/apache? Would this
be legal?
50% of the people say this is not legal and the other 50% say it's in the gray
area. So you've to decide yourself what to do ;) At least you cannot expect an
official OK for this approach from RSA DSI
Ralf S. Engelschall
servers.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
cept() calls internally a lot of code inside OpenSSL, so
this is not easy to debug. You should start by compiling OpenSSL with "-g
-ggdb3" to really get a backtrace this time.
BTW, have you checked that OpenSSL already passes its "make test&qu
features. Whether these servers support SSL is a different questions...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
.
[...]
DLL? Win32? Ok, then it's clear that you might have problems.
I assumed you're testing under Unix. I never tried this on Win32.
Ralf S. Engelschall
[EMAIL PROTECTED
t http ?
Hints appreciated.
As the FAQ explains, such errors usually indicate that you're speaking HTTPS
to a port where HTTP is spoken only. Make sure "SSLEngine on" is present and
that your Listen directives match your VirtualHost sections.
it to be a
very stable version which successfully passed all my tests. The corresponding
CHANGES entries for this new version are appended.
As always, you can grab it from:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Yours,
Ralf S
, I think.
Although I'm not an expert in M$ products...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
for the logfile if it detects some
inconsistencies. So I think you should check your certs and browser cert
caches instead.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ental stuff to make it running.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
, for MM you've to recompile Apache.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
I guess 2.4.6 is ready to be kicked out the next days.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
please start over with these newer versions.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
mod_jserv or
whatever you're using...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface
this week, please take the chance and fetch the
latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should
be very stable. Please give feedback whether it works fine or fails horrible
until Friday.
Thanks.
Ralf S. Engelschall
On Tue, Oct 19, 1999, Mike Klinkert wrote:
On Tue, 19 Oct 1999, Ralf S. Engelschall wrote:
So, while I'm busy with moving this week, please take the chance and fetch the
latest snapshot from ftp://ftp.modssl.org/snapshot/ and try it out. It should
be very stable. Please give feedback
recent MM version.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
, they are just informal messages about the
stage into which mod_ssl is. They are normal, yes. Real problems are never
reported with [info], they are either [error] or [warn]. Your problems are
definetely not related to these, of course.
Ralf S. Engelschall
as expected...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
start browsing on http://www.apache-ssl.org/
for documentation.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
l
distribution for a few hints...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
?
Compare your httpd.conf with httpd.conf-dist as provided by mod_ssl. The
contained SSL configuration works fine. Take over this one.
Ralf S. Engelschall
[EMAIL PROTECTED
On Fri, Oct 08, 1999, Ralf S. Engelschall wrote:
[..]
That said, if you blindly type in the password, the server
starts no problem, so it's easy to make it workable,
if a little ugly.
If I manage to produce a shippable patch, I'll post it.
Hmmm... I'm not a Win32 guy and I've
here, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
will be considered; no product-specific
sales or marketing sessions, please. Course material will be made
available to the public after the Conference.
Ken Coar
ApacheCon 2000 Chair
=
Ralf S
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
L document, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
nt problem or related to some
other module (PHP, mod_perl, etc.).
Has anyone else experienzed this / found a fix or is
this time to fire up the debugger?
Fire up the debugger and find out the location of the segfault, please.
Ralf S. E
few hints.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
] on the
SSL-aware VirtualHost of the Apache/mod_ssl server. Read the mod_proxy
and/or mod_rewrite documentation for details.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Tue, Oct 05, 1999, EKR wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] writes:
On Sun, Oct 03, 1999, Eric Rescorla wrote:
Yes, someone else also reported that the pass phrase dialog doesn't work
correctly under Win32. But I cannot fix it myself, because I've both no re
ware of binary files. Just make sure keywords are not
expanded by later doing a "cvs admin -kb" on it. That's all and doesn't harm.
Ralf S. Engelschall
[EMAIL PROTECTED]
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: ssl_engine_io.c
===
RCS file: /e/modssl/cvs
On Mon, Oct 04, 1999, Cliff Woolley wrote:
"Ralf S. Engelschall" [EMAIL PROTECTED] 10/04/99 03:40AM
Yes, someone else also reported that the pass phrase dialog doesn't
work
correctly under Win32. But I cannot fix it myself, because I've both
no real
Win32 development e
"cvs add -kb" it again; (4). moving
the tag for this file.
What'd you think?
Err... you have to do whatever fits your local policies, of course. But just
a hint: If you remove it later you can even remove it locally before
importing, too.
quot;EAPI", i.e.
Apache-SSL ships with its own patches for the Apache API (these patches just
have no stand-alone name and are considered an integral part of Apache-SSL,
but the idea is the same as for EAPI, of course).
distribution.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
f learning) ;)
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
'?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
On Fri, Oct 01, 1999, Alwyn Schoeman wrote:
[...]
Apache does have a
gazillion options you know (:
Sure, that's the price of flexibility...
For hints to packaging look at the various RPM specs flying around which
install Apache+mod_ssl+X+Y+Z..
Ralf S
say you should then first check OpenSSL, shouldn't you? At least I've not
changed any Win32 stuff recently, so I currently still cannot image why
mod_ssl should now fail such horribly under Win32...
Ralf S. Engelschall
mod_so.c
mod_perl.c
should i not see also mod_ssl.c? i thought that i had compiled in
mod_ssl? more details below.
You see mod_ssl.c only if it's built statically. For you it's either not
built at all into Apache or it was built as a DSO.
Ralf S
still work.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.
it now works. Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
In other words: Add a byte count to the reading stops (which is required here
because your /dev/urandom seems no to send an EOF).
Ralf S. Engelschall
[EMAIL PROTECTED
).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
the _latest_ glibc. And
your version seems to be not one of the latest ;) Fine. Thanks for the
feedback.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ot sure what you mean by "top-level".
I meant the top-level Makefile in the Apache source tree.
2. It was probably finding an old installation of ssleay before
it found openssl is my guess.
Perhaps, yes.
Ralf S. Engelschall
've messed up the distribution on download or whatever else.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
ake certificate ALGO=DSA" is your friend)
and reference this instead or (better) in addition to the RSA cert/key pair.
Then the DH ciphers magically start to work ;)
Ralf S. Engelschall
You would be surprised that I guess that 50% of all problem reports could be
avoided by the submitter if he first would have read the documentation more
carefully. I usually document really everything, but people seem to not expect
this... ;)
On Wed, Sep 29, 1999, Michael Richardson wrote:
"Ralf" == Ralf S Engelschall [EMAIL PROTECTED] writes:
Ralf With a stock RH 6.0? Now I'm confused. I've tried 2.4.4 with such a
Ralf platform and it worked fine, because 6.0 is not broken. And others
Ralf confirmed this,
and then via HTTPS to the client, so the data is still encrypted and
additionally all you received is more load and increased request time on the
server.
Ralf S. Engelschall
[EMAIL PROTECTED
this. These are harmless messages from
older/stricter "ar" versions which want shorter filenames. Just ignore it.
You'll see the messages in lots of other compile procedures on your platform,
too.
Ralf S. Engelschall
[EMAIL
t; or "ssleay" program in your $PATH.
So either your $PATH was broken or you messed up something else. But ok, now
that it works be happy... I just wanted to say that I cannot fix anything in
this Makefile because it is not broken IMO ;)
,
please. I'll wait for your success or failure stories before I release
2.4.5. Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
the answer "Yes, it works fine if it's done
correctly.". Not very useful for you, right? So do yourself a favor and
describe your problems in more detail to them or you'll need a lot more days
until you've your server running ;)
Ralf S. E
On Thu, Sep 30, 1999, Mehul N. Sanghvi wrote:
Definatley confirmed ... the 19990930 snapshot compiled cleanly
without any problems.
Fine. BTW, which glibc version are you using?
Ralf S. Engelschall
[EMAIL
On Tue, Sep 28, 1999, Jeff Johnson wrote:
On Tue, Sep 28, 1999 at 09:36:01PM +0200, Ralf S. Engelschall wrote:
incompatible type for the forth argument. Hmmm... seems like I've to try
it now myself on a Linux box to make it running. As a workaround, just
remove line 260 in mod_ssl.h
ine, because 6.0 is not broken. And others confirmed this, too.
Can it be that you have RH 6.0 but an older glibc 2.0? How is semctl(2)
defined in your headers?
Ralf S. Engelschall
[EMAIL PROTECTED]
the log entries from different
concurrent processes and assign them to a particular client (ip).
Yes, a reasonable suggestion. And now already implemented for mod_ssl 2.4.5.
Thanks for your feedback, Matthias.
Ralf S. Engelschall
S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
ert, of course) so we can have a more closer look at this particular
cert and to find out why the hash isn't created?
Ralf S. Engelschall
[EMAIL PROTECTED]
community.
CHANGES entry follows.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.4.4 (27-Sep-1999 to 28-Sep-1999)
*) Fixed the `union
ox to make it running. As a workaround, just
remove line 260 in mod_ssl.h.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engel
what's the problem
is. Perhaps you've CRLFs in the file or other invisible things?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
On Tue, Sep 28, 1999, Ralf S. Engelschall wrote:
On Tue, Sep 28, 1999, Magnus Stenman wrote:
2.4.3 compiled OK on my redhat 5.2 box, but 2.4.4 barfs:
gcc -c -I../../../../mm-1.0.11 -I../../os/unix -I../../include -O2 -m486
-fno-strength-reduce
-DLINUX=2 -DMOD_SSL=204104 -DEAPI
Linux version (or
even better: to FreeBSD ;).
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: mod_ssl.h
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
2.4.4 and Linux".
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)
.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
,
This can be caused by a too restrictive environment of the user building the
stuff. Check the limits for the user (in Bash enter `limits').
Ralf S. Engelschall
[EMAIL PROTECTED
[...]
"getverisign" was from Stronghold, not from SSLeay.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
_
mod_ssl 2.4.3 - the usual amount of bugfixes and cleanups for the 2.4 series.
For more details see the appended CHANGES extract below.
As always you can find the tarball on:
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Greetings,
Ralf S
... Sorry for the
inconviniences, but one usually cannot do anything against those situations
except to try to remove those subscribers.
Ralf S. Engelschall
[EMAIL PROTECTED
/
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
that is not
installed.
How can I verify that mod_ssl is installed properly? Does the lock
symbol on a browser really mean that things are working properly?
httpd -l (for non-DSO situation) or check for
a $prefix/libexec/libssl.so file (under DSO situation).
Ralf S
only for
mod_ssl, you've to either edit src/modules/ssl/Makefile or (the cleaner way
before configuring) src/modules/ssl/libssl.module.
Ralf S. Engelschall
[EMAIL PROTECTED
should I ask for if they don't officially support
apache+mod_ssl but will be compatible?
Ask them for the "Stronghold format"...
Ralf S. Engelschall
[EMAIL
at least say with what error it fails... ;)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache
l
instead of:
apache+ssl_path/bin/apachectl start
since SSL needs to be defined.
I think it will be very helpful to the newbies if this was
documented somewhere, perhaps the FAQ.
[...]
I've added this to the FAQ now. Thanks for the hint.
Ralf S. E
the usage of sign.sh):
``[...] a script named sign.sh is distributed with
the mod_ssl distribution (subdir pkg.contrib/) [...]''
Ralf S. Engelschall
[EMAIL PROTECTED]
into account that these
are mainly scripting modules (which are always popular), it's very interesting
that mod_ssl is already ranked such high...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
to SSL session
and client certificate parameters?
I don't know, but the client cert ingredients are available through the CGI
environment, so if mod_jserv can access this environment you should be able to
access the stuff.
Ralf S. Engelschall
s
facility others will certainly use on you
Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
can give
you a hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL
mers trust your custom CA there is no difference to a
"real third party CA". At least for SSL there is no difference. It's just what
your clients trust more.
Ralf S. Engelschall
installtion is
broken. Either take the openssl.cnf from the distribution and load it manually
via "-config file" or reinstall OpenSSL.
Ralf S. Engelschall
[EMAIL
this.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl
...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
(talk and tutorial) are available in both
HTML/JPEG and Postscript format from
http://www.modssl.org/docs/ossc1999/
Send credits to Holger and flames to me.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED
The usual amount of bugfixes per week. Nothing to worry about if you've
already 2.4.1 running. But if you've an older version running, it's now a good
time to upgrade because the 2.4 series is very stable.
Greetings,
Ralf S. Engelschall
On Mon, Sep 06, 1999, Magnus Stenman wrote:
Available at
http://www.modssl.org/contrib/
Thanks for your efforts.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
`SSLVerifyClient require') and
`RewriteRule' (to perform the redirect). But let me think about this for
longer... if someone already has a solution or idea, share it with us.
Ralf S. Engelschall
[EMAIL PROTECTED
C8, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
there _IS_ the entry in the FAQ about this and the
hint to use --enable-rule=SSL_SDBM. And when this server is a busy one you
should also consider using the shared memory based session cache by building
Apache with MM, of course.
Ralf S. Engelschall
e with new paths.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSS
the solution.
RTFM: http://www.modssl.org/docs/2.4/ssl_faq.html#ToC9
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
e to "8080" instead of "80" and run it
from a uid != 0...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
___
use a session cache and if yes, of which type, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
401 - 500 of 1055 matches
Mail list logo