Re: Upgrade ?

[Cliff Woolley]

On Mon, 24 Jun 2002, RON MCKEEVER wrote:

> Im a little confused on how to upgrade my current mod_ssl-2.8.7-1.3.23, to
> mod_ssl-2.8.10-1.3.26.
> When I untar the new apache1.3.26 it is in it own dir.. So how do I upgrade
> 1.3.23? When I run the configure statement in the mod_ssl-2.8.10 dir I cant
> state --with-apache="1.3.23", I need to state the new apache dir, right??

Right... you give mod_ssl-2.8.10 the Apache 1.3.26 *source* directory for
its --with-apache= argument.  Then when you configure apache, tell it to
*install* to the same location that 1.3.23 is currently installed using
--prefix= (eg /usr/local/apache) and use the same directory structure
(using --with-layout= ) that you used before, if any.  Then when you run
'make install' from the Apache 1.3.26 source directory, it will overwrite
your 1.3.23 installation.

That should be it.

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade ?

[Thomas Binder]

Hi!

On Mon, Jun 24, 2002 at 11:32:06AM -0400, Cliff Woolley wrote:
> Then when you run 'make install' from the Apache 1.3.26 source
> directory, it will overwrite your 1.3.23 installation.

Just in case anyone wonders: it will NOT overwrite the config
files of the 1.3.23 installation.


Ciao

Thomas
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade ?

[Cliff Woolley]

On Mon, 24 Jun 2002, Thomas Binder wrote:

> > Then when you run 'make install' from the Apache 1.3.26 source
> > directory, it will overwrite your 1.3.23 installation.
>
> Just in case anyone wonders: it will NOT overwrite the config
> files of the 1.3.23 installation.

Oh right... meant to point that out.  Thanks.  :)

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade ?

[RON MCKEEVER]

Hi Mr Woolley,

Thanks, for the email. That REALLY helped me to get my mod_ssl-2.8.7-1.3.23
upgraded to mod_ssl-2.8.10-1.3.26. 
aca# pwd
opt/apache/bin
aca# ./apachectl startssl
Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog)


I was wondering is there a web page at apache/or modssl site that explains the
upgrade process?  

This ? might not be for you or this group but I guess I'll ask anyway. 

When I use my phpinfo page, to see config info it shows that apache is :
Apache VersionApache/1.3.23 

but If I look a little further down on the phpinfo page I see the correct
info:

["SERVER_SIGNATURE"] Apache/1.3.26 Server at aca.fff.com Port
443 
["SERVER_SOFTWARE"] Apache/1.3.26 (Unix) PHP/4.1.2 mod_ssl/2.8.10
OpenSSL/0.9.6 mod_perl/1.26  

I have rebooted my system and still that one line in php shows the wrong
version? Any Ideas? 

Thanks Again,
Ron


On Mon, 24 Jun 2002 11:32:06 -0400 (EDT) Cliff Woolley <[EMAIL PROTECTED]>
wrote:

On Mon, 24 Jun 2002, RON MCKEEVER wrote:

> Im a little confused on how to upgrade my current mod_ssl-2.8.7-1.3.23, to
> mod_ssl-2.8.10-1.3.26.
> When I untar the new apache1.3.26 it is in it own dir.. So how do I upgrade
> 1.3.23? When I run the configure statement in the mod_ssl-2.8.10 dir I cant
> state --with-apache="1.3.23", I need to state the new apache dir, right??

Right... you give mod_ssl-2.8.10 the Apache 1.3.26 *source* directory for
its --with-apache= argument.  Then when you configure apache, tell it to
*install* to the same location that 1.3.23 is currently installed using
--prefix= (eg /usr/local/apache) and use the same directory structure
(using --with-layout= ) that you used before, if any.  Then when you run
'make install' from the Apache 1.3.26 source directory, it will overwrite
your 1.3.23 installation.

That should be it.

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Upgrade ?

[Hunt,Keith A]

Ron, 

I have had that same issue when I have upgraded apache.  I never noticed that it 
caused a problem, but it certainly bothered me that php did not know which version of 
apache was running.  I fixed it by recompiling php (including a make clean) and 
restarting apache.

Keith Hunt  330.972.7968  [EMAIL PROTECTED]
Internet & Server Systems
The University of Akron 

> -Original Message-
> From: RON MCKEEVER [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 24, 2002 3:42 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Upgrade ?
> 
> 
> Hi Mr Woolley,
> 
> Thanks, for the email. That REALLY helped me to get my 
> mod_ssl-2.8.7-1.3.23
> upgraded to mod_ssl-2.8.10-1.3.26. 
> aca# pwd
> opt/apache/bin
> aca# ./apachectl startssl
> Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog)
> 
> 
> I was wondering is there a web page at apache/or modssl site 
> that explains the
> upgrade process?  
> 
> This ? might not be for you or this group but I guess I'll 
> ask anyway. 
> 
> When I use my phpinfo page, to see config info it shows that 
> apache is :
> Apache VersionApache/1.3.23 
> 
> but If I look a little further down on the phpinfo page I see 
> the correct
> info:
> 
> ["SERVER_SIGNATURE"] Apache/1.3.26 Server at aca.fff.com Port
> 443 
> ["SERVER_SOFTWARE"] Apache/1.3.26 (Unix) PHP/4.1.2 mod_ssl/2.8.10
> OpenSSL/0.9.6 mod_perl/1.26  
> 
> I have rebooted my system and still that one line in php 
> shows the wrong
> version? Any Ideas? 
> 
> Thanks Again,
> Ron
> 
> 
> On Mon, 24 Jun 2002 11:32:06 -0400 (EDT) Cliff Woolley 
> <[EMAIL PROTECTED]>
> wrote:
> 
> On Mon, 24 Jun 2002, RON MCKEEVER wrote:
> 
> > Im a little confused on how to upgrade my current 
> mod_ssl-2.8.7-1.3.23, to
> > mod_ssl-2.8.10-1.3.26.
> > When I untar the new apache1.3.26 it is in it own dir.. So 
> how do I upgrade
> > 1.3.23? When I run the configure statement in the 
> mod_ssl-2.8.10 dir I cant
> > state --with-apache="1.3.23", I need to state the new 
> apache dir, right??
> 
> Right... you give mod_ssl-2.8.10 the Apache 1.3.26 *source* 
> directory for
> its --with-apache= argument.  Then when you configure apache, 
> tell it to
> *install* to the same location that 1.3.23 is currently 
> installed using
> --prefix= (eg /usr/local/apache) and use the same directory structure
> (using --with-layout= ) that you used before, if any.  Then 
> when you run
> 'make install' from the Apache 1.3.26 source directory, it 
> will overwrite
> your 1.3.23 installation.
> 
> That should be it.
> 
> --Cliff
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Upgrade ?

[Henning Sittler]

Title: RE: Upgrade ?





Recompiling PHP is really the only accurate solution to that one line from phpinfo():


Apache Version    Apache/1.3.23 


is from the last (clean?) compile of PHP, and does not reflect any chages or updates made to Apache since then.  However, the SERVER_SIGNATURE env var shown in phpinfo() is up to date and accurate, because it's directly from the current Apache.

Henning Sittler
www.inscriber.com




-Original Message-
From: Hunt,Keith A [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 1:56 PM
To: [EMAIL PROTECTED]
Subject: RE: Upgrade ?



Ron, 


I have had that same issue when I have upgraded apache.  I never noticed that it caused a problem, but it certainly bothered me that php did not know which version of apache was running.  I fixed it by recompiling php (including a make clean) and restarting apache.

Keith Hunt  330.972.7968  [EMAIL PROTECTED]
Internet & Server Systems
The University of Akron 



> 
> When I use my phpinfo page, to see config info it shows that 
> apache is :
> Apache Version    Apache/1.3.23 

RE: Upgrade ?

[RON MCKEEVER]

Thanks Keith and Henning

It makes sense to recompile PHP. I just wish it was as simple as editing a
file. Oh well

Thanks again
Ron

On Tue, 25 Jun 2002 14:07:38 -0400 Henning Sittler <[EMAIL PROTECTED]>
wrote:






RE: Upgrade ?




Recompiling PHP is really the only accurate solution to that one line from
phpinfo():



Apache Version    Apache/1.3.23 



is from the last (clean?) compile of PHP, and does not reflect any chages or
updates made to Apache since then.  However, the SERVER_SIGNATURE env var
shown in phpinfo() is up to date and accurate, because it's directly from the
current Apache.


Henning Sittler
www.inscriber.com





-Original Message-
From: Hunt,Keith A [mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 1:56 PM
To: [EMAIL PROTECTED]
Subject: RE: Upgrade ?




Ron, 



I have had that same issue when I have upgraded apache.  I never noticed that
it caused a problem, but it certainly bothered me that php did not know which
version of apache was running.  I fixed it by recompiling php (including a
make clean) and restarting apache.


Keith Hunt  330.972.7968  [EMAIL PROTECTED]
Internet & Server Systems
The University of Akron 




> 
> When I use my phpinfo page, to see config info it shows that 
> apache is :
> Apache Version    Apache/1.3.23 




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Upgrade ?

[Henning Sittler]

Title: RE: Upgrade ?





Not to keep on going about PHP on this list, but I think there is a text file kept by php which contains the value of that line about Apache, and the php compile info.  Which also means that technically you can simply edit that text file to change a *displayed* value for the compile info shown in phpinfo(), you'd just have to find that file first.


Henning Sittler
www.inscriber.com




-Original Message-
From: RON MCKEEVER [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 2:41 PM
To: [EMAIL PROTECTED]
Subject: RE: Upgrade ?



Thanks Keith and Henning


It makes sense to recompile PHP. I just wish it was as simple as editing a
file. Oh well


Thanks again
Ron

Re: Upgrade problem

[Ralf S. Engelschall]

On Mon, Dec 07, 1998, Paul Wolstenholme wrote:

> I have just upgraded mod_ssl form 2.0 to 2.1.1.  I can no longer connect
> to the server.  I get the trusty old:
> 
> A network error occured:  unable to connect to server
> 
> I think I know what the problem is but would appreciate a confirmation.
> In my httpd.conf file I have been using name based virtual hosting.  If I
> understand mod_ssl I cannot use this method but must replace it with IP
> aliases and
> remove the NameVirtualHost line.  Is this correct?  
> 
> NameVirtualHost 192.75.244.134:80 
> 
> 
>DocumentRoot /usr/local/www/data
>ServerName oscar.cprost.sfu.ca
>ErrorLog /var/log/httpd-error-oscar.log
>CustomLog /var/log/httpd-access-oscar.log combined
>SSLDisable 
> 
> 
> 
>DocumentRoot /usr/local/www/data
>ServerName oscar.cprost.sfu.ca
>SSLEngine on
>SSLOptions +CompatEnvVars
>SSLEnable
>#SSLRequire
>SSLCertificateFile /usr/local/etc/apache/ssl.crt/mycrt.crt
>SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/mykey.key
>SSLVerifyClient none
>SSLLogFile /var/log/httpd-ssl.log
>CustomLog /var/log/httpd-access-oscarSSL.log "%t %h %{version}c %{cipher}c % 
>ErrorLog /var/log/httpd-error-oscarSSL.log 
> 

A few facts:

1. The "SSLDisable" is not needed for mod_ssl 2.1. First
   there is no such directive (it's on-the-fly mapped to the existing
   "SSLEngine off"). Second the default for mod_ssl 2.1 _IS_ already off. So
   you only have to enable it where you want it instead of disabling
   everywhere you don't want it.  The same applies to "SSLEnable", it's an old
   directive which doesn't really exists. It gets mapped to "SSLEngine on",
   and because you already have a "SSLEngine on", you can also remove the
   "SSLEnable", of course.

2. As long as you only have the above vhosts for the IP
   192.75.244.134 it will work, of course. The problem with name-based virtual
   hosting pays a role only when you have more than one server with the _same_
   IP _AND_ port. In your case the two vhosts are different: they use a
   different port.

3. Your "cannot connect" problem can have different reasons.
   First I suggest you to check your Listen directives. They have to match the
   vhost sections. Second I advice you to look inside the Apache logfiles.
   Perhaps you get a connection but SSL is just not enabled (don't trust a
   "cannot connect" message, it can mean a lot of things).

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Upgrade problem

[Paul Wolstenholme]

On Tue, 8 Dec 1998, Ralf S. Engelschall wrote:

> > 
> >DocumentRoot /usr/local/www/data
> >ServerName oscar.cprost.sfu.ca
> >ErrorLog /var/log/httpd-error-oscar.log
> >CustomLog /var/log/httpd-access-oscar.log combined
> >SSLDisable 
> > 
> > 
> > 
> >DocumentRoot /usr/local/www/data
> >ServerName oscar.cprost.sfu.ca
> >SSLEngine on
> >SSLCertificateFile /usr/local/etc/apache/ssl.crt/mycrt.crt
> >SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/mykey.key
> >SSLVerifyClient none
> >SSLLogFile /var/log/httpd-ssl.log
> >CustomLog /var/log/httpd-access-oscarSSL.log "%t %h %{version}c %{cipher}c % 
>ErrorLog /var/log/httpd-error-oscarSSL.log 
> > 
> 
> A few facts:
> 
> 2. As long as you only have the above vhosts for the IP
>192.75.244.134 it will work, of course. The problem with name-based virtual
>hosting pays a role only when you have more than one server with the _same_
>IP _AND_ port. In your case the two vhosts are different: they use a
>different port.

I have multiple virtual hosts (8)  using the same ip but I really will
only use one (or maybe two)  of these with SSL.  Will SSL work in a mixed
name-based and ip-based environment.  I was thinking that I would add
another ip (or 2) to my machine and use name-base virtual hosts for the
domains that do not require SSL and use ip-based virtual hosts for the
domains that require ssl.  Does this sound reasonable? More importantly 
ill it work?

Thanks

/Paul

>Ralf S. Engelschall
>[EMAIL PROTECTED]
>www.engelschall.com
> __
> Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Upgrade Question

[Cliff Woolley]

On Thu, 20 Jun 2002, RON MCKEEVER wrote:

> I currently have mod_ssl-2.8.7-1.3.23(apache) deal. I have seen the
> security issue and the suggetions to upgrade to 2.0 or 1.3.26.
>
> Couple of questions, Please.
>
> 1. Can I just install the new apache version over my old install? And
> will it still use my ssl info?

If by "info" you mean configuration, the answer is yes.  If by "info"
you mean mod_ssl itself, the answer is no.

> 2. Or do I need to wait for a "mod_ssl-2.x.x-1.3.26" release??

There has already been one.  mod_ssl 2.8.9 is out.

So just grab 1.3.26 and 2.8.9, compile them with the same options you
did on 1.3.23/2.8.7, and when you install it it will overwrite the old
binaries but keep your old config files.

(remember to back up the old install directory just in case ;)

--Cliff


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade Question

[Bruno Georges]

Rob
You will need to recompile after you installed openssl, also you need 
to get apache 1.3.28.
First install openssl, then mod_ssl and apache . Openssl as a very good 
readme about the installation process.

You don't need to upgrade your  certificate .

Bruno
On Wednesday, Oct 1, 2003, at 15:44 Europe/London, rmck wrote:
I have an upgrade questions that I hope someone can help me with.
I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of 
upgrading openssl,
and then plan on moving to mod_ssl-2.8.15-1.3.28.

1. For my current version of mod_ssl/apache will it break when I finsh 
the ssl upgrade??

2. Will i need to re-complie because of the new ssl version? ( I 
assume I will )

3. I also have a vaild cert from veriSign. Will I need to get an 
updated one when I'm done with the upgrades?

Thanks,
Rob
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade Question

[rmck]

Thank You!

-Original Message-
From: Bruno Georges <[EMAIL PROTECTED]>
Sent: Oct 1, 2003 8:31 AM
To: [EMAIL PROTECTED]
Subject: Re: Upgrade Question

Rob
You will need to recompile after you installed openssl, also you need 
to get apache 1.3.28.
First install openssl, then mod_ssl and apache . Openssl as a very good 
readme about the installation process.

You don't need to upgrade your  certificate .

Bruno
On Wednesday, Oct 1, 2003, at 15:44 Europe/London, rmck wrote:

> I have an upgrade questions that I hope someone can help me with.
> I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of 
> upgrading openssl,
> and then plan on moving to mod_ssl-2.8.15-1.3.28.
>
> 1. For my current version of mod_ssl/apache will it break when I finsh 
> the ssl upgrade??
>
> 2. Will i need to re-complie because of the new ssl version? ( I 
> assume I will )
>
> 3. I also have a vaild cert from veriSign. Will I need to get an 
> updated one when I'm done with the upgrades?
>
> Thanks,
> Rob
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
>
>
Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade to 2.0.44 ?

[Estrade Matthieu]

Hi,

In apache 2.0, mod_ssl is buit in, so to enable it when you compile, 
just do:

httpd-2.0.44#./configure --prefix=path --enable-ssl 
--with-ssl=path-to-openssl

like ./configure --prefix=/usr/local/apache --enable-ssl 
--with-ssl=/usr/local/openssl/bin/openssl

if you want to use SSL crypto hardware, you have to enable it with 
CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE"
keep your configure script, and whe you will want to upgrade your apache 
2.0 to next version, just launch the script and make to rebuild the new 
apache.
and will not overwrite old install...

It's easier with apache 2.0 :)

regards,

E.M




Ron McKeever wrote:

Hello,

I currently have mod_ssl-2.8.12-1.3.27.apache that I installed and
downloaded from mod_ssl.org. I'm looking at going to 2.0.11 apache.

I know with other versions of mod_ssl/apache when I upgraded I did the
following:

Give mod_ssl-2.8.new the Apache 1.3.new *source* directory for
its --with-apache= argument.  Then when you configure apache, tell it to
*install* to the same location that 1.3.old is currently installed using
--prefix= (eg /usr/local/apache) and use the same directory structure
(using --with-layout= ) that you used before, if any.  Then when you run
'make install' from the Apache 1.3.new source directory, it will overwrite
your 1.3.old installation.

Do I do the same thing with upgrading to apache 2.0.44? Since mod_ssl is
built-in to the new apache version I was thinking it might be different.
Thanks

Ron

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
_
GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321
(prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné.
Règlement : http://www.ifrance.com/_reloc/sign.sms

 



_
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade to Apache 1.3.12 or ... ?

[Ralf S. Engelschall]

On Mon, Mar 13, 2000, [EMAIL PROTECTED] wrote:

> If we are using Apache 1.3.9 with the associated mod_ssl, should 
> we upgrade to Apache 1.3.12 and the associated mod_ssl per the 
> procedure at http://www.modssl.org/example/ ?The fact that 
> Apache.org is still running Apache version 1.3.9 on its website 
> (which can be confirmed at: http://www.netcraft.com/whats/ )  does 
> not instill confidence to do an upgrade. ~

That we run 1.3.9 on www.apache.org doesn't mean anything and especially
not that we don't have less confidence in 1.3.12. It's just because
Brian B. doesn't always immediately upgrade the Apache installation on
this box. That all...
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade to Apache 1.3.12 or ... ?

[Lewis Bergman]

Do you run scripts which are subject to the cross site scripting addressed in
one of the latest CERT's. 1.3.12 addresses this problem.

On Mon, 13 Mar 2000, you wrote:
> If we are using Apache 1.3.9 with the associated mod_ssl, should 
> we upgrade to Apache 1.3.12 and the associated mod_ssl per the 
> procedure at http://www.modssl.org/example/ ?The fact that 
> Apache.org is still running Apache version 1.3.9 on its website 
> (which can be confirmed at: http://www.netcraft.com/whats/ )  does 
> not instill confidence to do an upgrade. ~
> 
> Any opinions from the experienced folks here would be gratefully 
> received. 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
-- 
-Lewis Bergman-
Texas Communications
915-695-6962
4309 Maple St.
Abilene, TX 79602
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade from 2.2.6-1.3.6 to 2.2.7 problem

[Ralf S. Engelschall]

On Mon, Mar 29, 1999, Igor S. Livshits wrote:

> I had a working 2.2.6-1.3.6 setup and decided to try the quick 
> libssl.so-only upgrade. I rebuilt the library via
> 
> ./configure --with-apxs=/usr/local/apache/bin/apxs 
> --with-ssl=../openssl-0.9.2b/ --with-rsa=../rsaref-2.0/local/
> 
> and then ran make and make install.
> 
> The library failed to work however:
> 
> Cannot load /usr/local/apache/libexec/libssl.so into server: 
> /usr/local/apache/libexec/libssl.so: undefined symbol: dbm_firstkey
> 
> Recompiling apache-1.3.6 with the 2.2.7 distribution worked just 
> fine. I've successfully rebuilt modules with apxs before, but I have 
> never succeeded in rebuilding libssl.so alone.

Then I guess you built mod_ssl statically inside the source tree. The problem
is just that the DSO has to be built against the DBM library. As a workaround
you can try to enable the shipped SDBM stuff.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Upgrade from 2.2.6-1.3.6 to 2.2.7 problem

[Igor S. Livshits]

At 8:39 AM +0200 on 3/30/99, Ralf S. Engelschall wrote:
> Then I guess you built mod_ssl statically inside the source tree. The problem
> is just that the DSO has to be built against the DBM library. As a workaround
> you can try to enable the shipped SDBM stuff.


Nope -- I am pretty sure that I built it dynamically. Seems that one 
can find my DBM header files and libs, but the other one cannot. I am 
building from parallel subdirectories with the same compiler...

Here's my config for the full build:

./configure --with-apache=../apache_1.3.6 \
--with-crt=/path/to/server.crt \
--with-key=/path/to/server.key

and then:

env SSL_BASE=../openssl-0.9.2b/ \
env RSA_BASE=../rsaref-2.0/local \
./configure --prefix=/usr/local/apache --enable-module=so --enable-module=ssl \
--enable-shared=max --disable-rule=SSL_COMPAT

Thanks, igor
__
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Upgrade to Apache 1.3.12 or ... ? dear ME!

[tim]

hello ...

what a shame that the apache sysadmin is too lazy to update, are they also still 
running FreeBSD 2.2.7? 

tim

On Mon, Mar 13, 2000 at 09:37:16AM -0500, [EMAIL PROTECTED] wrote:
> If we are using Apache 1.3.9 with the associated mod_ssl, should 
> we upgrade to Apache 1.3.12 and the associated mod_ssl per the 
> procedure at http://www.modssl.org/example/ ?The fact that 
> Apache.org is still running Apache version 1.3.9 on its website 
> (which can be confirmed at: http://www.netcraft.com/whats/ )  does 
> not instill confidence to do an upgrade. ~
> 
> Any opinions from the experienced folks here would be gratefully 
> received. 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Upgrade to Apache 1.3.12 or ... ? dear ME!

[Boyce, Nick]

"Tim" <[EMAIL PROTECTED]> wrote :

> what a shame that the apache sysadmin is too lazy to update

I think that's kind of uncalled-for. 

Points :
1) I expect Brian Behlendorf (sp?) is at the ApacheCon conference, has been
preparing for it, and/or is on his way back.
Either way, he'll have been a mite busy just lately.
2) As Lewis Bergman explained just now :
"Do you run scripts which are subject to the cross site scripting
addressed in
 one of the latest CERT's. 1.3.12 addresses this problem."
   The main point of 1.3.12 is to address those security problems; if a
website doesn't have any dynamic content, and hasn't hit any of the other
(mostly minor ?) bugs fixed in 1.3.12, then there's no *need* to upgrade.

What's your purpose ?

Nick
Systems Team, EDS Healthcare, Bristol, UK
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Upgrade to Apache 1.3.12 or ... ? dear ME!

[wwebb]

> 2) As Lewis Bergman explained just now :
> "Do you run scripts which are subject to the cross site scripting
> addressed in
>  one of the latest CERT's. 1.3.12 addresses this problem."

Well, the truth is, I don't know if they are subject to "cross site 
scripting..." :-/

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Upgrade to Apache 1.3.12 or ... ? dear ME!

[Airey, John]

I think it's like the advice to never buy a car from a mechanic. He'll
always be too busy mending other people's cars to fix his own. Except in
this case the car is a webserver.

John

-Original Message-
From: tim [mailto:[EMAIL PROTECTED]]
Sent: 13 March 2000 18:51
To: [EMAIL PROTECTED]
Subject: Re: Upgrade to Apache 1.3.12 or ... ? dear ME! 



hello ...

what a shame that the apache sysadmin is too lazy to update, are they also
still running FreeBSD 2.2.7? 

tim
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Upgrade to Apache 1.3.12 or ... ? dear ME! ... nothing mean was meant here.

[tim]

hello ...

nothing mean was meant here. I never do any finger pointing. Thus, I don't think 
anyone is too lazy and you have to
admire all those who work in the Apache Project, like any open-source project (like 
mod_ssl).

The people work very hard for the concept of open-source, for people like me, who 
can't write anything more in C
than hello world. 

If Apache does release something new, it always has my 100 percent trust. I trust the 
very kind people from Apache
that they have done their very best to ensure that the product has gone through all 
the controls if needs to. And
that is why Apache is the most popular webserver by far. 

Thus, maybe that's the reason that they don't have the time to update Apache on their 
own server. And yes, I don't
doubt for a second that they are using FreeBSD elf now. 

tim

On Mon, Mar 13, 2000 at 08:44:56PM -, Boyce, Nick wrote:
> "Tim" <[EMAIL PROTECTED]> wrote :
> 
> > what a shame that the apache sysadmin is too lazy to update
> 
> I think that's kind of uncalled-for. 
> 
> Points :
> 1) I expect Brian Behlendorf (sp?) is at the ApacheCon conference, has been
> preparing for it, and/or is on his way back.
> Either way, he'll have been a mite busy just lately.
> 2) As Lewis Bergman explained just now :
> "Do you run scripts which are subject to the cross site scripting
> addressed in
>  one of the latest CERT's. 1.3.12 addresses this problem."
>The main point of 1.3.12 is to address those security problems; if a
> website doesn't have any dynamic content, and hasn't hit any of the other
> (mostly minor ?) bugs fixed in 1.3.12, then there's no *need* to upgrade.
> 
> What's your purpose ?
> 
> Nick
> Systems Team, EDS Healthcare, Bristol, UK
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]