Re: SSL_Scache version 2.8.7

2002-03-18 Thread Mads Toftum 

On Sun, Mar 17, 2002 at 08:28:56PM -0600, Petra Computing wrote:
> Has anyone configured and used the MM library that Ralf wrote?
> Will this work on the RHLinx 6.2 (kernel 2.2.19) platform?

Yes. It works very well - just ./configure --disable-shared in MM

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
  -- "The Hitchhiker's Guide to the Galaxy"
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

SSL_Scache version 2.8.7

2002-03-18 Thread Petra Computing 



 
I'm noticing that 
"ssl_scache.dir" is a 0 byte file.
 
Is this 
"normal"?
 
The wierdness 
continuesin full SSL mode, whith 100% content 
in the secured 
directory, I get half loaded pages, and Page Not Found 
errors.
 
It happens with both 
Netscape as well as IE5.5
 
Any ideas about what 
can be done?
 
Has anyone 
configured and used the MM library that Ralf wrote?
Will this work on 
the RHLinx 6.2 (kernel 2.2.19) platform?
 
Sigh, someday, I'll 
be the one with the answers instead...
 
 
Regards,
-Arthur.
 

Re: Problem with ssl_scache

2000-11-08 Thread Göran Fröjdh 

00-11-08 14.28, skrev [EMAIL PROTECTED] på [EMAIL PROTECTED]
följande:

> OK, if you change to the "nobody" user (or whoever you run the server as)
> can you write to that directory?
Yes, but that isn't very satisfacory security-wise, is it?

> Sometimes file permissions get missed. I did this recently and couldn't run
> X-windows until I corrected the permissions on /usr. The easy
> 
> If you can't change to "nobody", it may be worth considering creating a user
> for your web server to run under. Change the "User" and "Group" settings in
> httpd.conf to reflect this user. Some systems cannot run a web server as
> nobody.

The server runs as nobody, a setup I have always used before, however this
one is a freeBSD box, and it might be different there. Any input is
apprecieated.
/Goran

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Problem with ssl_scache

2000-11-08 Thread John . Airey 

(Oh dear, brain was in off-line mode when I sent the last post)

OK, if you change to the "nobody" user (or whoever you run the server as)
can you write to that directory?

Sometimes file permissions get missed. I did this recently and couldn't run
X-windows until I corrected the permissions on /usr. The easy mistakes are
often those that are overlooked.

If you can't change to "nobody", it may be worth considering creating a user
for your web server to run under. Change the "User" and "Group" settings in
httpd.conf to reflect this user. Some systems cannot run a web server as
nobody.

John

-Original Message-
From: Göran Fröjdh [mailto:[EMAIL PROTECTED]]
Sent: 08 November 2000 12:56
To: [EMAIL PROTECTED]
Subject: Re: Problem with ssl_scache


00-11-08 13.04, skrev [EMAIL PROTECTED] på [EMAIL PROTECTED]
följande:

> This is probably a daft question, but does the directory
> /usr/local/apache/conf/ssl actually exist?
> 
Well... yes...

bash-2.04# pwd
/usr/local/apache/conf/ssl


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Problem with ssl_scache

2000-11-08 Thread John . Airey 

OK, if you change to the "nobody" user (or whoever you run the server as)
can you write to that directory?

Sometimes file permissions get missed. I did this recently and couldn't run
X-windows until I corrected the permissions on /usr. The easy 

If you can't change to "nobody", it may be worth considering creating a user
for your web server to run under. Change the "User" and "Group" settings in
httpd.conf to reflect this user. Some systems cannot run a web server as
nobody.

John

-Original Message-
From: Göran Fröjdh [mailto:[EMAIL PROTECTED]]
Sent: 08 November 2000 12:56
To: [EMAIL PROTECTED]
Subject: Re: Problem with ssl_scache


00-11-08 13.04, skrev [EMAIL PROTECTED] på [EMAIL PROTECTED]
följande:

> This is probably a daft question, but does the directory
> /usr/local/apache/conf/ssl actually exist?
> 
Well... yes...

bash-2.04# pwd
/usr/local/apache/conf/ssl


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Problem with ssl_scache

2000-11-08 Thread Göran Fröjdh 

00-11-08 13.04, skrev [EMAIL PROTECTED] på [EMAIL PROTECTED]
följande:

> This is probably a daft question, but does the directory
> /usr/local/apache/conf/ssl actually exist?
> 
Well... yes...

bash-2.04# pwd
/usr/local/apache/conf/ssl


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Problem with ssl_scache

2000-11-08 Thread John . Airey 

This is probably a daft question, but does the directory
/usr/local/apache/conf/ssl actually exist?

- 
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 


-Original Message-
From: Göran Fröjdh [mailto:[EMAIL PROTECTED]]
Sent: 08 November 2000 11:58
To: [EMAIL PROTECTED]
Subject: Re: Problem with ssl_scache


00-11-08 9.22, skrev Marcus Lachmanez på [EMAIL PROTECTED]
följande:

> What about file permissions ?

Well, they are all owned by root, look below:

-rw-r--r--  1 rootwheel   1273 Aug 21 15:48 ca.crt
drwxr-xr-x  2 rootwheel512 Aug 21 15:48 ca.db.certs
-rw-r--r--  1 rootwheel119 Aug 21 15:48 ca.db.index
-rw-r--r--  1 rootwheel  3 Aug 21 15:48 ca.db.serial
-rw-r--r--  1 rootwheel963 Aug 21 15:47 ca.key
-rw-r--r--  1 rootwheel881 Sep 19 01:43 fragzone.crt
-r  1 rootwheel887 Sep 19 01:41 fragzone.key
-r  1 rootwheel958 Sep 19 01:41 fragzone.key.passw
-r  1 rootwheel963 Sep 19 01:41 fragzone.se.key
-rw-r--r--  1 rootwheel783 Oct 22 22:34 httpd.Apassw
-rw-r--r--  1 rootwheel762 Oct 22 22:22 httpd.Apassw~
-rw-r--r--  1 rootwheel   1597 Oct 22 22:33 httpd.passw
-rw-r--r--  1 rootwheel   1553 Oct 22 22:21 httpd.passw~
-rw-r--r--  1 rootwheel   2893 Aug 21 15:48 server.crt
-rw-r--r--  1 rootwheel777 Aug 21 15:22 server.csr
-r  1 rootwheel891 Aug 21 16:20 server.key
-r  1 rootwheel963 Aug 21 16:19 server.key.org
-rwxr-xr-x  1 rootwheel   1784 Aug 21 15:27 sign.sh
-rw---  1 nobody  wheel  0 Nov  8 11:18 ssl_mutex.142
-rw---  1 nobody  wheel  0 Oct 16 02:07 ssl_mutex.43784
-rw---  1 nobody  wheel  16384 Nov  8 11:18 ssl_scache.db
-rw-r--r--  1 rootwheel   1080 Oct 12 13:07 validAdminusers
-rw-r--r--  1 rootwheel   1678 Oct 12 12:58 validusers


The levels above have the same ownership and permissions om the folders.

(what's interesting is that there are a file called ssl_scache.db being
created, but it's not this one that is accessed).



> Göran Fröjdh wrote:
> 
>> I'm experiencing a problem with starting Apache w. modssl. For some
reason,
>> the ssl cache file doesn't seem to be created. Below are the logs:

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Problem with ssl_scache

2000-11-08 Thread Göran Fröjdh 

00-11-08 9.22, skrev Marcus Lachmanez på [EMAIL PROTECTED]
följande:

> What about file permissions ?

Well, they are all owned by root, look below:

-rw-r--r--  1 rootwheel   1273 Aug 21 15:48 ca.crt
drwxr-xr-x  2 rootwheel512 Aug 21 15:48 ca.db.certs
-rw-r--r--  1 rootwheel119 Aug 21 15:48 ca.db.index
-rw-r--r--  1 rootwheel  3 Aug 21 15:48 ca.db.serial
-rw-r--r--  1 rootwheel963 Aug 21 15:47 ca.key
-rw-r--r--  1 rootwheel881 Sep 19 01:43 fragzone.crt
-r  1 rootwheel887 Sep 19 01:41 fragzone.key
-r  1 rootwheel958 Sep 19 01:41 fragzone.key.passw
-r  1 rootwheel963 Sep 19 01:41 fragzone.se.key
-rw-r--r--  1 rootwheel783 Oct 22 22:34 httpd.Apassw
-rw-r--r--  1 rootwheel762 Oct 22 22:22 httpd.Apassw~
-rw-r--r--  1 rootwheel   1597 Oct 22 22:33 httpd.passw
-rw-r--r--  1 rootwheel   1553 Oct 22 22:21 httpd.passw~
-rw-r--r--  1 rootwheel   2893 Aug 21 15:48 server.crt
-rw-r--r--  1 rootwheel777 Aug 21 15:22 server.csr
-r  1 rootwheel891 Aug 21 16:20 server.key
-r  1 rootwheel963 Aug 21 16:19 server.key.org
-rwxr-xr-x  1 rootwheel   1784 Aug 21 15:27 sign.sh
-rw---  1 nobody  wheel  0 Nov  8 11:18 ssl_mutex.142
-rw---  1 nobody  wheel  0 Oct 16 02:07 ssl_mutex.43784
-rw---  1 nobody  wheel  16384 Nov  8 11:18 ssl_scache.db
-rw-r--r--  1 rootwheel   1080 Oct 12 13:07 validAdminusers
-rw-r--r--  1 rootwheel   1678 Oct 12 12:58 validusers


The levels above have the same ownership and permissions om the folders.

(what's interesting is that there are a file called ssl_scache.db being
created, but it's not this one that is accessed).



> Göran Fröjdh wrote:
> 
>> I'm experiencing a problem with starting Apache w. modssl. For some reason,
>> the ssl cache file doesn't seem to be created. Below are the logs:

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Problem with ssl_scache

2000-11-08 Thread Marcus Lachmanez 

What about file permissions ?



Göran Fröjdh wrote:

> I'm experiencing a problem with starting Apache w. modssl. For some reason,
> the ssl cache file doesn't seem to be created. Below are the logs:
>
> [Tue Nov  7 23:04:24 2000] [error] mod_ssl: Cannot open SSLSessionCache DBM
> file `/usr/local/apache/conf/ssl/ssl_scache' for scannin
> g (System error follows)
> [Tue Nov  7 23:04:24 2000] [error] System: No such file or directory (errno:
> 2)
> [Tue Nov  7 23:04:24 2000] [error] mod_ssl: Cannot open SSLSessionCache DBM
> file `/usr/local/apache/conf/ssl/ssl_scache' for reading
>  (fetch) (System error follows)
> [Tue Nov  7 23:04:24 2000] [error] System: No such file or directory (errno:
> 2)
> [Tue Nov  7 23:04:25 2000] [error] mod_ssl: Cannot open SSLSessionCache DBM
> file `/usr/local/apache/conf/ssl/ssl_scache' for writing
>  (store) (System error follows)
> [Tue Nov  7 23:04:25 2000] [error] System: No such file or directory (errno:
> 2)
>
> Anyone had this problem and know of a fix?
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]

--
* Linux Viruscan.
 Windows 95/98/NT/WIN2000 Found  Remove it ? (Y/y)

*
   Marcus Lachmanez
   System Analyst
   INTERNET PRODUCTS TEAM

   Oracle Germany
*


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Problem with ssl_scache

2000-11-07 Thread Göran Fröjdh 

I'm experiencing a problem with starting Apache w. modssl. For some reason,
the ssl cache file doesn't seem to be created. Below are the logs:

[Tue Nov  7 23:04:24 2000] [error] mod_ssl: Cannot open SSLSessionCache DBM
file `/usr/local/apache/conf/ssl/ssl_scache' for scannin
g (System error follows)
[Tue Nov  7 23:04:24 2000] [error] System: No such file or directory (errno:
2)
[Tue Nov  7 23:04:24 2000] [error] mod_ssl: Cannot open SSLSessionCache DBM
file `/usr/local/apache/conf/ssl/ssl_scache' for reading
 (fetch) (System error follows)
[Tue Nov  7 23:04:24 2000] [error] System: No such file or directory (errno:
2)
[Tue Nov  7 23:04:25 2000] [error] mod_ssl: Cannot open SSLSessionCache DBM
file `/usr/local/apache/conf/ssl/ssl_scache' for writing
 (store) (System error follows)
[Tue Nov  7 23:04:25 2000] [error] System: No such file or directory (errno:
2)


Anyone had this problem and know of a fix?

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

ssl_scache

2000-08-03 Thread Paul 

I have my session caching set to about 5 minutes, and now it's working
*but* -- I've had some trouble getting the system to *keep* the
ssl_scache file.  At this point I have a nightly process doing a
">>ssl_scache.pag" and ">>ssl_scache.dir" and "chmod 777
ssl_scache.???", but that certainly doesn't seem to be the optimal
solution.  never mind the security problem with the 777 mode, why
should I have to keep manually creating the file every night?  How was
it getting deleted, or the permissions changed?  Has anybody else seen
anything like this, or is it just another ridiculous quirk of this old
system on which I work?

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: RH 6.0 - NDBM - /var/run/ssl_scache => PATCH !!!

1999-06-09 Thread GOMEZ Henri 

> I have allways problem when accessing /var/run/ssl_cache, too.
> So I use chown command manually after installation.
> 
[GOMEZ Henri]  ModSSL do a chown in ssl_engine_scache.c. Check if
the defines for files
extensions ma with your DB installation

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: RH 6.0 - NDBM - /var/run/ssl_scache => PATCH !!!

1999-06-09 Thread Ralf S. Engelschall 

On Wed, Jun 09, 1999, GOMEZ Henri wrote:

> There is a real problem with RH 6.0 and dual db libs on glibc 2.1
> #define DBM_SUFFIX  ".db"
> 
> The problem lies in the fact mod_ssl chown to nobody inexisting files.
>  
> So here is the patch which will be soon commited to RPM by Magnus
> [...]

Thanks for the feedback and patches. The parts for mod_rewrite.h and
mod_auth_dbm.c I've comitted to the Apache repository for Apache 1.3.7 after
making the check more robust. The part for mod_ssl.h will appear with mod_ssl
2.3.3.
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: RH 6.0 - NDBM - /var/run/ssl_scache => PATCH !!!

1999-06-09 Thread Toru Takinaka 


>But I've allways problem when accessing /var/run/ssl_cache
>
>[08/Jun/1999 17:59:09] [error] Cannot open SSLSessionCache DBM file
>`/var/run/ssl_scache' for expiring (System error follows)
>[08/Jun/1999 17:59:09] [error] System: Permission denied (errno: 13)
>[08/Jun/1999 17:59:09] [error] Cannot open SSLSessionCache DBM file
>`/var/run/ssl_scache' for writing (store) (System error follows)
>[08/Jun/1999 17:59:09] [error] System: Permission denied (errno: 13)

I have allways problem when accessing /var/run/ssl_cache, too.
So I use chown command manually after installation.

I use Solaris2.6 and Berkeley-DB 2.X.
And I create /usr/local/BerkeleyDB/include/ndbm.h like this.
#ifndef _NDBM_H_
#define _NDBM_H_
#define DB_DBM_HSEARCH 1
#include 
#endif

And I use configure command of mod_ssl like this.
CFLAGS="-I/usr/local/bind/include -I/usr/local/BerkeleyDB/include -DNO_IDEA"
LIBS="-L/usr/local/bind/lib -lbind -L/usr/local/BerkeleyDB/lib -ldb"
LANG=
export CFLAGS LIBS LANG
./configure  \
--with-apache=../apache_1.3.6  \
--with-ssleay=/usr/local/ssl \
--prefix=/usr/local/apache \
--enable-shared=ssl \
--enable-module=so \
--enable-module=rewrite

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RH 6.0 - NDBM - /var/run/ssl_scache => PATCH !!!

1999-06-09 Thread GOMEZ Henri 


There is a real problem with RH 6.0 and dual db libs on glibc 2.1

When I got the standard binary RPM (from Magnus) and try to run it on 
my RH 6.0 system, mod_ssl core dump (SIGSEGV) when accessing https files.
If I rebuild the source, and use the new binary there is no more core.

ldd tell us that the 5.2 generated httpd use libdb.so.2 and
6.O generated's use libdb.so.3. It seems there is something
broken in liddb.so.2 support under glibc 2.1.

But I've allways problem when accessing /var/run/ssl_cache

[08/Jun/1999 17:59:09] [error] Cannot open SSLSessionCache DBM file
`/var/run/ssl_scache' for expiring (System error follows)
[08/Jun/1999 17:59:09] [error] System: Permission denied (errno: 13)
[08/Jun/1999 17:59:09] [error] Cannot open SSLSessionCache DBM file
`/var/run/ssl_scache' for writing (store) (System error follows)
[08/Jun/1999 17:59:09] [error] System: Permission denied (errno: 13)

the file seems to be mod 600 and own/grp root. It's seems ok since the http
father create dbm.
But childs run as nobody/nobody so they couldn't ever access the dbm file. 

Looking system calls with strace give :

[4012eed7] geteuid()= 0
[401434f4] chown("/var/run/ssl_scache", 99, 4294967295) = -1 ENOENT (No such
file or directory)
[401434f4] chown("/var/run/ssl_scache.dir", 99, 4294967295) = -1 ENOENT (No
such file or directory)
[401434f4] chown("/var/run/ssl_scache.pag", 99, 4294967295) = -1 ENOENT (No
such file or directory)

And if you look in /usr/include/db1/ndbm.h you see

/*
 * The db(3) support for ndbm(3) always appends this suffix to the
 * file name to avoid overwriting the user's original database.
 */

#define DBM_SUFFIX  ".db"

The problem lies in the fact mod_ssl chown to nobody inexisting files.
 
So here is the patch which will be soon commited to RPM by Magnus

 <> 

...
. . S.L.I.B   .
.   [_]   . 5 Place Charles Béraudier .
.  (. .)  . 69428 Lyon Cedex 03   .
..oOOo..(_)..oOOo..
. Tel: 0472367723 .
. Henri Gomez  [EMAIL PROTECTED]  Fax: 0472367778 .
...


 apache-ndbm.patch

Re: safe way to purge ssl_scache

1999-02-05 Thread Ralf S. Engelschall 

On Fri, Feb 05, 1999, Lai Yiu Fai wrote:

> It seems that the ssl_scache dbm file grows indefinitely.  Is there a safe
> way to purge it?  I try to move both .dir and .pag to other filenames and
> restart the server.  The error_log gave a lot of errors stating cannot open
> SSLSessionCache DBM file for reading/writing.  Is it only the way to stop
> the server, purge the ssl_scache and start the server again?

Hmmm... in ssl_engine_scache.c, line 375, there is ``if (nExpireCalls++ <
100)'' which means that sessions are expired every 100 HTTPS hits only.  You
can reduce the number 100 to 10 or even to 1 to expire more often. This
doesn't shrink the DBM file, but it should prevent it from growing such fast.
Additionally you have to reduce the expire time with SSLSessionCacheTimeout,
because the expiring deletes only entries which were already expired, of
course. Let it me know whether this works for you.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

safe way to purge ssl_scache

1999-02-05 Thread Lai Yiu Fai 


It seems that the ssl_scache dbm file grows indefinitely.  Is there a safe
way to purge it?  I try to move both .dir and .pag to other filenames and
restart the server.  The error_log gave a lot of errors stating cannot open
SSLSessionCache DBM file for reading/writing.  Is it only the way to stop
the server, purge the ssl_scache and start the server again?

Rgds,
===
Lai Yiu Fai   |  Tel.:   (852) 2358-6202
Centre of Computing Services  |  Fax.:   (852) 2358-2737
 & Telecommunications |  E-mail: [EMAIL PROTECTED]
  |
The Hong Kong University of   |  Clear Water Bay,
Science & Technology  |  Kowloon, Hong Kong.
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 2.1.8 ssl_scache ownership?

1999-01-26 Thread Ralf S. Engelschall 

On Mon, Jan 25, 1999, Jake Buchholz wrote:

> When ssl_scache.{pag,dir} get initially created, they're owned to root,
> instead of the eventual UID that apache's running as...  Which means, I
> get a lot of engine messages about the fact that it can't open the DBM
> file for writing, and renders the cache pretty much useless...  If I
> chown it to the right UID, all is well.

Hmmm.. which version of mod_ssl is it?
Actually in ssl_engine_scache.c at line 227 you can find this piece of code I
wrote to overcome the child-process problem:

| #ifndef WIN32
| /*
|  * we have to make sure the Apache child processes
|  * have access to the DBM file...
|  */
| if (geteuid() == 0 /* is superuser */) {
| chown(mc->szSessionCacheDataFile,
|   ap_user_id, -1 /* no gid change */);
| chown(ap_pstrcat(p, mc->szSessionCacheDataFile,
|  SSL_DBM_FILE_SUFFIX_DIR, NULL),
|   ap_user_id, -1 /* no gid change */);
| chown(ap_pstrcat(p, mc->szSessionCacheDataFile,
|  SSL_DBM_FILE_SUFFIX_PAG, NULL),
|   ap_user_id, -1 /* no gid change */);
| }
| #endif

Seems like either the SSL_DBM_FILE_SUFFIX_{DIR,PAG} macros are incorrectly
determined on your platform, or the ap_user_id contains "root" (check your
User/Group directives) or geteuid() doesn't return 0 for your situation.  Can
you find out more?
   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

2.1.8 ssl_scache ownership?

1999-01-26 Thread Jake Buchholz 

When ssl_scache.{pag,dir} get initially created, they're owned to root,
instead of the eventual UID that apache's running as...  Which means, I
get a lot of engine messages about the fact that it can't open the DBM
file for writing, and renders the cache pretty much useless...  If I
chown it to the right UID, all is well.

-- 
Jake Buchholz, ExecPC Sr. Systems Administrator :   /~\
[EMAIL PROTECTED] -- http://www.execpc.com/~jake  :ASCII  \ /  Against
Fngrpt PGP262: 29f3322af2da07994dc03fdf1f50aed2 :   Ribbon   X   HTML
GnuPG: 53d97ab3d279f731e7d2fc1197ca38544423882b : Campaign  / \  Mail
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: mod_ssl: Cannot open SSLSessionCache DBM file `/usr/local/apache/var/run/ssl_scache'

1998-12-05 Thread Ralf S. Engelschall 

On Sat, Dec 05, 1998, Fredj Dridi wrote:

> I use mod_ssl-2.1.2-1.3.3 and apache_1.3.3 on Red Hat 5.1 (Kernel 2.0.34
> on an i686) box. After compiling and installing apache I have started
> apache with /usr/local/apache/sbin/apachectl startssl. The file
> /usr/local/apache/var/run/ssl_scache does not exist;-) The  server
> (http,https) function well but the error_log file says:
> 
> [Sat Dec  5 14:04:20 1998] [error] System: Permission denied (errno: 13)
> [Sat Dec  5 14:04:20 1998] [error] mod_ssl: Cannot open SSLSessionCache
> DBM file `/usr/local/apache/var/run/ssl_scache' for writing (store)
> (System error follows)
> 
> Waht is the problem? 

The problem is that you're using an old config file.  In mod_ssl 2.1
SSLSessioCache's arg now is a path to a DBM file and no longer a path to a
program (as in mod_ssl 2.0.x). Just change the argument to point to a
reasonable file inside your logs or runtime dirs.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

mod_ssl: Cannot open SSLSessionCache DBM file `/usr/local/apache/var/run/ssl_scache'

1998-12-05 Thread Fredj Dridi 

Hi,
I use mod_ssl-2.1.2-1.3.3 and apache_1.3.3 on Red Hat 5.1 (Kernel 2.0.34
on an i686) box. After compiling and installing apache I have started
apache with /usr/local/apache/sbin/apachectl startssl. The file
/usr/local/apache/var/run/ssl_scache does not exist;-) The  server
(http,https) function well but the error_log file says:

[Sat Dec  5 14:04:20 1998] [error] System: Permission denied (errno: 13)
[Sat Dec  5 14:04:20 1998] [error] mod_ssl: Cannot open SSLSessionCache
DBM file `/usr/local/apache/var/run/ssl_scache' for writing (store)
(System error follows)


Waht is the problem? 



Fredj
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]