On Mon, Sep 10, 2007, Ralf S. Engelschall wrote:
> Apache 1.3.39 was released recently.
> An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too.
> Find it on: http://www.modssl.org/
Unfortunately, there was a bug in the auto-generated patch caused by a
changed amount of pa
Apache 1.3.39 was released recently.
An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too.
Find it on: http://www.modssl.org/
Ralf S. Engelschall
[EMAIL PROTECTED
Apache 1.3.37 was released because of security issues.
Find a corresponding mod_ssl 2.8.28-1.3.37 at modssl.org now, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Today Apache 1.3.36 was released.
An updated mod_ssl 2.8.27 for Apache 1.3.36 is now available, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
mod_ssl 2.8.26 for Apache 1.3.35 is now available:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
n
2.8.26. Thanks for your contribution.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
alid one for you... you
have to add more debugs to the code to determine the problem.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
Hmmm... the cleanup is done in the ssl_hook_CloseConnection()
function which comes after your ssl_hook_LogRequest() anyway. Do I
understand correctly: under Win32 the r->pool is cleaned up _before_
ssl_hook_CloseConnection() is called?
Apache 1.3.34 was released, so I've upgraded mod_ssl to apply cleanly to
this Apache version. No other changes. Fetch mod_ssl 2.8.25-1.3.34 from
the usual locations:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engels
pache
1.3.33. Get it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Ralf S. Engelschall
[EMAIL PROTECTED]
ource/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.23 (30-Oct-2004 to 06-Jul-2005)
*) Ported to OpenSSL 0.9.8
*) Fixed conne
OUT before calling the EAPI connection
close hook. For mod_ssl 2.8.23 I've now adjusted the two calls to
ap_call_close_connection_hook() to occur _after_ the ap_bsetflag() call.
Thanks for your feedback.
Ralf S. Engelschall
#x27;ll include this script into mod_ssl 2.8.23 together
with its latest output.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
reset_timeout(r);
> ~ }
> ~ ssl_io_suck_end(r);
> ~ ap_kill_timeout(r);
> --
Ok, finally taken over for inclusion into mod_ssl 2.8.23.
Thanks for your feedback.
Ralf S. Engelschal
L_VERSION_NUMBER changed and it seems I adjusted the definition
in ssl_util_ssl.h without recognizing this. I'll use the following now:
-#if SSL_LIBRARY_VERSION < 0x00906100
+#if SSL_LIBRARY_VERSION < 0x00906000
Thanks for the hint.
Ralf S. Enge
Apache 1.3.32's mod_ssl 2.8.21 still works fine for Apache 1.3.33.
Nevertheless I've rolled a new patch-adjusted version mod_ssl 2.8.22
which fits 1:1 for Apache 1.3.33.
Ralf S. Engelschall
[EMAIL
Apache 1.3.32 was released. Although mod_ssl 2.8.20-1.3.31 both applies
and works fine with Apache 1.3.32 I've upgraded mod_ssl to this new
Apache version and released the results as mod_ssl 2.8.21-1.3.32.
Ralf S. Engels
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache
1.3.31 was released today. You can get it at the usual location:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache
1.3.31 was released today. You can get it at the usual location:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
In article <[EMAIL PROTECTED]> you wrote:
> Ralf S. Engelschall wrote:
>
> > Yes, although they are not security related, they could crash the
> > server, too. So we should fix those formatting bugs, too. A little bit
> > of extra casting might be required, I t
s=%s id=%s timeout=%lds (session caching)",
rc == TRUE ? "OK" : "BAD",
SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
-t-time(NULL));
+(long)(t-time(NULL)));
/*
from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschal
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
A security issue was discovered.
It is now fixed with mod_ssl 2.8.18.
Please upgrade your installations ASAP.
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Ralf S. Engelschall
[EMAIL PROTECTED
On Fri, May 14, 2004, a k wrote:
> Did you add my eintr fix ?
> [...]
Ops, I seem to have overlooked this.
I'll include this into mod_ssl 2.8.18.
Thanks.
Ralf S. Engelschall
[EMAI
ource/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.17 (01-Nov-2003 to 11-May-2004)
*) Upgraded to Apache 1.3.31
*) Log the Op
all your email addresses
you used in the past and I will try to remove all of them from the list
manually.
Ralf S. Engelschall
[EMAIL PROTECTED]
pending in my maintainance queue (see CHANGES entries below).
Fetch mod_ssl 2.8.16 from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
here will be a mod_ssl 2.8.16 released today or tomorrow. I've
already upgraded mod_ssl to Apache 1.3.29, but I've still to include
some other fixes. But 2.8.15 works fine with Apache 1.3.29, so no need
to hurry here...
Ralf S. Engelschall
ce/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modss
/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.14 (18-Mar-2002 to 21-Mar-2003)
*) Fixed logic
On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
> > I can see the same segmentation fault :
> [...]
Ok, can the people who are able to reproduce the segfault problem,
please apply the following patch, retry it and give feedback? I think
these two bugfixes should fix the problem no
On Fri, Mar 21, 2003, Joe Orton wrote:
> On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote:
> > -if ((xs = SSL_get_certificate(ssl)) != NULL)
> > +if ((xs = SSL_get_certificate(ssl)) != NULL) {
> > result = ssl_var_lookup_
_free(xs);
+
return result;
}
Additionally, I still cannot reproduce the problem myself. So, can you
help me here by using a breakpoint at ssl_var_lookup_ssl_cert() and the
single-stepping until the problem occurs? This would help us in really
locating the problem.
Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to
you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it
from the following locations:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S
in
>> forgetting to synchronize the website. Now fixed. Thanks for the hint.
>
> does this imply there are to be no more apache 1.3 developement or version
> updates, thus modssl is now moving entirely into the source for apache
> 2.0?
Err.
On Sun, Dec 15, 2002, Mads Toftum wrote:
> On Sun, Dec 15, 2002 at 09:41:11AM +0100, Ralf S. Engelschall wrote:
> > Just for your information: the Apache mod_ssl project environment was
> > migrated to a new location. In case of any problems, contact me.
> >
> It seems t
Just for your information: the Apache mod_ssl project environment was
migrated to a new location. In case of any problems, contact me.
Ralf S. Engelschall
[EMAIL PROTECTED
Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Ralf S. Engelschall
Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Ralf S. Engelschall
ource/
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002)
*) Upgraded to Apache 1.3.27.
*) Fixed internal error handling for CRL verific
Another bugfixing round in the maintainance of mod_ssl 2.8 for Apache 1.3.
Fetch it and upgrade from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
On demand by the release of Apache 1.3.26 I've made available
mod_ssl 2.8.9. The details are appended below.
Fetch it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engels
_ssl will be on its way shortly, but was
> looking for something in the meantime to close up any possible problems.
mod_ssl 2.8.9 will be released within a few hours. Just be patient, please.
Ralf S. Engelschall
ess,
support related questions might be rejected if the question cannot be
answered in a reasonable short time.
Thanks for your understanding.
Yours,
Ralf S. Engelschall
://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.8 (23-Feb-2002 to 27-Mar-2002)
*) Upgraded to Apache 1.3.24
for remembering me.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.mods
In article <[EMAIL PROTECTED]> you wrote:
> Just wanted to know if there's a mod_ssl version for apache 1.3.24?
> Since the current version will not compile with apache 1.3.24.
Will be released within the next 48 hours.
Ra
,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002)
*) Support for the latest OpenSSL 0.9.7 snapshots.
*) Fixed potential buffer
o.
No, the server certificate is also important and required for the secure
exchange of the crytography parameters of SSL/TLS. Without this, the
client and server would not be able to securely exchange the necessary
symmetric encryption parameters.
R
rite seems to be the only alternative I've seen so far. If I'm
> wrong, let me know...
Either you have to put the RedirectMatch only into the of
the HTTP-only virtual server or (in case you do it globally) you have to
use a RewriteRule with a RewriteCond which checks th
mod_ssl 2.8.6 for Apache 1.3.23 is now available.
The corresponding CHANGES entries are appended.
You can fetch it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
In article <[EMAIL PROTECTED]> you wrote:
> When is planned the final release ?
For today.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engels
On Mon, Jan 28, 2002, Ralf S. Engelschall wrote:
> > [...]
> > And, the mod_ssl I get from CVS is for 1.3.20, which is *less* than the
> > one that is downloadable already built for 1.3.22, shooting holes in my
> > initial theory that going to the CVS was even
y fault. The rsync cronjob was broken which updated the CVS copy
from my master machine. Now fixed.
For Apache 1.3.23: Expect an mod_ssl update for 1.3.23 within the next
days.
Ralf S. Engelschall
[EMA
Apache 2.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Use
nce over the attached PR text and visit our
project site at http://www.openpkg.org/. Thanks for listening and...
happy packaging! Oh, and we have also packaged OpenSSL and Apache+modssl
in OpenPKG, of course ;)
Yours,
Ralf S. Engelschall
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.5 (20-May-2001 to 16-Oct-2001)
*) Upgraded to Apache 1.3.22
*) Fixed check whether server certif
.
I plan to provide an upgraded mod_ssl version for 1.3.22 on Monday or
Tuesday.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
As you should now, our Apache 1.3.20 is available since yesterday.
So here is the corresponding mod_ssl 2.8.4. The CHANGES entries are
appended below.
Fetch mod_ssl 2.8.4 from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S
ll those postings are
relayed through the [EMAIL PROTECTED] account. Unfortunately I'm such
horrible busy with all the open source projects I'm involved in that I
only can walk though this mailbox once per week and approve all non-spam
mail manually.
ipped SDBM on all Linux platforms. Can you
figure out why the "$OS" based check in src/modules/ssl/libssl.module
does not apply for your platform?
Ralf S. Engelschall
the pass-phrase from your private key.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Inter
Now available: mod_ssl 2.8.3 for Apache 1.3.19.
Just the usual amount of cleanups and bugfixes
(see CHANGES entries below).
Grab it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
ecking for
shared memory maximum segment size... 64MB (soft limit)" so it certainly
is not a problem in general with Solaris 2.8.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
nes of mod_ssl.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to Op
0.9.4 or 0.9.4 with this mod_ssl
version. Or (what I strongly recommend) use the current Apache 1.3.12 and
mod_ssl 2.6.4 version.
Ralf S. Engelschall
[EMAIL PROTECTED]
as no
> "#ifdef".
>
> What gives? Why do this twice?
This should be already gone with 2.8.2.
I guess you are looking at an older version, right?
Please use the latest one.
Ralf S. Engelschall
On Tue, Apr 03, 2001, Ralf S. Engelschall wrote:
> I'm now leaving for attending ApacheCon 2001 in Santa Clara, CA.
> For the modssl-user's who also attend ApacheCon: freel free to
> share our interest by visiting our talk W24 on Wednesday evening.
> For those of us
t's a typo. "exclusion" is the word. Now fixed for 2.8.3
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
l.org/docs/apachecon2001/ and at least watch the
presentation's slide-set.
cu@ApacheCon!
Ralf S. Engelschall
[EMAIL PROTECTED]
www.
engines) {
+ENGINE_load_builtin_engines();
+loaded_engines = TRUE;
+}
+#endif
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
return err;
if (strcEQ(arg, "builtin")) {
Ralf S. Engelschall
ally, I may be there
> Ralf - so you can unequivocably blame me if the shmcb blows off any legs.
Ok, then I'll try to add another slide, dedicated to the session caching
variants
Ralf S. Engelschall
that mod_ssl caused such problems.
What does the error logfile say?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
ld remain SSL_EXPERIMENTAL until we have no first
release version of OpenSSL available with this functionality.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engels
> Any idea?
You connect with HTTPS to a port where only HTTP is spoken.
Check your server configuration, it's certainly a configure error.
Ralf S. Engelschall
[EMAIL PROTECTED]
l, so the scanner never uses stdin to
read the input data.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.8.2 (03-Mar-2001 to 30-Mar-2001)
*) Moved the Shared
is ignored. If I remove the SSLRequireSSL directive then it works fine.
I think I found the reason. mod_ssl's auth handler returned OK instead
of DECLINE and so mod_auth was no longer called from the Apache module
dispatching code. Should be fixed for mod_ssl 2.8.2. Thanks for your
feedba
.8.2. Hopefully it will
not blow away our legs.... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to Open
it
clearly says what the problem is. Make sure the module which implements
"LoadModule" is present. In your case, this is mod_so and can be enabled
with --enable-module=so on the APACI command line while building Apache.
Ralf S. Engelschall
->value->data, xsne->value->length+1);
> (*cppCN)[xsne->value->length] = NUL;
> +#ifdef CHARSET_EBCDIC
> + ascii2ebcdic(*cppCN, *cppCN, strlen(*cppCN));
> +#endif
> return TRUE;
> }
> }
C
't show anything.
By default you cannot adjust any parameters. But look at the CHANGES
file, there is experimental support for SSLProxy directives which
can help you.
Ralf S. Engelschall
[EMAIL PR
All text around the PEM data is just for information. It not parsed by
mod_ssl/OpenSSL. It is there just for human reading.
> I wonder how I can create such a format for my CA cert.
> Do you have an idea?
$ openssl x509 -text -noout -in
o, there are no glibc bug workarounds in mod_ssl.
I'm sure your glibc is broken.
Ralf S. Engelschall
[EMAIL PROTECTED]
mod_ssl-2.6.6-1.3.12
Yes.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
nt page (http://www.modssl.org/) still
> links to the 2.6 version of the FAQ, Ralf, can you update the link?
Ops, good catch. Fixed.
Ralf S. Engelschall
[EMAIL PROTECTED
(means: an unpolished 70% percent solution). And I also know
that someone (not necessarily me) will again find this not satisfactory.
What approach then is used to change this we all still don't know...
Ralf S. Engelschall
fixed in CVS. The next CVS snapshot will have it fixed.
>
> Even with that, there are still 2 bugs that prevent it from compiling on Win32.
> I attach a diff file.
Thanks for your feedback. I've comitted your additional patches to
od_ssl-2.8.0-1.3.17.tar.gz can only be used with Apache
1.3.17. But if you want to use Apache 1.3.19 you now should use
mod_ssl-2.8.1-1.3.19.tar.gz. It is already available.
Ralf S. Engelschall
[EMA
e
> 269
> .
> BEGIN not safe after errors--compilation aborted at configure.bat line 283.
> C:\apdev\modssl>
Ops, I forgot a complete line to add to configure.bat.
Now fixed in CVS. The next CVS snapshot will have it fixed.
tegrate parts of the
posted Win32 patches). So, don't be unhappy that I personally cannot
respond, because we have other really great guys here who do an even
better job in answering questions than I ever would be able to do.
Yours,
Ralf S. Engelschall
On Thu, Mar 01, 2001, ModSSL user wrote:
> Just to know when mod_ssl 2.8.1 for apache 1.3.19 will be
> available ?
Now ;)
Ralf S. Engelschall
[EMAIL PRO
Sorry for the short delay, but here it finally is: mod_ssl 2.8.1 for
Apache 1.3.19. The corresponding CHANGES entries are appended below.
Grab it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
le under heavy load.
>
> We really do need to get Ralf to add the check for SSLSessionCache under
> the FAQ for IO errors with MSIE browsers.
/bin/done -- for mod_ssl 2.8.1.
Ralf S. Engelschall
[
in32. But as I already said: I
cannot fix this myself. A Win32 guys has to fix this and provide the
necessary patches. I'm happy to take them over...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall
ChangeLog entries are appended below.
Grab mod_ssl-2.8.0-1.3.17.tar.gz from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
1 (patched) and you're
> at mm-1.1.3. Will you also release a mm-1.1.4 with the patch from apr
> applied ?
Yes, but not with all APR changes (because some are not needed).
Ralf S. Engelschall
'm happy to incorporate the patch into the
official distribution.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
; they themselves have stored ?
No, the hash table is shared over all server processes, because the
underlaying memory allocator is shared memory based. This means that all
server processes can store sessions and every other can reuse it.
Ra
1 - 100 of 1522 matches
Mail list logo
