Client authentication from an application program
With web server apache a basic client authentication (userid/password)
can be forced from an application, sending something like that (the
example comes from php manual):
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("HTTP/1.0 401 Unauthorized");
.
The question is:
Is it possible to do the same with modssl, but requesting to provide the
user certificate instead the userid/password?
--
Mario
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: Segmentation fault on RH 6.0 with modssl and php3
[EMAIL PROTECTED] wrote: > > Mario: > > Please get the updated mod_php3 RPMs from ftp.redhat.com/updates/6.0/i386. > > --- > Preston BrownSystems Engineer > [EMAIL PROTECTED]Red Hat, Inc. Fantastic, it works! I had to do some tricks, anyway. I downloaded and compiled the source RPM (mod_php3-3.0.9-1.src.rpm) putting as configure options the same parameters found in the old spec file. I did't remove the old package mod-php3-3.0.7-3 and renamed libphp3.so into mod_php3.so. In fact apache-mod_ssl looks for /usr/lib/apache/add-php and /usr/lib/apache/del-php, and wants to find /usr/lib/apache/mod_php3.so and not /usr/lib/apache/libphp3.so (putting something else into apache-mod_ssl configuration file does not help). I hope that someone will build the new rpms. Bye -- Mario Contrary to popular belief, Unix is user friendly, It just happens to be selective about who it makes friends with. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Segmentation fault on RH 6.0 with modssl and php3
I have downloaded from http://www.modssl.org/contrib and installed
apache-mod_ssl-1.3.6.2.3.10-0.i386.rpm,
apache-mod_ssl-devel-1.3.6.2.3.10-0.i386.rpm and
mod-php3-3.0.7-3.i386.rpm into a RedHat 6.0 Linux distribution.
I use PHP3 as apache module.
When I run the script below I get the following message:
"The document contained no data. Try again later, or contact the server
administrator."
BTW the file exists, because the commented instruction gets the wanted
result.
--- The script ---
--- End script ---
I find this message in the apache error_log: " [Sun Aug 1 09:31:32
1999] [notice] child pid 727 exit signal Segmentation fault (11)".
After several trials I desumed that the line which causes the segfaults
is the one with the "fopen" php3 instruction.
This is very strange because the following script, that I wrote trying
to reproduce the problem works fine:
The working script -
";
echo ("$fileContent");
echo "";
fclose($fd);
?>
--- End of working script ---
I get similar problems in other php3 scripts with similar fopen
instructions.
I didn't have such problem with the same piece of code on RedHat 5.2 and
previous version of modssl and php3 packages.
Any help will be appreciated, thanks.
--
Mario
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: [BugDB] Problem with POST ? (PR#124)
[EMAIL PROTECTED] wrote: > > Full_Name: Akos Levay > Version: mod_ssl-2.2.4-1.3.4 > OS: Linux 2.0.xx > Submission from: hrem.elte.hu (157.181.173.82) > > At a test site of mine, At certain stage I get the the following answer > from my netscape(4.08, Linux) browser: > > "An I/O error occured during security authorization > Please try your connection later." > > This comes from a netscape error window. > This happens when I use a form with POST and > I get exactly the same error with a form that uses POST inside a PHP3 coded page. - echo ""; echo "Accetta la richiesta:"; echo ""; echo "Respingi la richiesta:"; echo ""; echo " Eventuale motivazione del rifiuto"; echo " "; echo ""; echo ""; echo ""; echo ""; -- The same page previously worked fine. I have just switched from: SSLeay-0.9.0b-4.i386.rpm, apache-mod_ssl-1.3.4-2.2.3-0.i386.rpm, mod-php3-3.0.7-1.i386.rpm, to: openssl-0.9.1c-2.i386.rpm, apache-mod.ssl-1.3.4-2.2.4-0.i386.rpm, mod-php3-3.0.7-1.i386.rpm. I work with a RH Linux 5.2. Thanks for any help. Mario __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Client basic authorisation
Steffen Dettmer wrote: > > Why do you dislike the mod_ssl User Manual ? ;-) > > Yeah, you should take a look - the manual is just great! > > This topic is described in Chapter 5 "Howto" - "Client Authentication and > Access Control" - "How can I authenticated clients based on certificates > when I know all my clients?" > > oki, > > Steffen > Thank you very much. Actually I always read manuals and HowTos before asking. Unfortunatly I am not always awake when I read manuals. BTW the manual of apache-mod_ssl that I have locally is a little bit old, and lacks the new HowTo chapter, which is really great! Mario __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Client basic authorisation
I want to authorise specific clients to access a certain directory relying upon their certificates. >From the apache-mod_ssl httpd.conf configuration file: # FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. I can't understand what I should put into my /etc/httpd/passwd and /etc/httpd/group, and how I can get the `one line' version of the client's X.509 certificate. Thanks in advance for any help. -- Mario __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ANNOUNCE: mod_ssl 2.2.4
Ralf S. Engelschall wrote: > > This week I was very busy with hacking on mod_ssl. The result is now > available: mod_ssl 2.2.4. Beside a lot of small changes at all edges for > preparing the final transition from SSLeay to OpenSSL this version fixes at I'am writing a CA SW based on apache-mod_ssl-1.3.4-2.2.0-2, SSLeay-0.9.0b-4, and mod-php3-3.0.7-1. I suppose to have to switch to OpenSSL too. Is it a difficult job; is OpenSSL syntax close to SSLeay command syntax? -- Mario __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
