Bug in mod_ssl ?
All, I recently ran into a problem with mod_ssl and Internet Explorers version 6 and 7. I have found that in the case where SSLVerifyClient is set to anything other than exactly none with Apache 1.3.x and mod_ssl 2.8.x that a client using Internet Explorer version 6 or 7 cannot connect using HTTPS. The following error is given in the ssl_error_log: mod_ssl: SSL handshake interrupted by system connection reset by peer It is not clear whether this is a mod_ssl or an Internet Explorer bug. The issue is not present when using Apache 2.2.x and the corresponding Apache mod_ssl. I would prefer to continue using Apache 1.3.x and mod_ssl 2.8.x for now, but this bug (regardless of which component is faulty) prevents that option when SSLVerifyClient and availability to clients using Internet Explorer are both simultaneously desired. Is this a known bug ? Is there a place to report this bug in greater detail ? Thanks, -- Roy Keene (Contractor) Office of Network Management (Code 7030.8) Naval Research Laboratory Stennis Space Center, MS 39529 DSN 828-4827 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Bug in mod_ssl ?
All, I recently ran into a problem with mod_ssl and Internet Explorers version 6 and 7. I have found that in the case where SSLVerifyClient is set to anything other than exactly none with Apache 1.3.x and mod_ssl 2.8.x that a client using Internet Explorer version 6 or 7 cannot connect using HTTPS. The following error is given in the ssl_error_log: mod_ssl: SSL handshake interrupted by system connection reset by peer It is not clear whether this is a mod_ssl or an Internet Explorer bug. The issue is not present when using Apache 2.2.x and the corresponding Apache mod_ssl. I would prefer to continue using Apache 1.3.x and mod_ssl 2.8.x for now, but this bug (regardless of which component is faulty) prevents that option when SSLVerifyClient and availability to clients using Internet Explorer are both simultaneously desired. Is this a known bug ? Is there a place to report this bug in greater detail ? Thanks, -- Roy Keene (Contractor) Office of Network Management (Code 7030.8) Naval Research Laboratory Stennis Space Center, MS 39529 DSN 828-4827 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
missing CRL nextUpdate field - Bug in mod_ssl (seg fault)
Hi, When using a CRL without the nextUpdate field (you can create such CRL in iPlanet), I get a segmentation fault (usingmod_ssl-2.8.8-1.3.24). This occurs in the call: i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); since X509_CRL_get_nextUpdate(crl) returns NULL in this situation.
Bug Report mod_ssl 2.8.8 for Apache 1.3.24 with openssl-0.9.6.d
Hi there, using openssl-0.9.6.d with Apache/1.3.24 (Unix) mod_perl/1.26 PHP/4.2.0 mod_ssl/2.8.8 seems to lead to the following error on solaris 2.8: Apaches error-log: [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key which prevents apache from starting. Openssl-0.9.6.c works without any problems (with the same compile options etc.) Kind regards, Bert Courtin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE bug with mod_ssl?
I think this just may be a bug with IE but I'm not sure. When I use CGI scripting with the default install of (Caldera OpenLinux 3.1 or 3.11, Not sure of the mod_ssl version and if someone can tell me how to find out I'll post it too). I found the problem with XP(IE 6) but for W98 and W2k (IE6 or IE5), every now and then I get a page cannot be displayed error, but If I took mod_ssl off and used standard http, it worked fine. Now I did find a fix for this but I wanted some info from the group on this. I put a SSLProtocol -all +SSLv2 This allowed me to only use the SSL version 2 protocol. This worked perfectly. Anyone on any guess for this? Jeremy Walton DICE Corporation Software Engineer __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Bug building mod_ssl with DSO
I get the following error when attempting to build mod_ssl: % ./configure \ --with-apxs=/usr/local/apache/bin/apxs \ --with-ssl=/usr/local/ssl % make make[1]: Entering directory `/opt/downloads/apache/mod_ssl-2.8.2-1.3.19/pkg.sslmod' gcc -c -I/usr/local/apache/include -DSOLARIS2=280 -DUSE_EXPAT -I../lib/expat-lite -fPIC -DSHARED_CORE -DEAPI -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DSHARE D_MODULE -I/usr/local/ssl/include -DMOD_SSL_VERSION=\2.8.2\ mod_ssl.c mv mod_ssl.o mod_ssl.lo In file included from mod_ssl.c:65: mod_ssl.h:552: parse error before `AP_MM' mod_ssl.h:552: warning: no semicolon at end of struct or union mod_ssl.h:572: parse error before `}' mod_ssl.h:572: warning: data definition has no type or storage class mod_ssl.c:242: warning: excess elements in struct initializer mod_ssl.c:242: warning: (near initialization for `ssl_module') mod_ssl.c:243: warning: excess elements in struct initializer mod_ssl.c:243: warning: (near initialization for `ssl_module') mod_ssl.c:244: warning: excess elements in struct initializer mod_ssl.c:244: warning: (near initialization for `ssl_module') mod_ssl.c:245: warning: excess elements in struct initializer mod_ssl.c:245: warning: (near initialization for `ssl_module') mod_ssl.c:247: warning: excess elements in struct initializer mod_ssl.c:247: warning: (near initialization for `ssl_module') make[1]: *** [mod_ssl.lo] Error 1 make[1]: Leaving directory `/opt/downloads/apache/mod_ssl-2.8.2-1.3.19/pkg.sslmo d' make: [all] Error 2 (ignored) Any ideas? Regards, Shaun Pankau [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: file-descriptor bug in mod_ssl 2.3.5 (shared memory) ?
On Fri, Jul 16, 1999, [EMAIL PROTECTED] wrote: (Solaris 2.5.1, apache 1.3.6, mod_ssl 2.3.5) Do you have losts of virtual hosts? No, just the SSL ist defined as VirtualHost on Port 443. BTW, we will try 2.3.6 and then check again. With 2.3.6 I've fixed a leak related to memory and fds: *) Fixed memory leaks on restarts related to shared memory session cache: the MM object wasn't removed at all. So even when you have only a few vhosts, but do lots of restarts, the problem can occur with 2.3.6 versions. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: file-descriptor bug in mod_ssl 2.3.5 (shared memory) ?
Hi, (Solaris 2.5.1, apache 1.3.6, mod_ssl 2.3.5) Do you have losts of virtual hosts? No, just the SSL ist defined as VirtualHost on Port 443. BTW, we will try 2.3.6 and then check again. Jan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
file-descriptor bug in mod_ssl 2.3.5 (shared memory) ?
Hallo, we just got on a upgraded server: [Wed Jul 14 00:00:20 1999] [error] mod_ssl: Cannot allocate shared memory: mm:co re: failed to attach shared memory (Too many open files) any ideas ? (Solaris 2.5.1, apache 1.3.6, mod_ssl 2.3.5) Jan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
