I'll upgrade to 0.9.2b and we'll see if the problem goes away. It seems that at least some of the error reports come from people using 0.9.1c wasn't changed for a long time. Have you already tried a _fresh_ (built from scratch!) Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b (sorry when I ask again, but too much people already described their situation the last days and I already intermix them)? Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.1c I included the "debug" level log snippet below /magnus ssllog.gz
Re: Netscape has encountered bad data from the server.
Everything works like a charm when I upgraded to OpenSSL 0.9.2b (from 0.9.1c) so that must have been the problem. I'll release 1.3.6-2.2.6 RPMs in an hour or so. /magnus __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ANNOUNCE: Apache-mod_ssl-1.3.6-2.2.6 RPMs
Uploaded to http://www.engelschall.com/sw/mod_ssl/contrib/ Note: you should probably be using OpenSSL 0.9.2b as there have been spurious problems with older versions combined with this apache+mod_ssl version. Name: apache-mod_ssl Distribution: (none) Version : 1.3.6-2.2.6 Vendor: (none) Release : 0 Build Date: Fri Mar 26 13:14:36 1999 Install date: (not installed) Build Host: starbug.inbox.se Group : Networking/DaemonsSource RPM: apache-mod_ssl-1.3.6-2.2.6-0.src.rpm Size: 4467416 License: BSD-like Packager: Henri Gomez [EMAIL PROTECTED], Magnus Stenman [EMAIL PROTECTED] URL : http://www.engelschall.com/sw/mod_ssl/ Summary : Apache HTTP daemon with SSL Description : apache-mod_ssl is Apache with SSL support via mod_ssl and SSLeay/OpenSSL This build is not for use in the U.S., you will have to build your own apache-mod_ssl with RSAref for that due to patent problems. Built with loadable modules (all standard modules enabled). The configuration files provided with apache and apache-mod_ssl are unchanged. Built for glibc6 on RedHat 5.2 __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape has encountered bad data from the server.
Here comes my trace: [25/Mar/1999 13:10:21] [info] Connection to child 0 established (server starbug.inbox.se:443) [25/Mar/1999 13:10:21] [trace] Seeding PRNG with 1032 bytes of entropy [25/Mar/1999 13:10:21] [trace] OpenSSL: Handshake: start [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: before SSL initialization [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 read client hello A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write server hello A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write certificate A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write key exchange A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write server done A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 flush data [25/Mar/1999 13:10:21] [trace] OpenSSL: Read: SSLv3 read client certificate A [25/Mar/1999 13:10:21] [trace] OpenSSL: Exit: failed in SSLv3 read client certificate A [25/Mar/1999 13:10:21] [info] SSL handshake stopped: connection was closed Strange... I don't use SSLVerifyClient... /magnus On Thu, Mar 25, 1999, Mark Stosberg wrote: I'm getting the same odd error as the other fellow: "Netscape has encountered bad data from the server." (Mac Communicator 4.51) Here's my setup: 3.1-RELEASE FreeBSD Apache/1.3.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.2b And the errors from the logs: [Thu Mar 25 04:52:37 1999] [error] mod_ssl: SSL handshake failed (client 199.120.185.113, server secure.infocom.com:443) (OpenSSL library error follows) [Thu Mar 25 04:52:37 1999] [error] OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure At which state of the handshake happens this? Use "SSLLogLevel trace" to find this out, please. I wish our OpenSSL library would give more detailed descriptions... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape has encountered bad data from the server.
Sorry, it seems the error reports got mixed up... My error gives the same result as Mark Stosberg saw in Netscape, but different entries in the logs... I never get the [error] entries, just this: [info] Connection to child 4 established (server starbug.inbox.se:443) [info] SSL handshake stopped: connection was closed The log entries I submitted (below) is what happens if I increase the log level to "trace" I attached my original post to the end of this mail. [continued] [25/Mar/1999 13:10:21] [info] Connection to child 0 established (server starbug.inbox.se:443) [25/Mar/1999 13:10:21] [trace] Seeding PRNG with 1032 bytes of entropy [25/Mar/1999 13:10:21] [trace] OpenSSL: Handshake: start [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: before SSL initialization [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 read client hello A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write server hello A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write certificate A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write key exchange A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write server done A [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 flush data [25/Mar/1999 13:10:21] [trace] OpenSSL: Read: SSLv3 read client certificate A [25/Mar/1999 13:10:21] [trace] OpenSSL: Exit: failed in SSLv3 read client certificate A [25/Mar/1999 13:10:21] [info] SSL handshake stopped: connection was closed Strange... I don't use SSLVerifyClient... I'm getting the same odd error as the other fellow: "Netscape has encountered bad data from the server." (Mac Communicator 4.51) Here's my setup: 3.1-RELEASE FreeBSD Apache/1.3.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.2b And the errors from the logs: [Thu Mar 25 04:52:37 1999] [error] mod_ssl: SSL handshake failed (client 199.120.185.113, server secure.infocom.com:443) (OpenSSL library error follows) [Thu Mar 25 04:52:37 1999] [error] OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure At which state of the handshake happens this? Use "SSLLogLevel trace" to find this out, please. But where the [error] message in your trace? Seems like you've now a different problem. And yes, it's strange that a client certificate is read although youßve not configured one. BTW, I use exactly the same software as you (FreeBSD 3.1, Apache 1.3.6, mod_ssl 2.2.6, OpenSSL 0.9.2b) and it works fine I use RedHat Linux 5.2 w/ kernel 2.2.4, Apache 1.3.6, mod_ssl 2.2.6, OpenSSL 0.9.1c with my local Netscape. So it really seems that those Mac-Netscapes send something different? Are you sure this Netscape isn't broken? Can It's not only Mac NS, but also Linux Netscape, and yes, they work fine with other sites including mod_ssl ones. you correctly connect to other SSL sites? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Original post: -- I'm having some strange problems... When compiling for the mod_ssl-2.2.6-1.3.6 RPMs I get a server that works with Win Netscape 4 Win M$IE 4, but *not* with Mac Netscape 4.5 Linux Netscape 4.08 (ssl connections that is, normal connections work fine) I use Redhat 5.2, kernel 2.2.4, openssl 0.9.1c (yeah, I know, but I did not find .2b RPMs and was lazy [could the former be the problem?]) Entries in ssl_engine.log: [info] Connection to child 2 established (server starbug.inbox.se:443) [info] SSL handshake stopped: connection was closed Netscape pops up a dialog "Netscape has encountered bad data from the server." No errors in httpd error_log /magnus __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape has encountered bad data from the server.
Ralf S. Engelschall wrote: On Thu, Mar 25, 1999, Magnus Stenman wrote: [...] It's not only Mac NS, but also Linux Netscape, and yes, they work fine with other sites including mod_ssl ones. Hmmm... my problem is still that I've not found a local situation where I can repeat this (I can only fix something when I can repeat it myself). I'm currently installing NS 4.51 for FreeBSD in the hope it has the same problem as the Linux version (at least my 4.08 hasn't). OTOH we could do the following: I'll upgrade www.engelschall.com to the latest versions and you all try to connect. Then we'll see what fails and because I control the server I hopefully can find out the reason. BTW, these failures are _not_ related to any POST or other special situations, right? You just connect to the welcome page via https://sitename/ and it immediately fails with the log entries you showed, right? Strange... Actually, om that sever the main page is a mod_rewrite to a cgi, but I also tested with regular html files, with the same result. Just drop a note, and I'll connect with Linux and Mac browsers. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Ok, Client Test Suite established
Ralf S. Engelschall wrote: Dang. NS 4.08 Linux and NS 4.5 Mac work fine on all tests... Unfortunately I cannot give you access to my box, because it's on a non-public net.. But I can enable "debug" level in the logs.. /magnus Ok, because of the problem reports with various client/platforms and the fact that I cannot reproduce the problems, I've now established a little test suite for us. Under http://en4.engelschall.com/ https://en4.engelschall.com/ an Apache/1.3.6+mod_ssl/2.2.6+OpenSSL/0.9.2b test server is running under FreeBSD 3.1. It has three test CGI scripts installed, debugging enabled and and a little mechanism to look at the last 16KB of the Apache logfiles. I've now connected with the following Netscape browsers running under X11 on my development FreeBSD 3.1 box here at home: Netscape 2.02 Netscape 3.04 Netscape 4.08 Netscape 4.51 and all four versions connected fine and passed the three CGI scripts successfully without any hangs, any I/O errors or other unusual things. In other words, as I said: Under my development platform I cannot reproduce your problems. So, it's now your turn. Connect from your favorite client platform with your esoteric clients and hopefully let us find out something... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
2.2.6-1.3.6 problems
I'm having some strange problems... When compiling for the mod_ssl-2.2.6-1.3.6 RPMs I get a server that works with Win Netscape 4 Win M$IE 4, but *not* with Mac Netscape 4.5 Linux Netscape 4.08 (ssl connections that is, normal connections work fine) I use Redhat 5.2, kernel 2.2.4, openssl 0.9.1c (yeah, I know, but I did not find .2b RPMs and was lazy [could the former be the problem?]) Entries in ssl_engine.log: [info] Connection to child 2 established (server starbug.inbox.se:443) [info] SSL handshake stopped: connection was closed Netscape pops up a dialog "Netscape has encountered bad data from the server." No errors in httpd error_log /magnus __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: apache-mod_ssl-1.3.4-2.2.2 RPMs
Ralf S. Engelschall wrote: On Fri, Feb 05, 1999, Magnus Stenman wrote: New apache-mod_ssl-1.3.4-2.2.2 RPMs are at http://www.engelschall.com/sw/mod_ssl/contrib/ Great, Magnus. You're as fast with RPMs for the RedHat users as I'm with the source distribution. I've to always really sprint with the FreeBSD port I maintain myself to have a chance against you... ;-) Thanks :) BTW, is there any significant advantages yet with openssl versus SSLeay? If so, maybe there should be some openssl RPMs, and the apache RPMs should require openssl instead of SSLeay. (I guess you'd have to choose, the two ssl libs aren't interchangeable, right?) /magnus Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Wassenaar and Free Software (FSF statement)
look at the GnuPG home page: http://www.d.shuttle.de/isil/gnupg/gsn.html Ralf S. Engelschall wrote: On Fri, Dec 18, 1998, Michael Salmon wrote: [...] The Wassenaar agreement has it's own definition of PD that is more in line with the common view than the legal view. Oh, interesting. And where is this definition written down? Any URLs at hand? I ask because I want to add information to the mod_ssl FAQ for 2.1.4. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]