Zum Thema Security und so:
Ich habe gesehen, dass seit 67 Tagen keine Datei im mod_ssl Repository
(so, wie es per rsync geliefert wird) mehr modifiziert wurde.
Ist das aus Sicherheitsgruenden, oder hat sich das Repository tatsaechlich
nicht veraendert?
Gruss,
Martin
--
[EMAIL PROTECTED]
Hallo Ralf,
Ich habe Probleme, mich mit {www,en5}.engelschall.com bzw. www.openssl.org
per ssh zu verbinden. Meine Kennung dort war [EMAIL PROTECTED]
Und in meiner authorized_keys war mein RSA1 pub key, trotzdem laesst mich
die Maschine nun nicht mehr rein.
Was hat sich geaendert?
Kannst Du
When invoking (at the end of the apache+mod_ssl build process)
the suggested make certificate TYPE=custom, I see an error message
flashing by (``error 18 at 0 depth lookup:self signed certificate'')
followed by a line ``OK''. Which one is correct? The error
(well, root certificates are always
When trying to compile apache+mod_ssl against a recent snapshot of
openssl-0.9.8-dev (?), I get compile errors because the #define for
NID_uniqueIdentifier
is no longer present. It used to be both in objects.h and in obj_mac.h
(and is referenced in ssl_engine_vars.c):
cscope:
0
Ralf, do you have a mod_ssl patch for the current 1.3.25-dev proxy? Or
could you make one?
Martin
--
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
---BeginMessage---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Sat, Feb 23, 2002 at 08:22:15PM +0100, Ralf S. Engelschall wrote:
Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings
to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES
entries follow for your convinience.
Kannst Du bitte, wie sonst ueblich, die
Fowarded from [EMAIL PROTECTED]: This seems to be a mod_ssl problem.
Martin
--
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
---BeginMessage---
Dear friends,
Nadav, my son, sent the enclosed message to the Apache's
I haven't nailed down this bug yet, but here is the symptom:
* on FreeBSD-4.5RC,
* install Apache-1.3.23+mod_ssl, but don't make certificate
* apachectl startssl
then I see this in the error log:
[Fri Jan 25 15:28:44 2002] [error] mod_ssl: Init: Unable to read server certificate f
rom file
I recompiled Apache-1.3.22 with mod_ssl-2.8.5 and OpenSSL-0.9.7-dev
today. Alas, I always get a core dump if I enable mod_ssl (as a DSO).
I traced it to the following point:
$ gdb sbin/httpd
(gdb) b ap_init_modules
(gdb) r -X -DSSL
...
(gdb) b ssl_engine_init.c:397
Breakpoint 2 at
Balazs Nagy [EMAIL PROTECTED] wrote,...
5) Globalsign (free!)
But on the Globalsign pages, I read:
A GlobalSign Secure Server certificate costs 175 Euro.
What you can get for free (and you can get that from many of the other
CA's too) is a demo cewrtificate.
Martin
--
[EMAIL
On Thu, Nov 30, 2000 at 11:39:07PM +0100, Mark Tiramani wrote:
the following (global server config only) will do the trick:
SSLPassPhraseDialog exec:/path/to/script/get_pass
where get_pass is a script, executable etc. that picks up the server
identifiers passed to it when
On Mon, Jul 24, 2000 at 09:12:20PM +0200, Martin Kraemer wrote:
Is there a known bug in Apache-1.3.12 + mod_ssl-2.6.4 which can cause a
core dump when accessing a typical page like https://servername/
Thanks for the tip. No, it's not Solaris, it's a mainframe OS (BS2000).
The actual cause
Is there a known bug in Apache-1.3.12 + mod_ssl-2.6.4 which can cause a
core dump when accessing a typical page like https://servername/
?
On one of our platforms we are currently trying to hunt this bug.
Martin
--
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021,
The method to exit from apache when mm cannot open the semaphore file
(e.g., because of permission problems) seems rather drastic to me:
main/alloc.c:628:
if ((mm = ap_mm_create(mm_size, mm_path)) == NULL) {
fprintf(stderr, "Ouch! ap_mm_create(%d, \"%s\") failed\n", mm_size,
The following patch fixes the error which occurs when using
make certificate VIEW=1
to display the certificate and key. Currently, it ends in..
./support/mkcert.sh: : cannot execute
./support/mkcert.sh: test: unknown operator Algorithm | grep -i RSA
Make[1]: *** [certificate] Error 1
Make[1]:
Oops -- I fixed only one of them locations. Here's an updated patch.
Martin
--
[EMAIL PROTECTED] |Siemens Information and
Phone: +49-89-636-46021 |Communication Products
FAX: +49-89-636-47816 |81730 Munich, Germany
***
On Sun, May 02, 1999 at 01:04:17PM +0200, Ralf S. Engelschall wrote:
On Sat, May 01, 1999, Michael J. Pape wrote:
How long should it take to generate an rsa key?
Usually between a few seconds and up to a minute. But usually not longer.
I had a looping problem with SSLeay and OpenSSL
On Mon, Dec 21, 1998 at 04:45:10PM +0100, Ralf S. Engelschall wrote:
On Mon, Dec 21, 1998, Enrico Badella wrote:
I have just downloaded (again) mod_ssl-2_1_3-1_3_3_tar.gz and it fails
to unpack correctly
Hmm Ralf... I just tried to
% wget
*. . . . . . . . + . .
. . . .. + . . . .
. . . + .. ..
+ . . . *.+ .+
.. . . .. . .
On Thu, Nov 12, 1998 at 12:52:10AM +0300, Khimenko Victor wrote:
No more hacks in mod_so. Instead all modules unregister hooks before unload.
Also some slightly non portable defines (still ANSI compliant AFAIK) moved
in few separate defines in top of ap_hook.h and new ap_hook_define_global/
On Tue, Nov 10, 1998 at 08:03:54PM +0300, Khimenko Victor wrote:
May be while Ralf is busy with documentation things someone could take a look
on subj. This is just "working demo", but it's working enough to be usable as
replacement for mod_ssl 2.1b8 ! PLEASE, take a look and make suggestions.
21 matches
Mail list logo