A couple of quick points (maybe you're tried them all already)
- Check with truss/tusc to see if read is timing out at system level (system read buffers may be getting full)
- Did you try tracking what is happening with the SSL protocol using ssldump ?. You can probably start analyzing the
On Wed, 20 Oct 2004 20:10:53 -0400, Geoff Thorpe [EMAIL PROTECTED] wrote:
On October 20, 2004 02:44 am, Madhusudan Mathihalli wrote:
If ppl think it'll be a good addition to Apache, I can clean it up and
try to commit it sometime tomorrow.
Did the control-command support ever make
On Wed, 20 Oct 2004 07:38:17 +0100, Joe Orton [EMAIL PROTECTED] wrote:
On Tue, Oct 19, 2004 at 11:30:26AM -0700, Madhusudan Mathihalli wrote:
On Tue, 19 Oct 2004 11:18:15 +0100, Joe Orton [EMAIL PROTECTED] wrote:
Is this with OpenSSL 0.9.7 or .8? Best I can tell this won't work out
On Fri, 15 Oct 2004 19:46:20 -0500, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
At 12:17 PM 10/15/2004, Madhusudan Mathihalli wrote:
Hi,
The current mod_ssl uses X509_NAME_oneline to get a one-line ASCII
format of the DN. This however, is not compliant with the RFC -
checkout http
On Sat, 16 Oct 2004 07:58:57 +0100, Joe Orton [EMAIL PROTECTED] wrote:
Changing just the _DN variable format with a config directive sounds OK.
Adding new variables would be an alternative, but the names would
probably get *really* ugly...
That is correct - I should've been more clear in my
On Wed, 20 Oct 2004 08:37:01 +0100, Joe Orton [EMAIL PROTECTED] wrote:
On Wed, Oct 20, 2004 at 12:13:14AM -0700, Madhusudan Mathihalli wrote:
On Sat, 16 Oct 2004 07:58:57 +0100, Joe Orton [EMAIL PROTECTED] wrote:
Changing just the _DN variable format with a config directive sounds OK
On Wed, 20 Oct 2004 17:02:19 +0100, Joe Orton [EMAIL PROTECTED] wrote:
On Wed, Oct 20, 2004 at 08:50:50AM -0700, Madhusudan Mathihalli wrote:
The one concern is that if we end up exporting both _DN and _2253DN
formats, it'll have a performance impact on Apache. As it stands now,
Apache
On Tue, 19 Oct 2004 11:18:15 +0100, Joe Orton [EMAIL PROTECTED] wrote:
On Thu, Oct 14, 2004 at 10:03:50AM -0700, Madhusudan Mathihalli wrote:
Well.. not exactly based on my experience (may be I'm wrong or worked
around something)
Here's what I did:
1. Enable loading of 'dynamic' engine
Hi,
The current mod_ssl uses X509_NAME_oneline to get a one-line ASCII
format of the DN. This however, is not compliant with the RFC -
checkout http://www.openssl.org/support/faq.html#USER13.
Moreover, the man page for X509_NAME_oneline (with OpenSSL 0.9.7x)
says that the function is
On Fri, 15 Oct 2004 21:14:16 +0100, Joe Orton [EMAIL PROTECTED] wrote:
[SNIP]
Moreover, the man page for X509_NAME_oneline (with OpenSSL 0.9.7x)
says that the function is obsolete, and that we ought to use
X509_NAME_print_ex.
The RFC mentioned, RFC2253 is a mapping for DNs into a standard
] wrote:
On Thu, Oct 14, 2004 at 08:09:06AM -0700, Madhusudan Mathihalli wrote:
Hi Joe,
It works against pre-compiled OpenSSL Engines - but not against new
(dynamic) engines - for that we *should* load the 'dynamic' engine.
(or is there some other method that I'm not aware
I haven't tried replacing the entire SSL processing - but what I've
definitely done successfully is to replace the crypto in OpenSSL. It
works perfectly as long as you stick to the OpenSSL Engine
conventions.
The only change I had to do in Apache was to enable loading of dynamic
engines - load
12 matches
Mail list logo