sting without client certs.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
the server config variable from ssl_callback_SSLVerify.
(btw, the DSA private key stuff can be found via SSL_AIDX_DSA). It is
not encrypted and can be directly accessed via OpenSSL's EVP functions.
See the mod_ssl source code for more details.
Ralf S. E
also README.GlobalID).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.mod
#defines before
including ap_hook.h (or alternatively before including the informix
header) and #undefs behind.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
at hand, let us know about them, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
the apxs command to build third-party modules
into DSO's which then can be loaded via LoadModule from httpd.conf.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
more on Win32 for us?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
On Tue, Jan 25, 2000, Simon Buchanan wrote:
Could someone tell me if these are useable with mod ssl or is it better
to get Stronghold?
You can use GIDs with mod_ssl, of course.
Read the README.GlobalID document for details.
Ralf S. Engelschall
as "httpd -l" and you see the list of
modules which are statically built in. For a list of DSO-based modules
just perform a "find . -name "*.so" -print" in the installation area.
Ralf S. Engelschall
to rebuilt Apache, of course. But not just because of
mod_ssl... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
d...
Your problem seems to be that the some libraries cannot be found or
you're using some compiler flags your compiler doesn't understand. Go to
apache_1.3.9/src and run "./helpers/TestCompile -v sanity" and look for
error messages.
ks.
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.5.0 (08-Jan-2000 to 22-Jan-2000)
*) Switched the old "POST for HTTPS" support code from
defi
On Sat, Jan 22, 2000, Dan Parsons wrote:
When will a modssl patch for Apache-1.3.11 be available?
Be patient, be patient, please. I'm at work and not on escape.
And, yes, mod_ssl 2.5.0 for Apache 1.3.11 is now available...
Ralf S. Engelschall
?
It was still not in the FAQ, but "make certificate" already gave a big
fat warning message. Seems like people ignore those warnings ;) I've now
added an entry to the FAQ, too. Thanks for the hint, Cliff.
Ralf S. E
also understand your native language,
the communication language on this mailing list is English _only_. Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
on than
evaluation until September, in the USA. Is this true?
This an US-citizen should answer, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
and/or
go to www.opensa.org.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
://www.apache.org/docs/dso.html
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
new server certs?
No.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
; line
in the script. Then just run "cca.sh init" it and it will interactively
create your CA certificate and key. Then run "cca.sh gen" once or
multiple times to generate your client certs. That's all.
Ralf S. Engelschall
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
require') ?
Inside the mod_ssl's distribution, under pkg.contrib/, you can find a
script named cca.sh. That's what I use for test purposed. But you can
use it also for real to create your client certs.
Ralf S. Engelschall
exists for you.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
to SSL_CFLAGS in apache/src/modules/Makefile
and apache/src/modules/ssl/Makefile - how do i do that?
Try to use the following APACI configuration line:
$ CFLAGS="-DNO_IDEA" ./configure [...]
Ralf S. Engelschall
debug" as the the documentation explains.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
on this topic?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
uot;. So it makes me wondering why the same
piece of code should accept your pass phrase just once and then never
again. As a last chance, keep in mind that you at least can also remove
the pass phrase at all (consult the mod_ssl FAQ, please).
rts at all...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.
no one can provide
you any reasonable help, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
But there is no httpd process. When I start the normal server everything
works fine.
Where is my mistake?
I don't know, but have a look yourself into the error_log, please.
There should be some hints about the problem...
Ralf S
adjusting is not important for end users. I take care of this all
the time. But as it looks, the chances are high that we get EAPI into Apache
1.3.11 (not 1.3.10, for this it was too late and so the resistance was already
too high).
Ralf S. E
allows you to recompile Apache from source, you can use
mod_perl, too. Else it becomes tricky (either you need a pre-built version
from IBM with mod_perl added or you need some pre-built mod_perl DSOs, etc.)
Ask IBM what they provide.
Ralf S. Engelschall
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
eed to add the LoadModule directive unless I am using an
APACI type of installation.
LoadModule has nothing to do with APACI.
LoadModule is needed if you compile something as a DSO.
That's all.
Ralf S. Engelschall
[EMAIL
, you should be able to find the variable in the
standard SSI/CGI environment Apache provides. If your servlet operates
earlier, the only way is to add an EAPI call to tomcat/jserv which resolves
the variable through mod_ssl's EAPI hooks.
Ralf S. Engelschall
by comparing it to the provided conf/httpd.conf-dist
file.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
. Either
re-use "make certificate" in the Apache source tree (if you have it still
staying around) or follow the mod_ssl FAQ for hints.
Ralf S. Engelschall
[EMAIL
. But your problem is that you used
incorrect CFLAGS or LDFLAGS, etc. Check these.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
. Clear the cache entries and retry.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
independent of URL to filename
mappings and processed earlier in Apache (although one might expect it to be
different because URLs are received and then mapped to filesystem paths).
Ralf S. Engelschall
[EMAIL PROTECTED
/conf/ssl.crt/server.crt". If this already fails, this has nothing
to do with Apache or mod_ssl, etc. Then OpenSSL already has a problem to read
the contents. If all fails, recreate the file with "make certificate" if
it was just a test certificate.
the Apache source tree, so there is no need to again compile Apache.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
to access these
files.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
explain how to do.
1. Read the pre-configured SSL stuff at the end of conf/httpd.conf-dist.
2. Read the mod_ssl User Manual for details.
Ralf S. Engelschall
[EMAIL PROTECTED
connected to the internet, might it be that it is trying
to the a DNS lookup ?
I guess you entered the same CN or even the same complete DN for both the CA
and the server/user certificate. Make sure they are differently.
Ralf S. Engelschall
ting httpd.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.
b out32dll\libeay32.dll p:\openssl\bin
$ copy /b out32dll\openssl.exe p:\openssl\bin
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
-c jserv_protocols.c
This doesn't directly use apxs, of course. And I also see no PIC flags from
APXS. Instead they use libtool for the job and there is no -DEAPI, of course.
Ralf S. Engelschall
ly need such a large size, compile
MM differently, i.e. let MM use mmap(2) instead shmget(2). See MM's configure
--help output for hints.
Ralf S. Engelschall
[EMAIL PROTECTED]
suggestions? has anyone run across this error previously?
Now it seems you compiled Apache+mod_rewrite incorrectly. libucb should not
per default be linked into Apache under Solaris AFAIK. Make sure you use the
correct compiler and linker.
Ralf S. Engelschall
On Thu, Dec 09, 1999, Ralf S. Engelschall wrote:
On Thu, Dec 09, 1999, Scott R. Every wrote:
we are trying to switch one of our new servers to mod_ssl from stronghold
on solaris 2.6. using a similar setup to what works on our linux machine,
get the following error at runtime:
/usr
in explicitly (what I
don't think is the case for you) or you used the wrong compiler (the UCB/BSD
one) which implicitly linked it in. Check your $PATH.
Ralf S. Engelschall
[EMAIL PROTECTED
?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
means you can just upgrade mod_ssl via --with-apxs easily. If there is no
libssl.so and "httpd -l" shows "mod_ssl.c" you have to recompile the Apache
and mod_ssl completely.
Ralf S. Engelschall
?
Are you sure you're compiling and linking with a correct gcc installation,
i.e. make sure your gcc is _exactly_ built for your Solaris version (run "gcc
-v" and watch the version strings in the path names). Additionally make sure
the correct linger is used.
such an old version: mod_ssl 2.3.0! Use Apache 1.3.9 plus
mod_ssl 2.4.9 and recompile them from scratch by following mod_ssl's INSTALL
document step-by-step (in case there is no RPM flying around for these
versions).
Ralf S. Engelschall
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
speaking HTTPS to a port where only HTTP is spoken. Check
your server configuration by comparing it to the distributed
conf/httpd.conf-dist file, please.
Ralf S. Engelschall
[EMAIL PROTECTED
Apache 1.3 API, "
"this module might crash under EAPI! "
"(please recompile it with -DEAPI)"
Ralf S. Engelschall
[EMAIL PROTECTED]
On Sat, Nov 27, 1999, Kees Vonk 7249 24549 wrote:
I am having some problems with getting apache with mod-ssl to
work properly. Can anyone tell me how I
subscribe
to this mailing list.
By reading http://www.modssl.org/support/, please.
Ralf S
with the prefix-based ProxyPass.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
still do not understand your actual problem. What do you mean by
"does not enter". What error messages occur for you. What is logged in
Apache's logfiles?
Ralf S. Engelschall
[EMAIL
a server.crt and a
server.key for each vhost? Are there other options?
If you don't want to use wildcard certs (= certs with *.domain as the
CN) you need a unique cert/key pair for each virtual host in practice.
Ralf S. Engelschall
or am I missing something?
Make sure you are really using the corresponding private key (which
Thawte doesn't know, so its useless to ask them about this).
Ralf S. Engelschall
[EMAIL PROTECTED
+StdEnvVars' to your httpd.conf file (for more details
read below) to make sure your CGI/SSI scripts still get the SSL_XXX
variables.
Fetch it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
efault
configuration with your one. If does not, complain again.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
(ap_ctx_get(c-client-ctx, "ssl") != NULL)
+result = "on";
+else
+result = "off";
+}
}
/*
This should now make the above "RewriteCond %{HTTPS} !=on" allow to work a
FTPSearch. This way I don't have to update the stuff all the time...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
will recognize that --with-ssl
specifies the directory where OpenSSL can be found, not the directory where
mod_ssl stays.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ssl;
| else
| #endif
| no ssl;
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
configuring the modules.
I guess you're using an "SSLRandomSeed connect /dev/random 512" and your
/dev/random device is a blocking one. Read the FAQ for more details, please.
Ralf S. Engelschall
[EMAIL
ether
your DBM storing doesn't work I don't know. Seems like a sensible vendor DBM
library. But now that it works with SDBM you don't have to care about it.
Alternatively you can also try the shared memory session cache (via MM
library).
Ralf S. E
ide ssl_engine_io.c. Interesting.
BTW: My messages reach the list after a delay of MANY hours. It means
that I'm recognized as a user who is not subscribed to the list. But
I am subscribed. Can it be fixed?
No, your messages are not bounced to my admin accounts for approval.
So your delay has to
ssl_util_ssl.c. It's not complicated if one
knows how.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
situation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.
ssl;
else
no ssl;
Yes, or even more defensive:
| #ifdef EAPI
| if (ap_ctx_get(r-connection-client-ctx, "ssl") != NULL)
| ssl;
| else
| #endif
| no ssl;
Ralf S. Engelschall
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
ld-environment under
Windows, because Windows users are used to their graphical GUI-based Visual
C++ environment. I thought and still think this is a horrible inconsistency,
but I couldn't convince anyone to use a Unix-style environment also for the
Windows platform
alues as /dev/random, of course...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
and the segfault is caused by the bug I've
already fixed in mod_ssl 2.4.8. So my suggestion is: Upgrade to mod_ssl 2.4.8
and try again. I'm 90% sure your segfault will go away...
Ralf S. Engelschall
[EMAIL PROTECTED
your hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Suppo
ar the entry in your browser for the old
| certificate, everything usually will work fine. Netscape's SSL
| implementation is correct, so when you encounter I/O errors with Netscape
| Navigator it is most of the time caused by the configured certificates.
|
On Thu, Nov 11, 1999, dave madden wrote:
=From: "Ralf S. Engelschall" [EMAIL PROTECTED]
=...
=Yes, and details about this situation and problem are in the mod_ssl
=documentation since a long time - directly under the entry for
= SSLRandomSeed.
=But people often like it mor
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
asn't used for
compiling Apache and mod_ssl! mod_ssl uses the SSLeay tag only for approx.
SSLeay/OpenSSL = 0.9.0. So, the version which is actually compiled in _is_
old ;)
Ralf S. Engelschall
[EMAIL
it. Then although
the cert's DN is still the same, the ingredients are not. Then this causes
exactly the above error. So check your browsers security dialog for
cached/remembered certs of your server.
Ralf S. Engelschall
d the
pass phrase dialog will not occur. Read the FAQ for details and resulting
implications of this approach.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
r_scan.c ssl_expr_parse.c
ssl_expr_parse.h".
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to
mod_ssl's and Apache's INSTALL
document, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
oblem plus minus the bugs
I've introduced with the patch itself. It's a patch against 2.4.7.
Please give me feedback.
Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.
On Wed, Nov 03, 1999, Ralf S. Engelschall wrote:
[...]
I forgot to say that if you give the patch a try make sure you test it
correctly. That is, you should test it by especially performing various server
restarts and by at the same time requesting pages with 40bit/export browsers.
Else
re details about the situation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
to upgrade
your installations to the latest and most stable version now.
Fetch it now from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
until I approve it
manually once per day. This handling is to prevent any spam mails on
modssl-users.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
such a larger
growth of mod_ssl for the last month. So I've to conclude that at least some
interesting evolution for mod_ssl currently takes place ;)
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Ma
be useful for you to give us a few
more details _WHAT_ exactly is the problem. If it's a compile-time problem we
usually help you (or at least give you a few hints) if we at least see the
error messages.
Ralf S. Engelschall
301 - 400 of 1055 matches
Mail list logo